加入收藏 | 设为首页 | 会员中心 | 我要投稿 李大同 (https://www.lidatong.com.cn/)- 科技、建站、经验、云计算、5G、大数据,站长网!
当前位置: 首页 > 综合聚焦 > 服务器 > 安全 > 正文

XFire实现身份验证(基于Xfire SOAP Header的WebService安全验证)

发布时间:2020-12-16 23:38:12 所属栏目:安全 来源:网络整理
导读:[java] ? view plain copy 一、创建web?services?工程(XFire),和平时的一样。?? 二、加入身份验证功能?? 1 、首先编写服务端验证类,继承AbstractHandler类?? package ?test;?? import ?org.codehaus.xfire.MessageContext;?? import ?org.codehaus.xfire.h
[java]? view plain copy
  1. 一、创建web?services?工程(XFire),和平时的一样。??
  2. 二、加入身份验证功能??
  3. 1、首先编写服务端验证类,继承AbstractHandler类??
  4. package?test;??
  5. import?org.codehaus.xfire.MessageContext;??
  6. import?org.codehaus.xfire.handler.AbstractHandler;??
  7. import?org.jdom.Element;??
  8. ??
  9. public?class?AuthenticationHandler?extends?AbstractHandler?{??
  10. void?invoke(MessageContext?cfx)?throws?Exception?{??
  11. ???if?(cfx.getInMessage().getHeader()?==?null)?{??
  12. ????throw?new?org.codehaus.xfire.fault.XFireFault("请求必须包含验证信息",??
  13. ??????org.codehaus.xfire.fault.XFireFault.SENDER);??
  14. ???}??
  15. ???Element?token?=?cfx.getInMessage().getHeader().getChild(??
  16. ?????"AuthenticationToken");??
  17. if?(token?==?new?org.codehaus.xfire.fault.XFireFault("请求必须包含身份验证信息",108); list-style:decimal-leading-zero outside; color:inherit; line-height:18px; margin:0px!important; padding:0px 3px 0px 10px!important"> ???String?username?=?token.getChild("Username").getValue();??
  18. ???String?password?=?token.getChild("Password").getValue();??
  19. ???try?{??
  20. ????//?进行身份验证?,只有abcd@1234的用户为授权用户??
  21. if?(username.equals("abcd")?&&?password.equals("1234"))??
  22. ?????//?这语句不显示??
  23. ?????System.out.println("身份验证通过");??
  24. ????else??
  25. ?????new?Exception();??
  26. ???}?catch?(Exception?e)?{??
  27. new?org.codehaus.xfire.fault.XFireFault("非法的用户名和密码",248); line-height:18px; margin:0px!important; padding:0px 3px 0px 10px!important"> }??
  28. }??
  29. 2、Client构造授权信息??
  30. package?test;??
  31. import?org.codehaus.xfire.MessageContext;??
  32. import?org.codehaus.xfire.handler.AbstractHandler;??
  33. import?org.jdom.Element;??
  34. ??
  35. class?ClientAuthenticationHandler?extends?AbstractHandler?{??
  36. private?String?username?=?null;??
  37. private?String?password?=?public?ClientAuthenticationHandler()?{???
  38. ????}??
  39. public?ClientAuthenticationHandler(String?username,String?password)?{???
  40. this.username?=?username;???
  41. ????????this.password?=?password;??
  42. ????}??
  43. void?setUsername(String?username)?{???
  44. this.username?=?username;???
  45. void?setPassword(String?password)?{???
  46. this.password?=?password;???
  47. void?invoke(MessageContext?context)?throws?Exception?{??
  48. ????????//为SOAP?Header构造验证信息??
  49. ????????Element?el?=?new?Element("header");???
  50. ????????context.getOutMessage().setHeader(el);???
  51. ????????Element?auth?=?new?Element("AuthenticationToken");???
  52. ????????Element?username_el?=?new?Element("Username");???
  53. ????????username_el.addContent(username);???
  54. ????????Element?password_el?=?new?Element("Password");???
  55. ????????password_el.addContent(password);???
  56. ????????auth.addContent(username_el);???
  57. ????????auth.addContent(password_el);???
  58. ????????el.addContent(auth);???
  59. ????}???
  60. 3、修改services.xml为web?services绑定Handler??
  61. <?xml?version="1.0"?encoding="UTF-8"?>??
  62. <beans?xmlns="http://xfire.codehaus.org/config/1.0">??
  63. <service?xmlns="http://xfire.codehaus.org/config/1.0">??
  64. ???<name>Hello</name>??
  65. ???<namespace>http://test/HelloService</namespace>??
  66. ???<serviceClass>test.IHello</serviceClass>??
  67. ???<implementationClass>test.HelloImpl</implementationClass>??
  68. ???<inHandlers>???
  69. ???<handler?handlerClass?="test.AuthenticationHandler"?></handler?>???
  70. ???</inHandlers>??
  71. ???<style>wrapped</style>??
  72. ???<use>literal</use>??
  73. ???<scope>application</scope>??
  74. </service>??
  75. </beans>??
  76. 4、新建一个类ClientTest,用来测试??
  77. import?java.lang.reflect.Proxy;??
  78. import?java.net.MalformedURLException;??
  79. import?org.codehaus.xfire.client.*;??
  80. import?org.codehaus.xfire.service.Service;??
  81. import?org.codehaus.xfire.service.binding.ObjectServiceFactory;??
  82. class?ClientTest?{??
  83. /**?
  84. *?@param?args?
  85. */??
  86. static?void?main(String[]?args)?{??
  87. ???//?TODO?Auto-generated?method?stub??
  88. try?{??
  89. ????Service?serviceModel?=?new?ObjectServiceFactory().create(IHello.class);??
  90. ????IHello?service?=?(IHello)?new?XFireProxyFactory().create(serviceModel,??
  91. ????????"http://dracom-d1514b82:8080/web_services3/services/Hello");?????
