【webservice】基于axis2设计带soaphead安全机制的webservice服
发布时间:2020-12-16 23:22:52 所属栏目:安全 来源:网络整理
导读:还是用axis2写的。是先有客户端,再有这个服务端,严格根据客户端的请求报文来写的哦。是否解决了“ 先有鸡还是先有蛋”的问题。。报文的话,请参照我的上一篇博文《【webservice】调试方法篇(二)》,那么,我的编程步骤是这样的。 1、新建java工程,导入a
|
还是用axis2写的。是先有客户端,再有这个服务端,严格根据客户端的请求报文来写的哦。是否解决了“ 先有鸡还是先有蛋”的问题。。报文的话,请参照我的上一篇博文《【webservice】调试方法篇(二)》,那么,我的编程步骤是这样的。 1、新建java工程,导入axis2的包、dom4j工具包。 2、根据客户端的请求报文上面soap的命名空间,为工程设计包名,因此,本工程的供外部调用类(Server类)的所在包是cn.com.ultrapower.webservice.service。 3、编辑配置文件services.xml如下: <!-- webservice配置文件 --> <service name="Prc_Service" > <description> Please Type your service description here </description> <messageReceivers> <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only" class="org.apache.axis2.rpc.receivers.RPCInOnlyMessageReceiver" /> <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out" class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/> </messageReceivers> <parameter name="ServiceClass">cn.com.ultrapower.webservice.service.Server</parameter> </service> 4、根据客户端的请求报文上面soap的请求方法,定义Server类里面的对外方法是SendXML(String requestXml,String busiKey)。根据报文可知道:<soapenv:Header>的参数是username与password,<soapenv:body>的参数是busiKey(请求的业务)与requestXml(请求的业务的查询参数,xml格式,需要dom4j分析)。 5、其他工具类设计:用于加载关于业务码busiKey的map的InitBusiKey.java, 6、其他工具类设计:用于加载user的账号密码、接口权限、接口流量等配置信息的InitUser.java, 下面提供Server类的全部代码: package cn.com.ultrapower.webservice.service;
import java.io.UnsupportedEncodingException;
import java.util.Calendar;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.soap.SOAPHeader;
import org.apache.axis2.context.MessageContext;
import org.dom4j.DocumentException;
import cn.com.ultrapower.webservice.service.conf.InitBusiKey;
import cn.com.ultrapower.webservice.service.conf.InitUser;
import cn.com.ultrapower.webservice.service.service.CRBT_Service;
import cn.com.ultrapower.webservice.service.service.ISAG_Service;
import cn.com.ultrapower.webservice.service.service.MMSC_Service;
import cn.com.ultrapower.webservice.service.service.WAPGW_Service;
public class Server{
//userFlowMap是累加用户在单位时间里对某接口的访问次数
private static Map<String,Long[]> userFlowMap = new HashMap<String,Long[]>();//String为用户名username,Long[0]为时间,Long[1]为次数
String responseCode = ""; //查询服务返回的状态码
String responseXML = ""; //查询服务返回的业务数据
/*
* @para busiKey : 业务平台标识
* @para requestXml : 查询条件的XML字符串
* 定义返回码responseCode:
001 输入参数的busiKey无效
004 请求方权限验证失败
003 查询接口达到最大并发能力
002 输入参数的requestXML无效
005 请求的查询时间超时
999 其它错误
000 服务接口处理成功
* */
public String SendXML (String requestXml,String busiKey){
try{
String serviceName = InitBusiKey.getInitBusiKey().getServiceName(busiKey);
if(serviceName!=null && !serviceName.equals("") && serviceName.length()>0){
String Username = checkAuth(serviceName);
if(Username!=null && !Username.equals("")){
if(checkFlow(Username)){
responseCode = "000"; //000:服务接口处理成功
responseXML = readRequestXml(serviceName,requestXml);
String returnData = returnData();
return returnData;
}else{
responseCode = "003"; //003:查询接口达到最大并发能力
responseXML = "";
String returnData = returnData();
return returnData;
}
}else{
responseCode = "004"; //004:请求方权限验证失败
responseXML = "";
String returnData = returnData();
return returnData;
}
}else{
responseCode = "001"; //001:输入参数的busiKey无效
responseXML = "";
String returnData = returnData();
return returnData;
}
}catch(NumberFormatException e){//002:参数string转int出错(参数requestXML无效)
e.printStackTrace();
responseCode = "002";
responseXML = "";
String returnData = returnData();
return returnData;
