用cxf做用户名和密码的检测
用cxf做用户名和密码的检测
在server端,主要为得到JaxWsServerFactoryBean后配置Interceptors,
<code>
......
JaxWsServerFactoryBean svrFactory = new JaxWsServerFactoryBean();
......
Map<String, Object> inProps = new HashMap<String, Object>();
inProps.put(WSHandlerConstants.ACTION,WSHandlerConstants.USERNAME_TOKEN);
inProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
inProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,ServerPasswordHandler.class.getName());
WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
svrFactory.getInInterceptors().add(wssIn);
svrFactory.getInInterceptors().add(new SAAJInInterceptor());
......
其中ServerPasswordHandler为真正的用户名密码检查处。
public class ServerPasswordHandler implements CallbackHandler {
@Override
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
if (pc.getIdentifer().equals("userName")) {
if (!pc.getPassword().equals("password")) {
throw new RuntimeException("security error.");
}
} else {
throw new RuntimeException("security error.");
}
}
}
在client端基本和server端对称,只要在client端配置Interceptors就可以工作了。
<code>
.......
JaxWsProxyFactoryBean factory=......;
.......
Map<String, Object> outProps = new HashMap<String, Object>();
outProps.put(WSHandlerConstants.ACTION,
WSHandlerConstants.USERNAME_TOKEN);
outProps.put(WSHandlerConstants.USER, "userName");
outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
ClientPasswordCallback.class.getName());
WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
factory.getOutInterceptors().add(wssOut);
factory.getOutInterceptors().add(new SAAJOutInterceptor());
其中ClientPasswordCallback实际配置password的地方。
public class ClientPasswordCallback implements CallbackHandler {
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
pc.setIdentifier("userName");
pc.setPassword("password");
}
}
PS:outProps.put(WSHandlerConstants.USER, "userName");一定要设置,即使后来它会被
pc.setIdentifier("userName");
pc.setPassword("password");
覆盖掉。