  92. ????XFireProxy?proxy?=?(XFireProxy)Proxy.getInvocationHandler(service);??
  93. ????Client?client?=?proxy.getClient();??
  94. //发送授权信息??
  95. ????client.addOutHandler(new?ClientAuthenticationHandler("abcd","1234"));??
  96. //输出调用web?services方法的返回信息??
  97. ????System.out.println(service.getMessage("你好aaa"));??
  98. catch?(MalformedURLException?e)?{??
  99. ????//?TODO?Auto-generated?catch?block??
  100. ????e.printStackTrace();??
  101. ???}?catch?(IllegalArgumentException?e)?{??
  102. //?TODO?Auto-generated?catch?block??
  103. ????e.printStackTrace();??
  104. ???}??
  105. 三、这样我们就完成了编码,下面启动web?services,运行客户端代码,本文为abcd@1234位授权用户,??
  106. 使用abcd@1234,可以正常访问web?services,如果用错误帐号,则会有以下异常:??
  107. Exception?in?thread?"main"?org.codehaus.xfire.XFireRuntimeException:?Could?not?invoke?service..?Nested?exception?is?org.codehaus.xfire.fault.XFireFault:?非法的用户名和密码??
  108. org.codehaus.xfire.fault.XFireFault:?非法的用户名和密码??
  109. at?org.codehaus.xfire.fault.Soap11FaultSerializer.readMessage(Soap11FaultSerializer.java:31)??
  110. at?org.codehaus.xfire.fault.SoapFaultSerializer.readMessage(SoapFaultSerializer.java:28)??
  111. at?org.codehaus.xfire.soap.handler.ReadHeadersHandler.checkForFault(ReadHeadersHandler.java:111)??
  112. at?org.codehaus.xfire.soap.handler.ReadHeadersHandler.invoke(ReadHeadersHandler.java:67)??
  113. at?org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)??
  114. at?org.codehaus.xfire.client.Client.onReceive(Client.java:406)??
  115. at?org.codehaus.xfire.transport.http.HttpChannel.sendViaClient(HttpChannel.java:139)??
  116. at?org.codehaus.xfire.transport.http.HttpChannel.send(HttpChannel.java:48)??
  117. at?org.codehaus.xfire.handler.OutMessageSender.invoke(OutMessageSender.java:26)??
  118. at?org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)??
  119. at?org.codehaus.xfire.client.Invocation.invoke(Invocation.java:79)??
  120. at?org.codehaus.xfire.client.Invocation.invoke(Invocation.java:114)??
  121. at?org.codehaus.xfire.client.Client.invoke(Client.java:336)??
  122. at?org.codehaus.xfire.client.XFireProxy.handleRequest(XFireProxy.java:77)??
  123. at?org.codehaus.xfire.client.XFireProxy.invoke(XFireProxy.java:57)??
  124. at?$Proxy0.getMessage(Unknown?Source)??
  125. at?test.ClientTest.main(ClientTest.java:24)??
  126. 如果不在CientTest加以下Heade则会有以下异常:??
  127. new?ClientAuthenticationHandler("abcd1",108); list-style:decimal-leading-zero outside; color:inherit; line-height:18px; margin:0px!important; padding:0px 3px 0px 10px!important"> 信息:?Fault?occurred!??
  128. org.codehaus.xfire.fault.XFireFault:?请求必须包含验证信息??
  129. at?test.AuthenticationHandler.invoke(AuthenticationHandler.java:11)??
  130. at?org.codehaus.xfire.transport.DefaultEndpoint.onReceive(DefaultEndpoint.java:64)??
  131. at?org.codehaus.xfire.transport.AbstractChannel.receive(AbstractChannel.java:38)??
  132. at?org.codehaus.xfire.transport.http.XFireServletController.invoke(XFireServletController.java:304)??
  133. at?org.codehaus.xfire.transport.http.XFireServletController.doService(XFireServletController.java:129)??
  134. at?org.codehaus.xfire.transport.http.XFireServlet.doPost(XFireServlet.java:116)??
  135. at?javax.servlet.http.HttpServlet.service(HttpServlet.java:710)??
  136. at?javax.servlet.http.HttpServlet.service(HttpServlet.java:803)??
  137. at?org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)??
  138. at?org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)??
  139. at?org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)??
  140. at?org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)??
  141. at?org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)??
  142. at?org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)??
  143. at?org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)??
  144. at?org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)??
  145. at?org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)??
  146. at?org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)??
  147. at?org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)??
  148. at?java.lang.Thread.run(Thread.java:619)??

原文链接:http://www.josdoc.com/html/Webkaifa/XFire/shenruyanjiu/200904/29-314.html

相关文章:http://hi.baidu.com/dd_taiyangxue/blog/item/f133623e6796b9ce7d1e71af.html

http://javaoldboy.iteye.com/blog/306510

(编辑:李大同)

【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容!
    相关内容
      推荐文章
        站长推荐
        热点阅读

          【免责声明】本站内容转载自互联网,其发布内容言论不代表本站观点,如果其链接、内容的侵犯您的权益,烦请提交相关链接至邮箱bqsm@foxmail.com我们将及时予以处理。

          建议您使用1920×1080分辨率、谷歌浏览器Google Chrome、Microsoft Edge以获得本站的最佳浏览效果

          Copygight © 2008-2022 https://www.lidatong.com.cn/ All Rights Reserved. 李大同