Axis2服务端用户名和密码校验authentication代码

转载自

服务端代码如下

1、用户名和密码校验类

package webservice.pojo;

import java.util.Iterator;

import org.apache.axiom.om.OMElement;

import org.apache.axis2.AxisFault;

import org.apache.axis2.context.MessageContext;

public class LoginCheck {

 public static void checkUserPwd() throws AxisFault{

  MessageContext msgContext = MessageContext.getCurrentMessageContext();

  Iterator list = (Iterator)msgContext.getEnvelope().getHeader().getFirstElement().getChildren();

  String Username = "";

  String Password = "";

  while (list.hasNext()) {

   OMElement element = (OMElement) list.next();

   if (element.getLocalName().equals("Username")) {

    Username = element.getText();

   }

   if (element.getLocalName().equals("Password")) {

    Password = element.getText();

   }

  }

  if (!Username.equals("toone") || !Password.equals("111111")){

   throw new AxisFault(" Authentication Fail! Check username/password ");

  }

 }

}

2、webservice axis2服务类

package webservice.pojo;

import java.util.HashMap;

import org.apache.axis2.AxisFault;

import webservice.pojo.LoginCheck;

public class StockQuoteService {

    private HashMap map = new HashMap();

 public double getPrice(String symbol)  throws AxisFault{

        LoginCheck.checkUserPwd(); //当客户端调用getPrice方法是，在此处先进行用户名和密码校验，如果校验通过则继续后续逻辑处理，如果不通过则抛出异常。

        Double price = (Double) map.get(symbol);

        if(price != null){

            return price.doublue();

        }

        return 42.00;

    }

    public void update(String symbol, double price) {

        LoginCheck.checkUserPwd(); //当客户端调用getPrice方法是，在此处先进行用户名和密码校验，如果校验通过则继续后续逻辑处理，如果不通过则抛出异常。

        map.put(symbol, new Double(price));

    }

}

3、服务类axis2配置文件

<service name="PojoStockQuoteService" scope="application" targetNamespace="http://quickstart.samples/">

    <description>

        Stock Quote Service

    </description>

    <messageReceivers>

        <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"

                         class="org.apache.axis2.rpc.receivers.RPCInOnlyMessageReceiver"/>

        <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"

                         class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>

    </messageReceivers>

    <schema schemaNamespace="http://quickstart.samples.pojo/xsd"/>

    <parameter name="ServiceClass">webservice.pojo.StockQuoteService</parameter>

</service>

服务端代码完毕。

客户端代码如下：

1、创建带用户名和密码的OMElement对象

package webservice.pojo;

import org.apache.axiom.om.OMAbstractFactory;

import org.apache.axiom.om.OMElement;

import org.apache.axiom.om.OMFactory;

import org.apache.axiom.om.OMNamespace;

public class HeaderOMElement {

 public static OMElement createHeaderOMElement(){

  OMFactory factory = OMAbstractFactory.getOMFactory();

     OMNamespace SecurityElementNamespace = factory.createOMNamespace("http://handler.com","wsse"); 

        OMElement authenticationOM = factory.createOMElement("Authentication",

                SecurityElementNamespace);

        OMElement usernameOM = factory.createOMElement("Username",

                SecurityElementNamespace);

        OMElement passwordOM = factory.createOMElement("Password",

                SecurityElementNamespace);

        usernameOM.setText("toone");

        passwordOM.setText("111111");

        authenticationOM.addChild(usernameOM);

        authenticationOM.addChild(passwordOM);

        return authenticationOM;

 }

}

2、客户端代码

package webservice.pojo;

import javax.xml.namespace.QName;

import org.apache.axis2.AxisFault;

import org.apache.axis2.addressing.EndpointReference;

import org.apache.axis2.client.Options;

import org.apache.axis2.rpc.client.RPCServiceClient;

import webservice.pojo.HeaderOMElement;

public class PojoClient {

 public static void main(String[] args1) throws AxisFault {

  String serviceName = "http://localhost:8801/services/PojoStockQuoteService";

  String namespace = "http://quickstart.samples.pojo/xsd";

  String methodName = "getPrice";

  Object[] methodArgs = new Object[] { };

  Class[] returnTypes = new Class[] { Double.class };

        RPCServiceClient serviceClient = new RPCServiceClient();

        //将创建的OMElement对象放置到Header中

        serviceClient.addHeader(HeaderOMElement.createHeaderOMElement());

        Options options = serviceClient.getOptions();

        EndpointReference targetEPR = new EndpointReference(serviceName);

        options.setTo(targetEPR);

        QName op= new QName(namespace,methodName);

        Object[] response = serviceClient.invokeBlocking(op, methodArgs,returnTypes);

        Double result = (Double) response[0];  

        if (result == null) {

            System.out.println("didn't initialize!");

            return;

        }

        else {

            System.out.println("Price ====== " +

              result.doublue());

        }

 }

}

客户端代码结束。

当在internet网络上发布webservice服务时，有时不希望别人任意访问，尤其是对修改性服务，因此需要在访问服务时先进行用户名和密码校验，对存在这一类需求的人而言，上面的方法应该会有帮助，祝好运。

另外，最近研究了一下，通过Axis2的module方式也是可进行校验的，这种方式更加松耦合，发布module后修改服务端配置文件即可，在服务端的服务方法里没有任何校验代码。