WebService CXF 日志拦截器和权限验证

要首先以有个接口：

 

@WebService
public interface MyWebService {
    int add(int a, int b);
}

实现类

@WebService(endpointInterface="com.sg.service.MyWebService",serviceName="MyService")
public class MyWebserviceImpl implements MyWebService {
    @Override
    public int add(int a, int b) {
        System.out.println(a+"+"+b+"="+(a+b));
        return a+b;
    }
}

 

发布服务端：

public class ServiceTest {
    public static void main(String[] args) {
        System.out.println("service start................");
        MyWebserviceImpl myWebserviceImpl = new MyWebserviceImpl();
        String address = "http://localhost:8089/myService";
        EndpointImpl endpointImpl = (EndpointImpl) Endpoint.publish(address, myWebserviceImpl);
        System.out.println("service end ..............");
        //日志进来的日志拦截器
        endpointImpl.getOutInterceptors().add(new LoggingOutInterceptor());
        //出去的
        endpointImpl.getInInterceptors().add(new LoggingInInterceptor());
    }
}

 

客户端：

//客户端
public class ClientTest {
    public static void main(String[] args) {
        //对应服务器端实现类
        //@WebService(endpointInterface="com.sg.service.MyWebService",serviceName="MyService")
        MyService myService = new MyService();
        //获取一个接口：服务器端的代理接口
        MyWebService myWebService = myService.getMyWebserviceImplPort();
       
        //获取cxf客户端服务类  通过cxf客户端代理类来获取
        //传入参数是：代理webservice服务端口
        Client client = ClientProxy.getClient(myWebService);
        //进入时日志记录
        client.getInInterceptors().add(new LoggingInInterceptor());
        //响应时日志记录
        client.getOutInterceptors().add(new LoggingOutInterceptor());
        //用户名 权限验证
        client.getOutInterceptors().add(new AddHeaderInterceptor("admin", "123456"));
       
        int add = myWebService.add(1, 1);
        System.out.println("add : "+add);
    }
}

定义服务端拦截器：

package com.sg.service;

import java.util.List;

import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.headers.Header;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.w3c.dom.Element;


//服务器 验证权限
public class AuthInterceptor extends AbstractPhaseInterceptor<SoapMessage>{
    public AuthInterceptor(){
        super(Phase.PRE_INVOKE);
    }

    @Override
    public void handleMessage(SoapMessage message) throws Fault {
        List<Header> headers = message.getHeaders();
        //日过客户端没有传入SOAP包头文件时
        if (headers == null || headers.size() == 0) {
            //return 在这里不能实用  是错误的使用
            //没有权限的时候  怎样告诉客户端没有权限？抛异常
            throw new Fault(new IllegalAccessException("SAOP 包文件没有....."));
        }
        Header header = headers.get(0);
        System.out.println(header.getObject().getClass()+"******************************");
        Element element = (Element)header.getObject();
        String username = element.getElementsByTagName("username").item(0).getTextContent();
        String password = element.getElementsByTagName("password").item(0).getTextContent();
        System.out.println("***************************************************");
        if ("admin".equals(username) && "123456".equals(password)) {
            //验证成功
            //处理其他的业务逻辑 ： 扣费
           
            System.out.println("===========处理其他的业务逻辑 ： 扣费===========");
        }else {
            //验证失败
            throw new Fault(new RuntimeException("访问服务的用户名 或密码错误...."));
        }
    }
}

定义客户端拦截器：

package com.sg.client;

import javax.xml.namespace.QName;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.headers.Header;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

//客户端拦截器
public class AddHeaderInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
    private String username;
    private String password;
   
    public AddHeaderInterceptor(String username,String password){
        //告诉拦截器什么时机调用拦截器
        super(Phase.PREPARE_SEND);
        this.username = username;
        this.password = password;
    }
    @Override
    public void handleMessage(SoapMessage message) throws Fault {
        //添加soap头信息 包含用户名  和 密码
        /**
         * <auth><username>admin</username><password>123456</password></auth>
         */
        Document document = DOMUtils.createDocument();
        Element authElement = document.createElement("auth");
        Element username = document.createElement("username");
        username.setTextContent(this.username);
        authElement.appendChild(username);
        Element password = document.createElement("password");
        password.setTextContent(this.password);
        authElement.appendChild(password);
       
