CXF 攔截器之消息體token驗證

服務端攔截器(驗證soapHeader中的token):

package com.rpc.token;

import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPHeader;
import javax.xml.soap.SOAPMessage;

import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor;
import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.phase.Phase;
import org.w3c.dom.NodeList;

import com.common.ws.AuthHeader;

public class CheckSOAPHeaderIntercepter extends AbstractSoapInterceptor {

    Log logger = LogFactory.getLog(CheckSOAPHeaderIntercepter.class);

    private AuthHeader authHeader;

    private SAAJInInterceptor saaIn = new SAAJInInterceptor();

    public CheckSOAPHeaderIntercepter() {
        super(Phase.PRE_PROTOCOL);
        getAfter().add(SAAJInInterceptor.class.getName());
    }

    public void handleMessage(SoapMessage message) throws Fault {
        SOAPMessage mess = message.getContent(SOAPMessage.class);
        if (mess == null) {
            saaIn.handleMessage(message);
            mess = message.getContent(SOAPMessage.class);
        }
        SOAPHeader head = null;
        try {
            head = mess.getSOAPHeader();
        } catch (Exception e) {
            logger.error("獲取頭信息出錯" + e.getMessage(), e);
            e.printStackTrace();
        }
        if (head == null) {
            logger.error("head is null");
            return;
        }
        NodeList nodes = head.getElementsByTagName(authHeader.getKey());
        String token = "";
        if (nodes != null) {
            for (int i = 0; i < nodes.getLength(); i++) {
                token += nodes.item(i).getTextContent();
            }
        }
        token = StringUtils.trim(token);
        // logger.info(authHeader.getTokenValue());
        // logger.info(token);
        if (StringUtils.isEmpty(token)) {
            logger.error("Token null!");
            SOAPException soapExc = new SOAPException("Token null!");
            throw new Fault(soapExc);
        }
        if (!token.equals(authHeader.getTokenValue())) {
            logger.error("認證失敗!");
            SOAPException soapExc = new SOAPException("Verify failed! Token wrong!");
            throw new Fault(soapExc);
        }
    }

    public void setAuthHeader(AuthHeader authHeader) {
        this.authHeader = authHeader;
    }

}

服務端配置:


<bean id="logIn" class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
    <bean id="logOut" class="org.apache.cxf.interceptor.LoggingOutInterceptor"/>
    <bean id="authHeader" class="com.xx.common.ws.AuthHeader">  
     	<property name="token" value="${xxx.ws.pcm.token}" />  
        <property name="key" value="${xxx.ws.pcm.key}" />  
        <property name="qName" value="${xxx.ws.pcm.qName}" />  
        <property name="seed" value="${xxx.ws.pcm.seed}" />
	<property name="content" value="${xxx.ws.pcm.content}" />
    </bean> 
    <bean id="tokenAuth" class="com.xx.xx.rpc.token.CheckSOAPHeaderIntercepter">
    	<property name="authHeader" ref="authHeader" />
    </bean>
    <bean id="addheader" class="com.xx.common.ws.SOAPHeaderIntercepter">
	<property name="authHeader" ref="authHeader" />
    </bean>
<bean id="userWebServiceBean" class="com.rpc.admin.impl.UserWebServiceImpl">
 <property name="xxx" ref="xxx"/>
 <property name="hhh" ref="hhh"/>
 </bean>
    <jaxws:server id="userWebService" serviceClass="com.rpc.admin.UserWebService" address="/userPcm">
        <jaxws:serviceBean>
            <ref bean="userWebServiceBean"/> 
        </jaxws:serviceBean>
        <jaxws:inInterceptors>         
        	<ref bean="logIn"/>     
        	<ref bean="tokenAuth" />
        </jaxws:inInterceptors>
        <jaxws:outInterceptors>         
        	<ref bean="logOut"/>   
        	<ref bean="addheader"/>  
        </jaxws:outInterceptors>
    </jaxws:server>

客戶端攔截器(在soapHeader中增長token):

package com.common.ws;

import java.util.List;
import javax.xml.namespace.QName;
import org.apache.cxf.binding.soap.SoapHeader;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.interceptor.Fault;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

public class SOAPHeaderIntercepter extends AbstractSoapInterceptor
{
  private AuthHeader authHeader;

  public SOAPHeaderIntercepter()
  {
    super("write");
  }

  public void handleMessage(SoapMessage soapMessage) throws Fault
  {
    List headers = soapMessage.getHeaders();
    headers.add(getHeader());
  }

  private Object getHeader() {
    QName qName = new QName(this.authHeader.getqName(), this.authHeader.getKey(), "");
    Document document = DOMUtils.createDocument();
    Element element = document.createElementNS(this.authHeader.getqName(), this.authHeader.getKey());
    Element token = document.createElement(this.authHeader.getToken());
    token.setTextContent(this.authHeader.getTokenValue());
    element.appendChild(token);
    SoapHeader header = new SoapHeader(qName, element);
    return header;
  }

  public AuthHeader getAuthHeader() {
    return this.authHeader;
  }

  public void setAuthHeader(AuthHeader authHeader) {
    this.authHeader = authHeader;
  }
}

