?
1.Handler和Servlet中的filter极为相似,我们可以对所有WebServicer进行拦截,在这个Handler中我们可以记录日志、
?? 权限控制、对请求的SOAP消息进行加密,解密等。CXF也有Interceptor,不知道有什么区别,后面会学习
?
2.接口javax.xml.ws.handler.Handler和javax.xml.ws.handler.soap.SOAPHandler
??定义自己Handler需要实现两个Handler其中一个SOAPHandler是Handler的子接口
??Handler的三个方法
?
?
?
void
?
?
?close(MessageContext?context)
?:一个webService调用结束时会调用,通常会做释放资源的操作
?? ? ? ? ?
?
??boolean?
?
handleFault(C?context)
?:当handlerMessage发生异常时,会调用
?? ? ? ? ?
?
?boolean
?
?handleMessage(C?context):调用webService inbound和outbound时都会调用,一次webService调用,
?? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 会调用该方法两次
?
?
?
3.实现一个用户身份验证的Handler来说明Handler使用
?? 3.1定义我们自己Handler
?? ? ? ?public class AuthValidationHandler implements SOAPHandler<SOAPMessageContext> {
- ????public?Set<QName>?getHeaders()?{ ??
-
??????????
-
????????return?null; ??
- ????} ??
- ??
-
????public?void?close(MessageContext?context)?{ ??
- ???????? ??
- ????} ??
- ??
-
????public?boolean?handleFault(SOAPMessageContext?context)?{ ??
-
????????return?false; ??
- ????} ??
- ??
-
????public?boolean?handleMessage(SOAPMessageContext?context)?{ ??
- ???????? ??
- ????????HttpServletRequest?request?=?(HttpServletRequest)context.get(AbstractHTTPDestination.HTTP_REQUEST); ??
- ???????? ??
-
????????System.out.println("客户端IP:"+request.getRemoteAddr()); ??
- ???????? ??
- ????????Boolean?outbound?=?(Boolean)context.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);? ??
- ??
-
??????????if?(!outbound.booleanValue())? ??
- ??????????{ ??
- ??????????????SOAPMessage?soapMessage?=?context.getMessage(); ??
- ?????????????? ??
-
??????????????try?{ ??
- ????????????????SOAPEnvelope?soapEnvelope?=?soapMessage.getSOAPPart().getEnvelope(); ??
- ????????????????SOAPHeader?soapHeader?=?soapEnvelope.getHeader(); ??
- ???????????????? ??
-
????????????????if(soapHeader?==?null)generateSoapFault(soapMessage,?"No?Message?Header..."); ??
- ???????????????? ??
- ????????????????Iterator?it?=?soapHeader.extractHeaderElements(SOAPConstants.URI_SOAP_1_2_ROLE_NEXT); ??
- ???????????????? ??
-
????????????????if(it?==?null?||?!it.hasNext())generateSoapFault(soapMessage,?"No?Header?block?for?role?next"); ??
- ???????????????? ??
- ????????????????Node?node?=?(Node)it.next(); ??
- ???????????????? ??
-
????????????????String?value?=?node?==?null???null?:?node.getValue(); ??
- ???????????????? ??
-
????????????????if(value?==?null)generateSoapFault(soapMessage,?"No?authation?info?in?header?blocks"); ??
- ???????????????? ??
-
????????????????String[]?infos?=?value.split("&"); ??
- ???????????????? ??
-
????????????????return?authValidate(infos[0],?infos[1]); ??
- ???????????????? ??
- ???????????????? ??
-
????????????}?catch?(SOAPException?e)?{ ??
- ????????????????e.printStackTrace(); ??
- ????????????} ??
- ?????????????? ??
- ??????????} ??
- ??
- ?????????? ??
-
????????return?false; ??
- ????} ??
- ???? ??
- ???? ??
-
????private?boolean?authValidate(String?userName,String?password){ ??
-
????????if(userName?==?null?||?password?==?null){ ??
-
????????????return?false; ??
- ????????} ??
- ???????? ??
-
????????if("admin".equals(userName)?&&?"admin".equals(password)){ ??
-
????????????return?true; ??
- ????????} ??
-
????????return?false; ??
- ????} ??
- ???? ??
-
????private?void?generateSoapFault(SOAPMessage?soapMessage,String?reasion){ ??
-
????????try?{ ??
- ????????????SOAPBody?soapBody?=?soapMessage.getSOAPBody(); ??
- ????????????SOAPFault?soapFault?=?soapBody.getFault(); ??
- ???????????? ??
-
????????????if(soapFault?==?null){ ??
- ????????????????soapFault?=?soapBody.addFault(); ??
- ????????????} ??
- ???????????? ??
- ????????????soapFault.setFaultString(reasion); ??
- ???????????? ??
-
????????????throw?new?SOAPFaultException(soapFault); ??
- ???????????? ??
-
????????}?catch?(SOAPException?e)?{ ??
-
??????????????
- ????????????e.printStackTrace(); ??
- ????????} ??
- ????} ??
- ??
- ???? ??
- }??
public Set<QName> getHeaders() {
// TODO Auto-generated method stub
return null;
}
public void close(MessageContext context) {
}
public boolean handleFault(SOAPMessageContext context) {
return false;
}
public boolean handleMessage(SOAPMessageContext context) {
HttpServletRequest request = (HttpServletRequest)context.get(AbstractHTTPDestination.HTTP_REQUEST);
System.out.println("客户端IP:"+request.getRemoteAddr());
Boolean outbound = (Boolean)context.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
if (!outbound.booleanValue())
{
SOAPMessage soapMessage = context.getMessage();
try {
SOAPEnvelope soapEnvelope = soapMessage.getSOAPPart().getEnvelope();
SOAPHeader soapHeader = soapEnvelope.getHeader();
if(soapHeader == null)generateSoapFault(soapMessage,"No Message Header...");
Iterator it = soapHeader.extractHeaderElements(SOAPConstants.URI_SOAP_1_2_ROLE_NEXT);
if(it == null || !it.hasNext())generateSoapFault(soapMessage,"No Header block for role next");
Node node = (Node)it.next();
String value = node == null ? null : node.getValue();
if(value == null)generateSoapFault(soapMessage,"No authation info in header blocks");
String[] infos = value.split("&");
return authValidate(infos[0],infos[1]);
} catch (SOAPException e) {
e.printStackTrace();
}
}
return false;
}
private boolean authValidate(String userName,String password){
if(userName == null || password == null){
return false;
}
if("admin".equals(userName) && "admin".equals(password)){
return true;
}
return false;
}
private void generateSoapFault(SOAPMessage soapMessage,String reasion){
try {
SOAPBody soapBody = soapMessage.getSOAPBody();
SOAPFault soapFault = soapBody.getFault();
if(soapFault == null){
soapFault = soapBody.addFault();
}
soapFault.setFaultString(reasion);
throw new SOAPFaultException(soapFault);
} catch (SOAPException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
???HttpServletRequest request = (HttpServletRequest)context.get(AbstractHTTPDestination.HTTP_REQUEST);
?? 可以获取request对象,从而拿到客户端Ip,可以进行非法地址ip排除
?
??Boolean outbound = (Boolean)context.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
??判断当前是Inbound还是outbound
??只在inbound时做用户校验
?
??我们将用户相信放在soapheader里
?
?? 3.2在SEI实现类UserServiceImpl上添加@HandlerChain(file = "handlers.xml")
?
?? 3.3在UserServiceImpl所在包下编写handlers.xml
?? ? ??<handler-chains xmlns="http://java.sun.com/xml/ns/javaee"
- ????????????????xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"? ??
-
????????????????xsi:schemaLocation="http://java.sun.com/xml/ns/javaee">??
-
??<handler-chain>??
- ??
-
????<handler>??
-
??????<handler-name>authHandler</handler-name>??
-
??????<handler-class>com.cxf.users.AuthValidationHandler</handler-class>??
-
????</handler>??
-
??</handler-chain>??
-
</handler-chains>??
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee">
<handler-chain>
<handler>
<handler-name>authHandler</handler-name>
<handler-class>com.cxf.users.AuthValidationHandler</handler-class>
</handler>
</handler-chain>
</handler-chains>
?
??这样我们服务端就编写好了,我们还有在客户端将我们用户信息加到soapHeader中
?
4.客户端将我们用户信息加到soapHeader中
?? 4.1客户端Handler
?? ? ? ?public class AuthenticationHandler implements SOAPHandler<SOAPMessageContext> {
- ????public?Set<QName>?getHeaders()?{ ??
-
??????????
-
????????return?null; ??
- ????} ??
- ??
-
????public?void?close(MessageContext?arg0)?{ ??
-
??????????
- ???????? ??
- ????} ??
- ??
-
????public?boolean?handleFault(SOAPMessageContext?arg0)?{ ??
-
??????????
-
????????return?false; ??
- ????} ??
- ??
-
????public?boolean?handleMessage(SOAPMessageContext?ctx)?{ ??
- ????????Boolean?request_p=(Boolean)ctx.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY); ??
- ???????? ??
-
???????if(request_p){ ??
-
???????????try?{? ??
- ??????????????SOAPMessage?msg=ctx.getMessage(); ??
- ??????????????SOAPEnvelope?env=msg.getSOAPPart().getEnvelope(); ??
- ??????????????SOAPHeader?hdr=env.getHeader(); ??
- ?????????????? ??
-
??????????????if(hdr==null)hdr=env.addHeader(); ??
- ?????????? ??
-
????????????????
-
??????????????QName?qname_user=new?QName("http://com/auth/","auth"); ??
- ??????????????SOAPHeaderElement?helem_user=hdr.addHeaderElement(qname_user); ??
- ??????????????helem_user.setActor(SOAPConstants.URI_SOAP_1_2_ROLE_NEXT); ??
-
??????????????helem_user.addTextNode("admin&admin"); ??
- ??????????????msg.saveChanges(); ??
-
?????????????? ??
- ??????????????msg.writeTo(System.out); ??
-
??????????????return?true; ??
-
???????????}?catch?(Exception?e)?{ ??
- ??????????????e.printStackTrace(); ??
- ???????????} ??
- ???????} ??
-
???????????return?false; ??
- ????} ??
- ??
- ???? ??
- }??
public Set<QName> getHeaders() {
// TODO Auto-generated method stub
return null;
}
public void close(MessageContext arg0) {
// TODO Auto-generated method stub
}
public boolean handleFault(SOAPMessageContext arg0) {
// TODO Auto-generated method stub
return false;
}
public boolean handleMessage(SOAPMessageContext ctx) {
Boolean request_p=(Boolean)ctx.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
if(request_p){
try {
SOAPMessage msg=ctx.getMessage();
SOAPEnvelope env=msg.getSOAPPart().getEnvelope();
SOAPHeader hdr=env.getHeader();
if(hdr==null)hdr=env.addHeader();
//添加认证信息
QName qname_user=new QName("http://com/auth/","auth");
SOAPHeaderElement helem_user=hdr.addHeaderElement(qname_user);
helem_user.setActor(SOAPConstants.URI_SOAP_1_2_ROLE_NEXT);
helem_user.addTextNode("admin&admin");
msg.saveChanges();
//把SOAP消息输出到System.out,即控制台
msg.writeTo(System.out);
return true;
} catch (Exception e) {
e.printStackTrace();
}
}
return false;
}
}
?
??4.2将Handler加到HandlerResolver中
?? ? ?public class UserClient {
- ?????
- ?
- ??
-
????public?static?void?main(String[]?args)?{ ??
-
????????UserServiceImplService?userServiceImpl?=?new?UserServiceImplService(); ??
- ???????? ??
-
????????userServiceImpl.setHandlerResolver(new?HandlerResolver(){ ??
- ??
-
????????????public?List<Handler>?getHandlerChain(PortInfo?arg0)?{ ??
- ???????????????? ??
-
????????????????List<Handler>?handlerList?=?new?ArrayList<Handler>(); ??
-
??????????????????
-
????????????????handlerList.add(new?AuthenticationHandler()); ??
-
??????????????????return?handlerList; ??
- ????????????} ??
- ???????????? ??
- ????????}); ??
- ???????? ??
- ???????? ??
- ????????IUserService?service?=?userServiceImpl.getUserServiceImplPort(); ??
- ???????? ??
- ???????? ??
-
????????User?u?=?new?User(); ??
-
????????u.setId(110); ??
-
????????u.setUserName("张三"); ??
-
????????u.setAddress("杭州"); ??
-
????????u.setSex(0); ??
- ????????System.out.println(); ??
- ????????System.out.println(service.addUser(u)); ??
- ???????? ??
- ????} ??
- ??
- }??
/**
* @param args
*/
public static void main(String[] args) {
UserServiceImplService userServiceImpl = new UserServiceImplService();
userServiceImpl.setHandlerResolver(new HandlerResolver(){
public List<Handler> getHandlerChain(PortInfo arg0) {
List<Handler> handlerList = new ArrayList<Handler>();
//添加认证信息
handlerList.add(new AuthenticationHandler());
return handlerList;
}
});
IUserService service = userServiceImpl.getUserServiceImplPort();
User u = new User();
u.setId(110);
u.setUserName("张三");
u.setAddress("杭州");
u.setSex(0);
System.out.println();
System.out.println(service.addUser(u));
}
}
?
?? 这样验证就做好了