XFire Web Service Verification Solution

xiaoxiao2021-04-02  215

Xfire's documentation is really bad, very unharequently, it is incredible, and and the code version is quite matched, the example inside is not running, it is really ... quite a fire

I have been done well in Xfire's service framework, and the verification function is to be added two days, and it is combined with the overall permission frame (still not yet).

Started to verify via HttpSession, so that it can be unified and B / S's permission system, but I don't know how to access the HttpSession through Spring or XFire, and the document in Xfire is mentioned:

HTTPSERVLETREQUEST REQUEST = XfireServletController.getRequest (); httpservletResponse response = XfireServletController.getResponse ();

And saying that as long as you configure XFireSpringServlet in web.xml, it is in accordance with the match, the result is not

Note: AXIS seems to have MessageContext can be very convenient to access, and there is MessageContext in Xfire, but getsession () is NULL.

If you have a master, you know how to do it.

This road does not go to check the XFire's documentation About the Authentication section, probably have the following programs:

HTTP Authentication

SOAP Header Authentication with JSR181

SOAP Authentication with Handlers

WS-Security

The first HTTP Authentication document is quite incredible, and the document writes how to specify username and password on the client.

// Create your clientClient client = ....;. // Or get it from your proxyClient client = ((XFireProxy) Proxy.getInvocationHandler (myClientProxy)) getClient (); client.setProperty (Channel.USERNAME, "username") ; Client.SetProperty (Channel.Password, "Pass");

I forgot what to do it. What should I do, this username and password should be verified there? ? I haven't found it all over the document.

Looking at the second SOAP Header Authentication with JSR181, it seems very simple

However, in each method in the Service's code, you must write a userToken verification parameter. Although it seems that the granularity can be very thin, this seriously pollutes the code of business logic, very unique, give up!

Public void SomeOperation (String Data, @WebParam (Header = true) UserToken Token {Authenticate (Token) // Do Your Normal Request Here} See WS-Security, this is the security standard for WebService, but it is too complicated, and You need to configure service.xml, our project is java1.5, service.xml is not written, it is automatically generated, I can't find service.xml that is configured? Earnest

Now there is only SOAP Authentication with Handlers. In terms of documentation, this is to meet my requirements, do not invade business logic, combined with the overall permission system, and the configuration is relatively simple to copy the code in the example, and find it at all. Use, less than Yom, I haven't found it for a long time on the Internet. Later I found that Yom is actually yet (Another) Document Object Model. It turns out and DOM is a matter, with JDOM replace, compile.

It is important to have a very important point in the document, which is to configure in Xfire-servlet, causing many people to watch the documentation, I have checked it for a long time to find a little TIPS in a blog in the foreigner, below is configured:

Your.Package.YourServiceInterface

AuthenticationHandler needs to modify it, the other does not transform:

AuthenticationHandler.java

import org.apache.log4j.Logger; import org.codehaus.xfire.MessageContext; import org.codehaus.xfire.handler.AbstractHandler; import org.codehaus.xfire.fault *;. import org.jdom *;. public class AuthenticationHandler extends AbstractHandler {private static final Logger log = Logger.getLogger (AuthenticationHandler.class); public void invoke (MessageContext context) throws Exception {log.info ( "authentication handler is invoked");. if (context.getInMessage () getHeader ( ) == null) {throw new XFireFault ( ". Request must include company authentication token", XFireFault.SENDER);} Element header = context.getInMessage () getHeader ();. Element token = header.getChild ( "AuthenticationToken") ; If (token == null) {throw new xfirefault ("Request Must Include Authentication Token.", XfireFault.Sender;} String U SerName = token.getchild ("username"). getText (); string password = token.getchild ("password"). getText (); try {// Now you have got UserName and Password from the client, then Verify it (you can check it to Acegi)}}}}}}}} catch (exception e) {log.warn (e); throw new xfirefault ("Authentication Failed.", XFireFault.Sender);}}} client code:

Service serviceModel = new objectServiceFactory (). Create (YourService.class);

YourService Service = (YourService) New XFireProxyFactory (). Create (ServiceModel,

"http:// localhost: 8080 / YourProject / Service / youRVice");

XfireProxy proxy = (xfireproxy) proxy.getinvocationhandler (service); client client ();

Client.addoutHandler (New Clientauthhandler ("Jeffrey", "Killjava");

/ / Perform the following code will verify

Service.someople ();

转载请注明原文地址:https://www.9cbs.com/read-131407.html

New Post(0)