web Service实践——Xfire的ws-security用户名和密码安全验证
String validPw = (String)password.get(id);②-3:获取用户对应的正确密码
②-4:如果是明文密码直接进行判断
if(WSConstants.PASSWORD_TEXT.equals(callback.getPasswordType())){
String pw = callback.getPassword();
if(pw == null || !pw.equalsIgnoreCase(validPw)){
throw new WSSecurityException("password not match");
}
}else{
??????? pc.setPassword((String) passwords.get(id));//如果是密码摘要,向回调设置正确的密码(明文密码)
??? }
}
2、service.xml
<beans xmlns="http://xfire.codehaus.org/config/1.0">
<service>
<name>hrwebservice</name>
<namespace>com.channelsoft.hr</namespace>
<serviceClass>com.channelsoft.hr.webservice.DepartmentAndPersonInfo</serviceClass>
<implementationClass>com.channelsoft.hr.webservice.impl.DepartmentAndPersonInfoImpl</implementationClass>
<inHandlers>
????????? <handler handler/>
??????????? <bean
??????????????? xmlns="">
??????????????? <property name="properties">
??????????????????? <props>
?????????????????????? <prop key="action">UsernameToken</prop>//使用用户名与密码进行安全验证
??????????????????????? <prop key="passwordCallbackClass">
??????????????????????????? com.channelsoft.hr.wssecurity.PasswordHandler//回调类
??????????????????????? </prop>
??????????????????? </props>
??????????????? </property>
??????????? </bean>
??? </inHandlers>
</service>
</beans>
四、客户端
?
2、客户端调用
package hr;
import java.net.MalformedURLException;
import org.codehaus.xfire.client.Client;
import org.codehaus.xfire.client.XFireProxyFactory;
import org.codehaus.xfire.security.wss4j.WSS4JOutHandler;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.codehaus.xfire.service.Service;
import org.codehaus.xfire.service.binding.ObjectServiceFactory;
import org.codehaus.xfire.transport.http.CommonsHttpMessageSender;
import org.codehaus.xfire.util.dom.DOMOutHandler;
import com.channelsoft.hr.webservice.DepartmentAndPersonInfo;
public class getHRInfo
{
public static void main(String args[])
{
?? String serviceURL = "http://localhost:8080/HRWebService/services/hrwebservice";
?? // 创建service对象
?? Service serviceModel = new ObjectServiceFactory().create(DepartmentAndPersonInfo.class);
??
?? XFireProxyFactory serviceFactory = new XFireProxyFactory();
?? try
?? {
??? // 获取服务对象
??? DepartmentAndPersonInfo service = (DepartmentAndPersonInfo) serviceFactory.create(serviceModel, serviceURL);
???
??? // 忽略http连接的超时时间,0为不设置超时时间,》=1为超时毫秒数
??? Client client = Client.getInstance(service);
??? client.setProperty(CommonsHttpMessageSender.HTTP_TIMEOUT, "0");
??? //发送授权信息
//????? client.addOutHandler(new ClientAuthenticationHandler("abcd","1234"));
//????? //WS-Security
????? WSS4JOutHandler wsOut = new WSS4JOutHandler();
????? String actions =WSHandlerConstants.USERNAME_TOKEN;
???????? wsOut.setProperty(WSHandlerConstants.ACTION, actions);//动作
???????? wsOut.setProperty(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PASSWORD_DIGEST);//密码类型
???????? wsOut.setProperty(WSHandlerConstants.USER, "server");?? //指定用户?????
???????? wsOut.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS, PasswordHandler.class.getName());//密码回调类
????????
???????? client.addOutHandler(new DOMOutHandler());
???????? client.addOutHandler(wsOut);
???????
?????
?????
??? // 调用服务
??? String hello = service.queryDepartmentInfo();
??? String hello2 = service.queryPersonnelInfo("", "", "");
??? System.out.println(hello);
??? System.out.println(hello2);
?? }
?? catch (MalformedURLException e)
?? {
??? System.out.println("错误!!!");
??? e.printStackTrace();
?? }
}
}
