基于Xfire SOAP Header的WebService安全验证教程
发布时间:2020-12-17 02:12:15 所属栏目:安全 来源:网络整理
导读:WebSerice是一种开放的web服务,任何人都可以访问,但我们有时候需要考虑只有付费用户才能使用WS,所以,我们就需要对WS加入安全验证机制,当然,可以利用防火墙的IP过滤,web应用的配置从最外层去隔离非法用户,但在内层,我们也可以使用SOAP Header的方式,
|
WebSerice是一种开放的web服务,任何人都可以访问,但我们有时候需要考虑只有付费用户才能使用WS,所以,我们就需要对WS加入安全验证机制,当然,可以利用防火墙的IP过滤,web应用的配置从最外层去隔离非法用户,但在内层,我们也可以使用SOAP Header的方式,由客户端发送验证数据,服务端验通过后基WS访问权限 首先配置WS Server和WS Client,其中Client端的测试代码类名由Client改为ClientTest,因为我们要用到Xfire的一个名为Client的类? ? 首先我们编写服务端验证类继承AbstractHandler ?
package
?test;
import ?org.codehaus.xfire.MessageContext; import ?org.codehaus.xfire.handler.AbstractHandler; import ?org.jdom.Element; public ? class ?AuthenticationHandler? extends ?AbstractHandler { ????public?void?invoke(MessageContext?cfx)?throws?Exception?{ ???????????if(cfx.getInMessage().getHeader()?==?null) { ???????????????throw?new?org.codehaus.xfire.fault.XFireFault("请求必须包含验证信息",org.codehaus.xfire.fault.XFireFault.SENDER); ???????????} ???????????Element?token=cfx.getInMessage().getHeader().getChild("AuthenticationToken"); ???????????if?(token?==?null)? ???????????{? ????????????throw?new?org.codehaus.xfire.fault.XFireFault("请求必须包含身份验证信息",?org.codehaus.xfire.fault.XFireFault.SENDER);? ???????????}? ??????????????String?username?=?token.getChild("Username").getValue();? ??????????????String?password?=?token.getChild("Password").getValue();? ??????????????try? ??????????????{? ??????????????????//进行身份验证?,只有abcd@1234的用户为授权用户 ?????????????????if(username.equals("abcd")?&&?password.equals("1234")) ??????????????????//这语句不显示 ??????????????????System.out.println("身份验证通过"); ?????????????????else?throw?new?Exception(); ??????????????}? ??????????????catch?(Exception?e)? ??????????????{? ??????????????????throw?new???org.codehaus.xfire.fault.XFireFault("非法的用户名和密码",???org.codehaus.xfire.fault.XFireFault.SENDER);? ??????????????}? ??????????}? } ? 下面是Client发送授权信息 ? 为ClientTest.java加入以下代码 ?XFireProxy proxy = (XFireProxy)Proxy.getInvocationHandler(service); 等等,还没有完,修改Services.xm为WS绑定Handler ??
<?
xml?version="1.0"?encoding="UTF-8"
?>
< beans > < service? xmlns ="http://xfire.codehaus.org/config/1.0" > < name > HelloService </ name > < namespace > http://test/HelloService </ namespace > < serviceClass > test.IHelloService </ serviceClass > < implementationClass > test.HelloServiceImpl </ implementationClass > ? < inHandlers > ? ? < handler?? handlerClass? ="test.AuthenticationHandler" ? ></ handler? > ? ? </ inHandlers > </ service > </ beans >
?
Exception?in?thread?"main"?org.codehaus.xfire.XFireRuntimeException:?Could?not?invoke?service..?Nested?exception?is?org.codehaus.xfire.fault.XFireFault:?非法的用户名和密码
org.codehaus.xfire.fault.XFireFault:?非法的用户名和密码 ????at?org.codehaus.xfire.fault.Soap11FaultSerializer.readMessage(Soap11FaultSerializer.java:31) ????at?org.codehaus.xfire.fault.SoapFaultSerializer.readMessage(SoapFaultSerializer.java:28) ????at?org.codehaus.xfire.soap.handler.ReadHeadersHandler.checkForFault(ReadHeadersHandler.java:111) ????at?org.codehaus.xfire.soap.handler.ReadHeadersHandler.invoke(ReadHeadersHandler.java:67) ????at?org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131) ????at?org.codehaus.xfire.client.Client.onReceive(Client.java:406) ????at?org.codehaus.xfire.transport.http.HttpChannel.sendViaClient(HttpChannel.java:139) ????at?org.codehaus.xfire.transport.http.HttpChannel.send(HttpChannel.java:48) ????at?org.codehaus.xfire.handler.OutMessageSender.invoke(OutMessageSender.java:26) ????at?org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131) ????at?org.codehaus.xfire.client.Invocation.invoke(Invocation.java:79) ????at?org.codehaus.xfire.client.Invocation.invoke(Invocation.java:114) ????at?org.codehaus.xfire.client.Client.invoke(Client.java:336) ????at?org.codehaus.xfire.client.XFireProxy.handleRequest(XFireProxy.java:77) ????at?org.codehaus.xfire.client.XFireProxy.invoke(XFireProxy.java:57) ????at?$Proxy0.getUser(Unknown?Source) ????at?test.ClientTest.main(ClientTest.java:39) ? 如果不在CientTest加以下增加Heade则会有以下异常 ?XFireProxy proxy = (XFireProxy)Proxy.getInvocationHandler(service);
Exception?in?thread?"main"?org.codehaus.xfire.XFireRuntimeException:?Could?not?invoke?service..?Nested?exception?is?org.codehaus.xfire.fault.XFireFault:?请求必须包含验证信息org.codehaus.xfire.fault.XFireFault:?请求必须包含验证信息????at?org.codehaus.xfire.fault.Soap11FaultSerializer.readMessage(Soap11FaultSerializer.java:31)????at?org.codehaus.xfire.fault.SoapFaultSerializer.readMessage(SoapFaultSerializer.java:28)????at?org.codehaus.xfire.soap.handler.ReadHeadersHandler.checkForFault(ReadHeadersHandler.java:111)????at?org.codehaus.xfire.soap.handler.ReadHeadersHandler.invoke(ReadHeadersHandler.java:67)????at?org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)????at?org.codehaus.xfire.client.Client.onReceive(Client.java:406)????at?org.codehaus.xfire.transport.http.HttpChannel.sendViaClient(HttpChannel.java:139)????at?org.codehaus.xfire.transport.http.HttpChannel.send(HttpChannel.java:48)????at?org.codehaus.xfire.handler.OutMessageSender.invoke(OutMessageSender.java:26)????at?org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)????at?org.codehaus.xfire.client.Invocation.invoke(Invocation.java:79)????at?org.codehaus.xfire.client.Invocation.invoke(Invocation.java:114)????at?org.codehaus.xfire.client.Client.invoke(Client.java:336)????at?org.codehaus.xfire.client.XFireProxy.handleRequest(XFireProxy.java:77)????at?org.codehaus.xfire.client.XFireProxy.invoke(XFireProxy.java:57)????at?$Proxy0.getUser(Unknown?Source)????at?test.ClientTest.main(ClientTest.java:35)
(编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |