webservice的header详解
发布时间:2020-12-17 00:21:31 所属栏目:安全 来源:网络整理
导读:该webservice是用java axis2做服务端,flex as3做客户端。 一、利用抓包工具抓的请求包如下: POST /axis2/services/ScService.ScServiceSOAP/ HTTP/1.1Referer: app:/MultimediaDispatch.swfAccept: text/xml,application/xml,application/xhtml+xml,text/h
该webservice是用java axis2做服务端,flex as3做客户端。 一、利用抓包工具抓的请求包如下: POST /axis2/services/ScService.ScServiceSOAP/ HTTP/1.1 Referer: app:/MultimediaDispatch.swf Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,text/css,image/png,image/jpeg,image/gif;q=0.8,application/x-shockwave-flash,video/mp4;q=0.9,flv-application/octet-stream;q=0.8,video/x-flv;q=0.7,audio/mp4,application/futuresplash,*/*;q=0.5 x-flash-version: 11,1,100,27 Content-Type: text/xml; charset=utf-8 SOAPAction: "http://www.showclear.cn/ScService/OrgGroupQuery" Content-Length: 492 Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows; U; zh-CN) AppleWebKit/533.19.4 (KHTML,like Gecko) AdobeAIR/3.1 Host: 192.168.2.172:8080 Connection: Keep-Alive <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <SOAP-ENV:Header> <AuthHeader> <password>1</password> <username>admin</username> </AuthHeader> </SOAP-ENV:Header> <SOAP-ENV:Body> <tns:CommonReq xmlns:tns="http://www.showclear.cn/ScService/"> <sessionId>1</sessionId> </tns:CommonReq> </SOAP-ENV:Body> </SOAP-ENV:Envelope> 二、java服务端的处理 ScServiceSkeleton子类重写实现方法: @Override public OrgGroupQueryResp orgGroupQuery(CommonReq commonReq) { OrgGroupQueryResp resp = new OrgGroupQueryResp(); if (!AuthChecker.isAuth()) { resp.setReturnCode(ReturnCode.AUTH_FAIL.getValueS()); resp.setTotal(0); } else { Managers.getDbManager().getOrgDao().queryOrgGroup(resp); } return resp; } 权限检测类: public class AuthChecker { private static final Logger log = Logger.getLogger(AuthChecker.class); @SuppressWarnings("rawtypes") public static boolean isAuth() { boolean result = true; try { MessageContext msgContext = MessageContext.getCurrentMessageContext(); OMElement element = msgContext.getEnvelope().getHeader().getFirstElement(); Iterator list = (Iterator) msgContext.getEnvelope().getHeader().getFirstElement().getChildElements(); String username = ""; String password = ""; while (list.hasNext()) { element = (OMElement) list.next(); if (element.getLocalName().equalsIgnoreCase("username")) { username = element.getText(); } else if (element.getLocalName().equalsIgnoreCase("password")) { password = element.getText(); } } log.info("username=" + username + ",password=" + password); if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) result = false; } catch(Exception e) { log.error("AuthChecker error",e); result = false; } return result; } } 三、Flex as3客户端请求 private var ws:WebService; ws = new WebService(); ws.wsdl = "http://192.168.2.172:8080/axis2/services/ScService?wsdl"; ws.loadWSDL(); ws.addEventListener(FaultEvent.FAULT,faultHandler); ws.addHeader(new AuthHeader("admin","1")); public function queryOrgGroup():void { ws.addEventListener(ResultEvent.RESULT,resultOrgGroup); // ws.getOperation("OrgGroupQuery").send("1"); ws.OrgGroupQuery("1"); } private function resultOrgGroup(event:ResultEvent):void { var returnCode:String = event.result.returnCode; var total:int = event.result.total; if (total != 0) { var groups:ArrayCollection = event.result.groups; var size:int = groups.length; var dept:OrgDepartment; for (var i:int=0; i<size; i++) { dept = OrgDepartment.build(groups.getItemAt(i)); trace(dept.toString()); Managers.getOrgManager().addDept(dept); } } ws.removeEventListener(ResultEvent.RESULT,resultOrgGroup); queryOrgMember(); } AuthHeader类 import mx.rpc.soap.SOAPHeader; public class AuthHeader extends SOAPHeader { public function AuthHeader(username:String,password:String){ var content:Object = new Object(); content.username = username; content.password = password; var qn:QName = new QName("","AuthHeader"); super(qn,content); } } (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |