WebServices的认证处理

WebServices的认证处理有两种方式：

?

一. HTTP身份认证:在web服务器中指定可访问IP,或在防火墙中设置IP访问策略,也可以在web服务器中配置验证程序进行身份认证.

二. SOAP Header中进行身份验证，采用JSR181标注的方式进行身份验证，具体步骤如下：

????? a) 服务端编写验证类，继承AbstractHandler，代码如下：

public class SecurityHandler extends AbstractHandler { public void invoke(MessageContext context) throws Exception { Element headerE = context.getInMessage().getHeader(); if (headerE == null) { throw new Exception("本服务需要收费，请联系QQ:3333333"); } String username = headerE.getChild("username").getText(); String password = headerE.getChildText("password"); if(username==null||"".equals(username)){ throw new Exception("请提供用户名"); } if(password==null||"".equals(password)){ throw new Exception("请提供密码"); } if(username.equals("jn0909")){ if(password.equals("jn0909")){ }else{ throw new Exception("密码错误"); } }else{ throw new Exception("用户名错误"); } } }

????? b) services.xml配置如下：

?????? <service> <name>Hello</name> <serviceClass>com.softfz.IHello</serviceClass> <implementationClass>com.softfz.HelloImpl</implementationClass> <inHandlers> <handler handlerClass="com.softfz.SecurityHandler"></handler> </inHandlers> <style>wrapped</style> <use>literal</use> <scope>application</scope> </service>

????? c) 同样客户端也要编写一个授权信息，继承AbstractHandler,代码如下：

public class ClientHandler extends AbstractHandler { private String username = ""; private String password = ""; public String getUsername() { return username; } public void setUsername(String username) { this.username = username; } public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } public void invoke(MessageContext context) throws Exception { OutMessage outMessage = context.getOutMessage(); Element header = new Element("xxxx"); Element usernameE = new Element("username"); Element passwordE = new Element("password"); header.addContent(usernameE); header.addContent(passwordE); outMessage.setHeader(header); usernameE.setText(username); passwordE.setText(password); } public ClientHandler(String username,String password) { this.username = username; this.password = password; } }

??????? d) 客户端调用服务端(可以以3种方式中的任意一种调用)

?? 第一种方式调用：

?public static void main(String[] args) { String webserviceLocation = "http://localhost:81/webservice03/services/Hello"; ObjectServiceFactory objectServiceFactory = new ObjectServiceFactory(); Service service = objectServiceFactory.create(IHello.class); XFireProxyFactory fireProxyFactory = new XFireProxyFactory(); try { IHello hello = (IHello) fireProxyFactory.create(service,webserviceLocation); XFireProxy fireProxy = (XFireProxy) Proxy .getInvocationHandler(hello); fireProxy.getClient().addOutHandler(new ClientHandler("jn0909","jn0909")); hello.example("test"); } catch (MalformedURLException e) { e.printStackTrace(); } }

? 第二种方式调用：

public static void main(String[] args) { String wsdlLocation="http://localhost:81/webservice03/services/Hello?wsdl"; try { Client client = new Client(new URL(wsdlLocation)); client.addOutHandler(new ClientHandler("jn0909","jn0909")); client.invoke("example",new Object[]{"test"}); } catch (MalformedURLException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); } }

?? 第三种方式调用：

?public static void main(String[] args) { HelloClient client = new HelloClient(); // create a default service endpoint HelloPortType service = client.getHelloHttpPort(); XFireProxy fireProxy = (XFireProxy) Proxy.getInvocationHandler(service); fireProxy.getClient().addOutHandler( new ClientHandler("jn0909","jn0909")); service.example("test"); }