}catch(NullPointerException e){//002:参数为空时出错((参数requestXML无效))
e.printStackTrace();
responseCode = "002";
responseXML = "";
String returnData = returnData();
return returnData;
}catch(Exception e){
e.printStackTrace();
responseCode = "999"; //999:其它错误
responseXML = "";
String returnData = returnData();
return returnData;
}
}
private String returnData(){
StringBuffer returnData = new StringBuffer("<?xml version="1.0" encoding="UTF-8"?>");
returnData.append("<root>");
returnData.append("<responseCode>"); returnData.append(responseCode); returnData.append("</responseCode>");
returnData.append("<responseXML>"); returnData.append(responseXML); returnData.append("</responseXML>");
returnData.append("</root>");
return returnData.toString();
}
//检测用户账号及接口权限(soaphead安全机制)
private String checkAuth(String serviceName){
boolean pwIsOK = false;
boolean authIsOK = false;
String Username="",Password="",Address="",Province="";
MessageContext msgContext = MessageContext.getCurrentMessageContext();
SOAPHeader header = msgContext.getEnvelope().getHeader();
Iterator list = header.getChildren();
while (list.hasNext()){
OMElement element = (OMElement) list.next();
if (element.getLocalName().equals("Username")){
Username = element.getText();
}
if (element.getLocalName().equals("Password")){
Password = element.getText();
}
}
if(Password.equals(InitUser.getInitUser().getUser(Username).getPassword())) pwIsOK=true;
if(InitUser.getInitUser().getUser(Username).getServiceAuth().contains((","+serviceName+","))) authIsOK=true;
System.out.println("step1.checkAuth >>>>>>>>> pwIsOK:"+pwIsOK+" authIsOK:"+authIsOK);
if(pwIsOK && authIsOK) return Username;
else return "";
}
//控制用户查询频率(接口流量)
private boolean checkFlow(String Username){
boolean flowIsOK = true;
long nowTime = Calendar.getInstance().getTime().getTime();
if(userFlowMap.get(Username)==null){
Long[] userflow = {nowTime,1L}; //userflow[0]为初始时间,userflow[1]为期间访问次数
userFlowMap.put(Username,userflow);
flowIsOK = true;
}else if(nowTime>(userFlowMap.get(Username)[0]+60000)){
Long[] userflow = {nowTime,userflow);
flowIsOK = true;
}else if(userFlowMap.get(Username)[0]<=nowTime && nowTime<=(userFlowMap.get(Username)[0]+60000)){
if(userFlowMap.get(Username)[1]<InitUser.getInitUser().getUser(Username).getFlowIn1Min()){
Long[] userflow = {userFlowMap.get(Username)[0],userFlowMap.get(Username)[1]+1};//访问次数+1
userFlowMap.put(Username,userflow);
flowIsOK = true;
}else{
flowIsOK = false;
}
}
System.out.println("step2.checkFlow >>>>>>>>> flowIsOK:"+flowIsOK);
return flowIsOK;
}
//执行查询服务
private String readRequestXml(String serviceName,String requestXml) throws DocumentException,NumberFormatException,NullPointerException,UnsupportedEncodingException{
System.out.println("step3.readRequestXml >>>>>>>>> serviceName: "+serviceName);
//选择对应的service
if(serviceName.equals("WAPGW")) return new WAPGW_Service().readXML(requestXml);
if(serviceName.equals("MMSC")) return new MMSC_Service().readXML(requestXml);
if(serviceName.equals("ISAG")) return new ISAG_Service().readXML(requestXml);
if(serviceName.equals("CRBT")) return new CRBT_Service().readXML(requestXml);
else return "";
}
}
用axis2用得时间长了,自己也希望有些突破。前阵子重写了这段业务,完全放弃了axis2,直接弄了个servlet,也就是javaweb系统,小巧呢,直接扔到tomcat的webapps就能跑了,用上一篇博文《【webservice】调试方法篇(二)》上面的源码测试,是没问题的。但是,没能及时联系到客户端厂家联调了,因为,我已经申请离职了。今天是坐岗公司的最后一天,就偷闲整理了webservice的系列博文,希望能给大家带来帮助吧。入行不深,且祝群旅途愉快吧~ 转载请说明出自whilejolly:http://blog.csdn.net/seedingly/article/details/39055107 (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |