加入收藏 | 设为首页 | 会员中心 | 我要投稿 李大同 (https://www.lidatong.com.cn/)- 科技、建站、经验、云计算、5G、大数据,站长网!
当前位置: 首页 > 综合聚焦 > 服务器 > 安全 > 正文

XFire实现身份验证(基于Xfire SOAP Header的WebService安全验证)

发布时间:2020-12-16 23:09:43 所属栏目:安全 来源:网络整理
导读:[java] view plain copy 一、创建web?services?工程(XFire),和平时的一样。?? 二、加入身份验证功能?? 1 、首先编写服务端验证类,继承AbstractHandler类?? package ?test;?? import ?org.codehaus.xfire.MessageContext;?? import ?org.codehaus.xfire.han
[java] view plain copy
  1. 一、创建web?services?工程(XFire),和平时的一样。??
  2. 二、加入身份验证功能??
  3. 1、首先编写服务端验证类,继承AbstractHandler类??
  4. package?test;??
  5. import?org.codehaus.xfire.MessageContext;??
  6. import?org.codehaus.xfire.handler.AbstractHandler;??
  7. import?org.jdom.Element;??
  8. ??
  9. public?class?AuthenticationHandler?extends?AbstractHandler?{??
  10. ??
  11. public?void?invoke(MessageContext?cfx)?throws?Exception?{??
  12. ???if?(cfx.getInMessage().getHeader()?==?null)?{??
  13. ????throw?new?org.codehaus.xfire.fault.XFireFault("请求必须包含验证信息",??
  14. ??????org.codehaus.xfire.fault.XFireFault.SENDER);??
  15. ???}??
  16. ???Element?token?=?cfx.getInMessage().getHeader().getChild(??
  17. ?????"AuthenticationToken");??
  18. ???if?(token?==?null)?{??
  19. ????throw?new?org.codehaus.xfire.fault.XFireFault("请求必须包含身份验证信息",??
  20. ??????org.codehaus.xfire.fault.XFireFault.SENDER);??
  21. ???}??
  22. ??
  23. ???String?username?=?token.getChild("Username").getValue();??
  24. ???String?password?=?token.getChild("Password").getValue();??
  25. ???try?{??
  26. ????//?进行身份验证?,只有abcd@1234的用户为授权用户??
  27. ????if?(username.equals("abcd")?&&?password.equals("1234"))??
  28. ?????//?这语句不显示??
  29. ?????System.out.println("身份验证通过");??
  30. ????else??
  31. ?????throw?new?Exception();??
  32. ???}?catch?(Exception?e)?{??
  33. ????throw?new?org.codehaus.xfire.fault.XFireFault("非法的用户名和密码",??
  34. ??????org.codehaus.xfire.fault.XFireFault.SENDER);??
  35. ???}??
  36. }??
  37. }??
  38. 2、Client构造授权信息??
  39. package?test;??
  40. import?org.codehaus.xfire.MessageContext;??
  41. import?org.codehaus.xfire.handler.AbstractHandler;??
  42. import?org.jdom.Element;??
  43. ??
  44. public?class?ClientAuthenticationHandler?extends?AbstractHandler?{??
  45. ??
  46. ????private?String?username?=?null;??
  47. ??
  48. ????private?String?password?=?null;??
  49. ??
  50. ????public?ClientAuthenticationHandler()?{???
  51. ????}??
  52. ??
  53. ????public?ClientAuthenticationHandler(String?username,String?password)?{???
  54. ????this.username?=?username;???
  55. ????????this.password?=?password;??
  56. ????}??
  57. ??
  58. ????public?void?setUsername(String?username)?{???
  59. ????????this.username?=?username;???
  60. ????}??
  61. ??
  62. ????public?void?setPassword(String?password)?{???
  63. ????????this.password?=?password;???
  64. ????}??
  65. ??
  66. ????public?void?invoke(MessageContext?context)?throws?Exception?{??
  67. ??
  68. ????????//为SOAP?Header构造验证信息??
  69. ????????Element?el?=?new?Element("header");???
  70. ????????context.getOutMessage().setHeader(el);???
  71. ????????Element?auth?=?new?Element("AuthenticationToken");???
  72. ????????Element?username_el?=?new?Element("Username");???
  73. ????????username_el.addContent(username);???
  74. ????????Element?password_el?=?new?Element("Password");???