        //第二个参数必须是Element对象
        Header header = new Header(new QName("com.sg.service"), authElement);
        message.getHeaders().add(header);
    }
}

 

测试结果显示：

客户端日志信息：
2013-1-24 23:44:14 org.apache.cxf.service.factory.ReflectionServiceFactoryBean buildServiceFromWSDL
信息: Creating Service {http://service.sg.com/}MyService from WSDL: http://localhost:8089/myService?wsdl
2013-1-24 23:44:15 org.apache.cxf.interceptor.AbstractLoggingInterceptor log
信息: Outbound Message
---------------------------
ID: 1
Address: http://localhost:8089/myService
Encoding: UTF-8
Content-Type: text/xml
Headers: {Accept=[*/*], SOAPAction=[""]}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header>
    <auth>
        <username>admin</username>
        <password>123456</password>
    </auth>
</soap:Header><soap:Body><ns2:add xmlns:ns2="http://service.sg.com/"><arg0>1</arg0><arg1>1</arg1></ns2:add></soap:Body></soap:Envelope>
--------------------------------------
2013-1-24 23:44:15 org.apache.cxf.interceptor.AbstractLoggingInterceptor log
信息: Inbound Message
----------------------------
ID: 1
Response-Code: 200
Encoding: UTF-8
Content-Type: text/xml;charset=UTF-8
Headers: {Content-Length=[197], content-type=[text/xml;charset=UTF-8], Server=[Jetty(7.4.2.v20110526)]}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><ns2:addResponse

xmlns:ns2="http://service.sg.com/"><return>2</return></ns2:addResponse></soap:Body></soap:Envelope>
--------------------------------------
add : 2
服务器端日志信息：

2013-1-24 23:44:14 org.apache.cxf.interceptor.AbstractLoggingInterceptor log
信息: Inbound Message
----------------------------
ID: 1
Address: http://localhost:8089/myService?wsdl
Http-Method: GET
Content-Type: text/xml
Headers: {Accept=[*/*], Cache-Control=[no-cache], connection=[keep-alive], content-type=[text/xml], Host=[localhost:8089], Pragma=[no-cache], User-Agent=[Apache CXF

2.4.1]}
--------------------------------------
2013-1-24 23:44:15 org.apache.cxf.interceptor.AbstractLoggingInterceptor log
信息: Inbound Message
----------------------------
ID: 2
Address: http://localhost:8089/myService
Encoding: UTF-8
Http-Method: POST
Content-Type: text/xml; charset=UTF-8
Headers: {Accept=[*/*], Cache-Control=[no-cache], connection=[keep-alive], Content-Length=[284], content-type=[text/xml; charset=UTF-8], Host=[localhost:8089],

Pragma=[no-cache], SOAPAction=[""], User-Agent=[Apache CXF 2.4.1]}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header>
    <auth>
        <username>admin</username>
        <password>123456</password>
    </auth>
</soap:Header><soap:Body><ns2:add xmlns:ns2="http://service.sg.com/"><arg0>1</arg0><arg1>1</arg1></ns2:add></soap:Body></soap:Envelope>
--------------------------------------
1+1=2
2013-1-24 23:44:15 org.apache.cxf.interceptor.AbstractLoggingInterceptor log
信息: Outbound Message
---------------------------
ID: 2
Encoding: UTF-8
Content-Type: text/xml
Headers: {}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><ns2:addResponse

xmlns:ns2="http://service.sg.com/"><return>2</return></ns2:addResponse></soap:Body></soap:Envelope>
--------------------------------------