模擬客戶端測試(方法一):

public void testGetUserByProjId() {
        ClassPathXmlApplicationContext context = new ClassPathXmlApplicationContext(new String[] { "client-test.xml" });
        UserWebService client = (UserWebService) context.getBean("userClient");
        List<UserCms> response = client.getUserByProjId("19aee854de2442b8911c8144770a895c");

        System.out.println("testuser Response: " + response.size());
    }

方法一對應配置:

<?xml version="1.0" encoding="UTF-8"?>  
<beans xmlns="http://www.springframework.org/schema/beans"  
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
    xmlns:jaxws="http://cxf.apache.org/jaxws"  
    xsi:schemaLocation="  
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd  
	http://cxf.apache.org/jaxws http://cxf.apache.org/schema/jaxws.xsd">  
    <bean id="userClient" class="com.rpc.admin.UserWebService" factory-bean="userClientFactory" factory-method="create" /> 
    <bean id="userClientFactory" class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean">
		<property name="serviceClass" value="com.xx.rpc.admin.UserWebService" />
		<property name="address" value="http://localhost:8080/services/userPcm" /> 
		<property name="outInterceptors">
			<list>
			    <ref bean="domainSOAPHeader"/>
			</list>
		</property> 
	</bean>
	<bean id="domainSOAPHeader" class="com.common.ws.SOAPHeaderIntercepter">
		<property name="authHeader" ref="domainAuthHeader" />
	</bean>
	<bean id="domainAuthHeader" class="com.common.ws.AuthHeader">
		<property name="qName" value="http://xxx.com"/>  
		<property name="seed" value="hhh"/>
		<property name="content" value="www"/>
		<property name="key" value="AuthenticationHeader"/>
		<property name="token" value="Token"/>
	</bean>
</beans>

客戶端測試方法二:

public static void main(String args[]) throws Exception {
        System.out.println("進入測試");
        ClassPathXmlApplicationContext context = new ClassPathXmlApplicationContext("rpc-test.xml");
        UserWebService client = (UserWebService) context.getBean("userClient");
        List<UserCms> response = client.getUserByProjId("19aee854de2442b8911c8144770a895c");
        System.out.println("Response :{}" + response.size());
    }

方法二對應配置:

<?xml version="1.0" encoding="UTF-8"?>  
<beans xmlns="http://www.springframework.org/schema/beans"  
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
       xmlns:jaxws="http://cxf.apache.org/jaxws"  
       xsi:schemaLocation="http://www.springframework.org/schema/beans  
        http://www.springframework.org/schema/beans/spring-beans-2.5.xsd  
        http://cxf.apache.org/jaxws  
        http://cxf.apache.org/schemas/jaxws.xsd">  
 	
    <bean id="authHeader" class="com.xx.common.ws.AuthHeader">  
     	<property name="token" value="webtoken"/>  
        <property name="key" value="AuthenticationHeader"/>  
        <property name="qName" value="http://xxx.com"/>  
        <property name="seed" value="ggg"/>
		<property name="content" value="gggg"/>
    </bean> 
    <bean id="addheader" class="com.common.ws.SOAPHeaderIntercepter">
	   <property name="authHeader" ref="authHeader" />
	</bean>
	<!-- user test使用 -->
    <jaxws:client  id="userClient" serviceClass="com.rpc.admin.UserWebService" address="http://localhost:8080/services/userPcm" >
    	<jaxws:outInterceptors>
            <ref bean="addheader"/>
        </jaxws:outInterceptors>
    </jaxws:client>
</beans>

認證頭:

package com.common.ws;

import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringUtils;

public class AuthHeader
{
  private static final String QNAME = "http://www.xhx.com/";
  private String KEY = "AuthenticationHeader";
  private String TOKEN = "Token";
  private String qName;
  private String key;
  private String token;
  private String content;
  private String seed;

  public String getTokenValue()
  {
    if (StringUtils.isNotEmpty(this.content)) {
      if (StringUtils.isNotEmpty(this.seed)) {
        byte[] bb = MD5Util.md5(this.content + "-" + this.seed);
        return new String(Base64.encodeBase64(bb));
      }
      return this.content;
    }

    return "";
  }

  public String getqName() {
    if (StringUtils.isEmpty(this.qName)) {
      this.qName = "http://www.360buy.com/";
    }
    return this.qName;
  }

  public void setqName(String qName) {
    this.qName = qName;
  }

  public String getKey() {
    if (StringUtils.isEmpty(this.key)) {
      this.key = this.KEY;
    }
    return this.key;
  }

  public void setKey(String key) {
    this.key = key;
  }

  public String getToken() {
    if (StringUtils.isEmpty(this.token)) {
      this.token = this.TOKEN;
    }
    return this.token;
  }

  public void setToken(String token) {
    this.token = token;
  }

  public String getContent() {
    return this.content;
  }

  public void setContent(String content) {
    this.content = content;
  }

  public String getSeed() {
    return this.seed;
  }

  public void setSeed(String seed) {
    this.seed = seed;
  }
}
相關文章
相關標籤/搜索