  75. ????????password_el.addContent(password);???
  76. ????????auth.addContent(username_el);???
  77. ????????auth.addContent(password_el);???
  78. ????????el.addContent(auth);???
  79. ????}???
  80. }??
  81. 3、修改services.xml为web?services绑定Handler??
  82. <?xml?version="1.0"?encoding="UTF-8"?>??
  83. <beans?xmlns="http://xfire.codehaus.org/config/1.0">??
  84. <service?xmlns="http://xfire.codehaus.org/config/1.0">??
  85. ???<name>Hello</name>??
  86. ???<namespace>http://test/HelloService</namespace>??
  87. ???<serviceClass>test.IHello</serviceClass>??
  88. ???<implementationClass>test.HelloImpl</implementationClass>??
  89. ???<inHandlers>???
  90. ???<handler?handlerClass?="test.AuthenticationHandler"?></handler?>???
  91. ???</inHandlers>??
  92. ???<style>wrapped</style>??
  93. ???<use>literal</use>??
  94. ???<scope>application</scope>??
  95. </service>??
  96. </beans>??
  97. 4、新建一个类ClientTest,用来测试??
  98. package?test;??
  99. import?java.lang.reflect.Proxy;??
  100. import?java.net.MalformedURLException;??
  101. import?org.codehaus.xfire.client.*;??
  102. import?org.codehaus.xfire.service.Service;??
  103. import?org.codehaus.xfire.service.binding.ObjectServiceFactory;??
  104. ??
  105. public?class?ClientTest?{??
  106. ??
  107. /**?
  108. *?@param?args?
  109. */??
  110. public?static?void?main(String[]?args)?{??
  111. ???//?TODO?Auto-generated?method?stub??
  112. ???try?{??
  113. ????Service?serviceModel?=?new?ObjectServiceFactory().create(IHello.class);??
  114. ????IHello?service?=?(IHello)?new?XFireProxyFactory().create(serviceModel,??
  115. ????????"http://dracom-d1514b82:8080/web_services3/services/Hello");?????
  116. ????XFireProxy?proxy?=?(XFireProxy)Proxy.getInvocationHandler(service);??
  117. ????Client?client?=?proxy.getClient();??
  118. ????//发送授权信息??
  119. ????client.addOutHandler(new?ClientAuthenticationHandler("abcd","1234"));??
  120. ????//输出调用web?services方法的返回信息??
  121. ????System.out.println(service.getMessage("你好aaa"));??
  122. ???}?catch?(MalformedURLException?e)?{??
  123. ????//?TODO?Auto-generated?catch?block??
  124. ????e.printStackTrace();??
  125. ???}?catch?(IllegalArgumentException?e)?{??
  126. ????//?TODO?Auto-generated?catch?block??
  127. ????e.printStackTrace();??
  128. ???}??
  129. }??
  130. }??
  131. 三、这样我们就完成了编码,下面启动web?services,运行客户端代码,本文为abcd@1234位授权用户,??
  132. 使用abcd@1234,可以正常访问web?services,如果用错误帐号,则会有以下异常:??
  133. Exception?in?thread?"main"?org.codehaus.xfire.XFireRuntimeException:?Could?not?invoke?service..?Nested?exception?is?org.codehaus.xfire.fault.XFireFault:?非法的用户名和密码??
  134. org.codehaus.xfire.fault.XFireFault:?非法的用户名和密码??
  135. at?org.codehaus.xfire.fault.Soap11FaultSerializer.readMessage(Soap11FaultSerializer.java:31)??
  136. at?org.codehaus.xfire.fault.SoapFaultSerializer.readMessage(SoapFaultSerializer.java:28)??
  137. at?org.codehaus.xfire.soap.handler.ReadHeadersHandler.checkForFault(ReadHeadersHandler.java:111)??
  138. at?org.codehaus.xfire.soap.handler.ReadHeadersHandler.invoke(ReadHeadersHandler.java:67)??
  139. at?org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)??
  140. at?org.codehaus.xfire.client.Client.onReceive(Client.java:406)??
  141. at?org.codehaus.xfire.transport.http.HttpChannel.sendViaClient(HttpChannel.java:139)??
  142. at?org.codehaus.xfire.transport.http.HttpChannel.send(HttpChannel.java:48)??
  143. at?org.codehaus.xfire.handler.OutMessageSender.invoke(OutMessageSender.java:26)??
  144. at?org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)??
  145. at?org.codehaus.xfire.client.Invocation.invoke(Invocation.java:79)??
  146. at?org.codehaus.xfire.client.Invocation.invoke(Invocation.java:114)??
  147. at?org.codehaus.xfire.client.Client.invoke(Client.java:336)??
  148. at?org.codehaus.xfire.client.XFireProxy.handleRequest(XFireProxy.java:77)??
  149. at?org.codehaus.xfire.client.XFireProxy.invoke(XFireProxy.java:57)??
  150. at?$Proxy0.getMessage(Unknown?Source)??
  151. at?test.ClientTest.main(ClientTest.java:24)??
  152. ??
  153. 如果不在CientTest加以下Heade则会有以下异常:??
  154. ????XFireProxy?proxy?=?(XFireProxy)Proxy.getInvocationHandler(service);??
  155. ????Client?client?=?proxy.getClient();??
  156. ????//发送授权信息??
  157. ????client.addOutHandler(new?ClientAuthenticationHandler("abcd1","1234"));??
  158. ??
  159. 信息:?Fault?occurred!??
  160. org.codehaus.xfire.fault.XFireFault:?请求必须包含验证信息??
  161. at?test.AuthenticationHandler.invoke(AuthenticationHandler.java:11)??
  162. at?org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)??
  163. at?org.codehaus.xfire.transport.DefaultEndpoint.onReceive(DefaultEndpoint.java:64)??
  164. at?org.codehaus.xfire.transport.AbstractChannel.receive(AbstractChannel.java:38)??
  165. at?org.codehaus.xfire.transport.http.XFireServletController.invoke(XFireServletController.java:304)??
  166. at?org.codehaus.xfire.transport.http.XFireServletController.doService(XFireServletController.java:129)??
  167. at?org.codehaus.xfire.transport.http.XFireServlet.doPost(XFireServlet.java:116)??
  168. at?javax.servlet.http.HttpServlet.service(HttpServlet.java:710)??
  169. at?javax.servlet.http.HttpServlet.service(HttpServlet.java:803)??
  170. at?org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)??
  171. at?org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)??
  172. at?org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)??
  173. at?org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)??
  174. at?org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)??
  175. at?org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)??
  176. at?org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)??
  177. at?org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)??
  178. at?org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)??
  179. at?org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)??
  180. at?org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)??
  181. at?java.lang.Thread.run(Thread.java:619)??

原文链接:http://www.josdoc.com/html/Webkaifa/XFire/shenruyanjiu/200904/29-314.html

相关文章:http://hi.baidu.com/dd_taiyangxue/blog/item/f133623e6796b9ce7d1e71af.html

http://javaoldboy.iteye.com/blog/306510

(编辑:李大同)

【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容!
    相关内容
      推荐文章
        站长推荐
        热点阅读

          【免责声明】本站内容转载自互联网,其发布内容言论不代表本站观点,如果其链接、内容的侵犯您的权益,烦请提交相关链接至邮箱bqsm@foxmail.com我们将及时予以处理。

          建议您使用1920×1080分辨率、谷歌浏览器Google Chrome、Microsoft Edge以获得本站的最佳浏览效果

          Copygight © 2008-2022 https://www.lidatong.com.cn/ All Rights Reserved. 李大同