一个简单的用户口令验证机制

1.修改WebService 服务端 spring 配置文件 ws-context.xml
Xml代码
<beans xmlns="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:jaxws="http://cxf.apache.org/jaxws" 
    xsi:schemaLocation="http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://www.springframework.org/schema/beans  http://www.springframework.org/schema/beans/spring-beans.xsd" 
    default-autowire="byName" default-lazy-init="true"> 
      
    <jaxws:endpoint id="webServiceSample" 
        address="/WebServiceSample" implementor="cn.org.coral.biz.examples.webservice.WebServiceSampleImpl"> 
 
        <jaxws:inInterceptors> 
            <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" /> 
            <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> 
                <constructor-arg> 
                    <map> 
                        <entry key="action" value="UsernameToken" /> 
                        <entry key="passwordType" value="PasswordText" /> 
                        <entry key="passwordCallbackClass" value="cn.org.coral.biz.examples.webservice.handler.WsAuthHandler" /> 
                    </map> 
                </constructor-arg> 
            </bean> 
        </jaxws:inInterceptors>     
 
    </jaxws:endpoint> 
      
</beans> 



2.服务端添加passwordCallbackClass回调类,该类进行用户口令验证:
Java代码
package cn.org.coral.biz.examples.webservice.handler;

import java.io.IOException;

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;

import org.apache.ws.security.WSPasswordCallback;

public class WsAuthHandler implements CallbackHandler{

public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
if (pc.getIdentifer().equals("ws-client")){
if (!pc.getPassword().equals("admin")) {
throw new SecurityException("wrong password");
}
}else{
throw new SecurityException("wrong username");
}
}

}

package cn.org.coral.biz.examples.webservice.handler;

import java.io.IOException;

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;

import org.apache.ws.security.WSPasswordCallback;

public class WsAuthHandler implements CallbackHandler{

public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
if (pc.getIdentifer().equals("ws-client")){
if (!pc.getPassword().equals("admin")) {
throw new SecurityException("wrong password");
}
}else{
throw new SecurityException("wrong username");
}
}

}


3.客户端修改spring 配置文件 wsclient-context.xml 如下:
Xml代码
<?xml version="1.0" encoding="UTF-8"?> 
<beans xmlns="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:jaxws="http://cxf.apache.org/jaxws" 
    xsi:schemaLocation="http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://www.springframework.org/schema/beans  http://www.springframework.org/schema/beans/spring-beans.xsd" 
    default-autowire="byName" default-lazy-init="true"> 
 
 
    <!-- ws clinet --> 
    <bean id="webServiceSampleClient" class="cn.org.coral.biz.examples.webservice.WebServiceSample" 
        factory-bean="webServiceSampleClientFactory" factory-method="create" /> 
 
 
    <bean id="webServiceSampleClientFactory" 
        class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean"> 
        <property name="serviceClass" 
            value="cn.org.coral.biz.examples.webservice.WebServiceSample" /> 
        <property name="address" 
            value="http://88.148.29.54:8080/aio/services/WebServiceSample" /> 
        <property name="outInterceptors"> 
            <list> 
                <bean 
                    class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" /> 
                <ref bean="wss4jOutConfiguration" /> 
            </list> 
        </property> 
    </bean> 
 
    <bean id="wss4jOutConfiguration" 
        class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"> 
        <property name="properties"> 
            <map> 
                <entry key="action" value="UsernameToken" /> 
                <entry key="user" value="ws-client" /> 
                <entry key="passwordType" value="PasswordText" /> 
                <entry> 
                    <key> 
                        <value>passwordCallbackRef</value> 
                    </key> 
                    <ref bean="passwordCallback" /> 
                </entry> 
            </map> 
        </property> 
    </bean> 
    <bean id="passwordCallback" 
        class="cn.org.coral.biz.examples.webservice.handler.WsClinetAuthHandler"> 
    </bean> 
 
</beans> 

4.客户端添加passwordCallback类,通过该类设置访问口令
Java代码
package cn.org.coral.biz.examples.webservice.handler;

import java.io.IOException;

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;

import org.apache.ws.security.WSPasswordCallback;

public class WsClinetAuthHandler implements CallbackHandler{


public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
int usage = pc.getUsage();


System.out.println("identifier: " + pc.getIdentifer());
System.out.println("usage: " + pc.getUsage());
if (usage == WSPasswordCallback.USERNAME_TOKEN) {
// username token pwd...
pc.setPassword("admin");

} else if (usage == WSPasswordCallback.SIGNATURE) {
// set the password for client's keystore.keyPassword
pc.setPassword("keyPassword");
}
}
}

}

package cn.org.coral.biz.examples.webservice.handler;

import java.io.IOException;

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;

import org.apache.ws.security.WSPasswordCallback;

public class WsClinetAuthHandler implements CallbackHandler{


public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
int usage = pc.getUsage();


System.out.println("identifier: " + pc.getIdentifer());
System.out.println("usage: " + pc.getUsage());
if (usage == WSPasswordCallback.USERNAME_TOKEN) {
// username token pwd...
pc.setPassword("admin");

} else if (usage == WSPasswordCallback.SIGNATURE) {
// set the password for client's keystore.keyPassword
pc.setPassword("keyPassword");
}
}
}

}


5.junit单元测试程序:
Java代码
package cn.org.coral.biz.examples.webservice;

import org.springframework.test.AbstractDependencyInjectionSpringContextTests;
import org.springframework.util.Assert;

public class TestWebService extends AbstractDependencyInjectionSpringContextTests {
WebServiceSample webServiceSampleClient;

@Override
protected String[] getConfigLocations() {
setAutowireMode(AUTOWIRE_BY_NAME);
return new String[] { "classpath:/cn/org/coral/biz/examples/webservice/wsclient-context.xml" };
}

/**
* @param webServiceSampleClient the webServiceSampleClient to set
*/
public void setWebServiceSampleClient(WebServiceSample webServiceSampleClient) {
this.webServiceSampleClient = webServiceSampleClient;
}

public void testSay(){
String result = webServiceSampleClient.say(" world");
Assert.hasText(result);
}
}

package cn.org.coral.biz.examples.webservice;

import org.springframework.test.AbstractDependencyInjectionSpringContextTests;
import org.springframework.util.Assert;

public class TestWebService extends AbstractDependencyInjectionSpringContextTests {
WebServiceSample webServiceSampleClient;

@Override
protected String[] getConfigLocations() {
setAutowireMode(AUTOWIRE_BY_NAME);
return new String[] { "classpath:/cn/org/coral/biz/examples/webservice/wsclient-context.xml" };
}

/**
* @param webServiceSampleClient the webServiceSampleClient to set
*/
public void setWebServiceSampleClient(WebServiceSample webServiceSampleClient) {
this.webServiceSampleClient = webServiceSampleClient;
}

public void testSay(){
String result = webServiceSampleClient.say(" world");
Assert.hasText(result);
}
}

完全按你的方式做的，抛出了下面的异常，是不是有什么冲突？
信息: Creating Service {http://demo.com/}HelloWorldService from class com.demo.HelloWorld
context: org.springframework.context.support.ClassPathXmlApplicationContext@1ffb8dc: display name [org.springframework.context.support.ClassPathXmlApplicationContext@1ffb8dc]; startup date [Fri Jun 06 02:11:04 GMT 2008]; root of context hierarchy
2008-6-6 2:11:26 org.apache.cxf.phase.PhaseInterceptorChain doIntercept
信息: Interceptor has thrown exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: SOAPEXCEPTION
at org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor.handleMessage(SAAJOutInterceptor.java:83)
at org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor.handleMessage(SAAJOutInterceptor.java:57)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:221)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:276)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:222)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:177)
at $Proxy16.sayHi(Unknown Source)
at com.demo.Client.main(Client.java:14)
Caused by: javax.xml.soap.SOAPException: Failed to create MessageFactory: org.apache.axis.soap.MessageFactoryImpl
at javax.xml.soap.MessageFactory.newInstance(MessageFactory.java:55)
at org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor.handleMessage(SAAJOutInterceptor.java:71)
... 8 more
Caused by: java.lang.ClassNotFoundException: org.apache.axis.soap.MessageFactoryImpl
at java.net.URLClassLoader$1.run(URLClassLoader.java:200)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:268)
at java.lang.ClassLoader.loadClass(ClassLoader.java:251)
at javax.xml.soap.MessageFactory.newInstance(MessageFactory.java:50)
... 9 more
Exception in thread "main" javax.xml.ws.WebServiceException: Cannot create SAAJ factory instance.
at org.apache.cxf.jaxws.binding.soap.SOAPBindingImpl.getSOAPFactory(SOAPBindingImpl.java:118)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:193)
at $Proxy16.sayHi(Unknown Source)
at com.demo.Client.main(Client.java:14)
Caused by: javax.xml.soap.SOAPException: Failed to create SOAPConnectionFactory: org.apache.axis.soap.SOAPFactoryImpl
at javax.xml.soap.SOAPFactory.newInstance(SOAPFactory.java:46)
at org.apache.cxf.jaxws.binding.soap.SOAPBindingImpl.getSOAPFactory(SOAPBindingImpl.java:113)
... 3 more
Caused by: java.lang.ClassNotFoundException: org.apache.axis.soap.SOAPFactoryImpl
at java.net.URLClassLoader$1.run(URLClassLoader.java:200)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:268)
at java.lang.ClassLoader.loadClass(ClassLoader.java:251)
at javax.xml.soap.SOAPFactory.newInstance(SOAPFactory.java:41)
... 4 more






如果添加了axis包后会抛下面异常：
2008-6-6 2:07:55 org.apache.cxf.phase.PhaseInterceptorChain doIntercept
信息: Interceptor has thrown exception, unwinding now
org.w3c.dom.DOMException: No such Localname for SOAP URI
at org.apache.axis.message.SOAPDocumentImpl.createElementNS(SOAPDocumentImpl.java:379)
at org.apache.axis.SOAPPart.createElementNS(SOAPPart.java:1109)
at org.apache.cxf.staxutils.W3CDOMStreamWriter.writeStartElement(W3CDOMStreamWriter.java:98)
at org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor.writeSoapEnvelopeStart(SoapOutInterceptor.java:95)
at org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor.handleMessage(SoapOutInterceptor.java:76)
at org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor.handleMessage(SoapOutInterceptor.java:57)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:221)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:276)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:222)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:177)
at $Proxy16.sayHi(Unknown Source)
at com.demo.Client.main(Client.java:14)
Exception in thread "main" java.lang.NoSuchMethodError: javax.xml.soap.SOAPFactory.createFault()Ljavax/xml/soap/SOAPFault;
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:193)
at $Proxy16.sayHi(Unknown Source)
at com.demo.Client.main(Client.java:14)


期待你的回复

我也遇着同样问题，希望可以解答

我也期望你的回复,,,