package com.rpc.token; import javax.xml.soap.SOAPException; import javax.xml.soap.SOAPHeader; import javax.xml.soap.SOAPMessage; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor; import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor; import org.apache.cxf.interceptor.Fault; import org.apache.cxf.phase.Phase; import org.w3c.dom.NodeList; import com.common.ws.AuthHeader; public class CheckSOAPHeaderIntercepter extends AbstractSoapInterceptor { Log logger = LogFactory.getLog(CheckSOAPHeaderIntercepter.class); private AuthHeader authHeader; private SAAJInInterceptor saaIn = new SAAJInInterceptor(); public CheckSOAPHeaderIntercepter() { super(Phase.PRE_PROTOCOL); getAfter().add(SAAJInInterceptor.class.getName()); } public void handleMessage(SoapMessage message) throws Fault { SOAPMessage mess = message.getContent(SOAPMessage.class); if (mess == null) { saaIn.handleMessage(message); mess = message.getContent(SOAPMessage.class); } SOAPHeader head = null; try { head = mess.getSOAPHeader(); } catch (Exception e) { logger.error("獲取頭信息出錯" + e.getMessage(), e); e.printStackTrace(); } if (head == null) { logger.error("head is null"); return; } NodeList nodes = head.getElementsByTagName(authHeader.getKey()); String token = ""; if (nodes != null) { for (int i = 0; i < nodes.getLength(); i++) { token += nodes.item(i).getTextContent(); } } token = StringUtils.trim(token); // logger.info(authHeader.getTokenValue()); // logger.info(token); if (StringUtils.isEmpty(token)) { logger.error("Token null!"); SOAPException soapExc = new SOAPException("Token null!"); throw new Fault(soapExc); } if (!token.equals(authHeader.getTokenValue())) { logger.error("認證失敗!"); SOAPException soapExc = new SOAPException("Verify failed! Token wrong!"); throw new Fault(soapExc); } } public void setAuthHeader(AuthHeader authHeader) { this.authHeader = authHeader; } }
<bean id="logIn" class="org.apache.cxf.interceptor.LoggingInInterceptor"/> <bean id="logOut" class="org.apache.cxf.interceptor.LoggingOutInterceptor"/> <bean id="authHeader" class="com.xx.common.ws.AuthHeader"> <property name="token" value="${xxx.ws.pcm.token}" /> <property name="key" value="${xxx.ws.pcm.key}" /> <property name="qName" value="${xxx.ws.pcm.qName}" /> <property name="seed" value="${xxx.ws.pcm.seed}" /> <property name="content" value="${xxx.ws.pcm.content}" /> </bean> <bean id="tokenAuth" class="com.xx.xx.rpc.token.CheckSOAPHeaderIntercepter"> <property name="authHeader" ref="authHeader" /> </bean> <bean id="addheader" class="com.xx.common.ws.SOAPHeaderIntercepter"> <property name="authHeader" ref="authHeader" /> </bean>
<bean id="userWebServiceBean" class="com.rpc.admin.impl.UserWebServiceImpl"> <property name="xxx" ref="xxx"/> <property name="hhh" ref="hhh"/> </bean> <jaxws:server id="userWebService" serviceClass="com.rpc.admin.UserWebService" address="/userPcm"> <jaxws:serviceBean> <ref bean="userWebServiceBean"/> </jaxws:serviceBean> <jaxws:inInterceptors> <ref bean="logIn"/> <ref bean="tokenAuth" /> </jaxws:inInterceptors> <jaxws:outInterceptors> <ref bean="logOut"/> <ref bean="addheader"/> </jaxws:outInterceptors> </jaxws:server>
package com.common.ws; import java.util.List; import javax.xml.namespace.QName; import org.apache.cxf.binding.soap.SoapHeader; import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor; import org.apache.cxf.helpers.DOMUtils; import org.apache.cxf.interceptor.Fault; import org.w3c.dom.Document; import org.w3c.dom.Element; public class SOAPHeaderIntercepter extends AbstractSoapInterceptor { private AuthHeader authHeader; public SOAPHeaderIntercepter() { super("write"); } public void handleMessage(SoapMessage soapMessage) throws Fault { List headers = soapMessage.getHeaders(); headers.add(getHeader()); } private Object getHeader() { QName qName = new QName(this.authHeader.getqName(), this.authHeader.getKey(), ""); Document document = DOMUtils.createDocument(); Element element = document.createElementNS(this.authHeader.getqName(), this.authHeader.getKey()); Element token = document.createElement(this.authHeader.getToken()); token.setTextContent(this.authHeader.getTokenValue()); element.appendChild(token); SoapHeader header = new SoapHeader(qName, element); return header; } public AuthHeader getAuthHeader() { return this.authHeader; } public void setAuthHeader(AuthHeader authHeader) { this.authHeader = authHeader; } }
public void testGetUserByProjId() { ClassPathXmlApplicationContext context = new ClassPathXmlApplicationContext(new String[] { "client-test.xml" }); UserWebService client = (UserWebService) context.getBean("userClient"); List<UserCms> response = client.getUserByProjId("19aee854de2442b8911c8144770a895c"); System.out.println("testuser Response: " + response.size()); }
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schema/jaxws.xsd"> <bean id="userClient" class="com.rpc.admin.UserWebService" factory-bean="userClientFactory" factory-method="create" /> <bean id="userClientFactory" class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean"> <property name="serviceClass" value="com.xx.rpc.admin.UserWebService" /> <property name="address" value="http://localhost:8080/services/userPcm" /> <property name="outInterceptors"> <list> <ref bean="domainSOAPHeader"/> </list> </property> </bean> <bean id="domainSOAPHeader" class="com.common.ws.SOAPHeaderIntercepter"> <property name="authHeader" ref="domainAuthHeader" /> </bean> <bean id="domainAuthHeader" class="com.common.ws.AuthHeader"> <property name="qName" value="http://xxx.com"/> <property name="seed" value="hhh"/> <property name="content" value="www"/> <property name="key" value="AuthenticationHeader"/> <property name="token" value="Token"/> </bean> </beans>
public static void main(String args[]) throws Exception { System.out.println("進入測試"); ClassPathXmlApplicationContext context = new ClassPathXmlApplicationContext("rpc-test.xml"); UserWebService client = (UserWebService) context.getBean("userClient"); List<UserCms> response = client.getUserByProjId("19aee854de2442b8911c8144770a895c"); System.out.println("Response :{}" + response.size()); }
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jaxws="http://cxf.apache.org/jaxws"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd">
<bean id="authHeader" class="com.xx.common.ws.AuthHeader">
<property name="token" value="webtoken"/>
<property name="key" value="AuthenticationHeader"/>
<property name="qName" value="http://xxx.com"/>
<property name="seed" value="ggg"/>
<property name="content" value="gggg"/>
</bean>
<bean id="addheader" class="com.common.ws.SOAPHeaderIntercepter">
<property name="authHeader" ref="authHeader" />
</bean>
<!-- user test使用 -->
<jaxws:client id="userClient" serviceClass="com.rpc.admin.UserWebService" address="http://localhost:8080/services/userPcm" >
<jaxws:outInterceptors>
<ref bean="addheader"/>
</jaxws:outInterceptors>
</jaxws:client>
</beans>
package com.common.ws; import org.apache.commons.codec.binary.Base64; import org.apache.commons.lang.StringUtils; public class AuthHeader { private static final String QNAME = "http://www.xhx.com/"; private String KEY = "AuthenticationHeader"; private String TOKEN = "Token"; private String qName; private String key; private String token; private String content; private String seed; public String getTokenValue() { if (StringUtils.isNotEmpty(this.content)) { if (StringUtils.isNotEmpty(this.seed)) { byte[] bb = MD5Util.md5(this.content + "-" + this.seed); return new String(Base64.encodeBase64(bb)); } return this.content; } return ""; } public String getqName() { if (StringUtils.isEmpty(this.qName)) { this.qName = "http://www.360buy.com/"; } return this.qName; } public void setqName(String qName) { this.qName = qName; } public String getKey() { if (StringUtils.isEmpty(this.key)) { this.key = this.KEY; } return this.key; } public void setKey(String key) { this.key = key; } public String getToken() { if (StringUtils.isEmpty(this.token)) { this.token = this.TOKEN; } return this.token; } public void setToken(String token) { this.token = token; } public String getContent() { return this.content; } public void setContent(String content) { this.content = content; } public String getSeed() { return this.seed; } public void setSeed(String seed) { this.seed = seed; } }