xfire webService 加入用户名密码验证 02
1.需要的jar包
除了xfire和spring必要的包外 还需要 wss4j-1.5.1.jar 和 commons-codec-1.3.jar
2.servicebean配置如下
<bean name="ticketcheckService" class="org.codehaus.xfire.spring.ServiceBean">
<property name="serviceBean" ref="ticketcheckWS" />
<property name="name" value="checkTicket"></property>
<property name="serviceClass"
value="ticketcheck.service.IticketCheck" />
<property name="inHandlers">
<list>
<ref bean="addressingHandler" />
<ref bean="domInHandler" />
<ref bean="wss4jHandler" />
</list>
</property>
<property name="properties">
<props>
<!-- 等待HttpConnectionManager从连接池中返回空闲连接的超时时间 -->
<prop key="http.connection.manager.timeout">2000</prop>
<!-- 等待建立连接的超时时间 -->
<prop key="http.connection.manager.timeout">3000</prop>
<!-- 等待服务器返回数据超时时间 -->
<prop key="http.connection.manager.timeout">5000</prop>
<!-- 连接到单个服务器的连接数上限 -->
<prop key="http.connection.manager.timeout">10</prop>
<!-- 连接到所有服务器的连接个数上限 -->
<prop key="http.connection.manager.timeout">30</prop>
</props>
</property>
</bean>
<bean id="addressingHandler" class="org.codehaus.xfire.addressing.AddressingInHandler" />
<bean id="domInHandler" class="org.codehaus.xfire.util.dom.DOMInHandler" />
<bean id="wss4jHandler" class="org.codehaus.xfire.security.wss4j.WSS4JInHandler" >
<property name="properties">
<!--
<props>
<prop key="action">UsernameToken</prop>
<prop key="passwordCallbackClass">ticketcheck.service.impl.PasswordHandlerImpl</prop>
</props>
-->
<map>
<entry key="action" value="UsernameToken"></entry>
<entry key="passwordCallbackRef" value-ref="securityHandler" > </entry>
</map>
</property>
</bean>
<bean id="securityHandler" class="ticketcheck.service.impl.PasswordHandlerImpl">
<property name="userInfo">
<map>
<entry key="user1" value="pwd1"></entry>
<entry key="user2" value="pwd2"></entry>
</map>
</property>
</bean>
这里 在wss4jHandler配置中原先 用<props> 是无法实现passwordCallback的bean 注入(应用properties值都是字符的所以passwordCallbackRef 在<props>中是不起作用的)
下面就是实现securityHandler
3.PasswordHandlerImpl
import java.io.IOException;
import java.util.HashMap;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSecurityException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
/**
* 验证用户密码
*/
public class PasswordHandlerImpl implements CallbackHandler {
private HashMap<String, String> userInfo ; //保存的用户名密码信息
public void setUserInfo(HashMap<String, String> userInfo) {
this.userInfo = userInfo;
}
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
WSPasswordCallback callback = (WSPasswordCallback) callbacks[0]; //获取回调对象
String id = callback.getIdentifer();//获取用户名
String validPw = userInfo.get(id);
if(validPw == null){
throw new WSSecurityException("no such user");
}
if (WSConstants.PASSWORD_TEXT.equals(callback.getPasswordType())) {//如果是明文密码直接进行判断
String pw = callback.getPassword();
if (pw == null || !pw.equalsIgnoreCase(validPw)) {
throw new WSSecurityException("password not match");
}
} else {//如果是密码摘要,向回调设置正确的密码(明文密码)这段主要是在service客户端用到
callback.setPassword(validPw);
}
}
}
猜你喜欢
转载自dylai.iteye.com/blog/1759915
今日推荐
周排行