一、服务端代码
接口类
@WebService public interface HelloWorld { public String sayHello(String param); }
实现类
@WebService public class HelloWorldImpl implements HelloWorld { @Override public String sayHello(String param) { System.out.println("====================>"+param); return param; } }
拦截器回调类
public class ServerPasswordCallback implements CallbackHandler { private Map<String, String> passwords = new HashMap<String, String>(); public ServerPasswordCallback() { passwords.put("admin", "admin"); passwords.put("test", "test"); } @Override public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { System.out.println("server:callbacks.length-" + callbacks.length); for (int i = 0; i < callbacks.length; i++) { WSPasswordCallback pc = (WSPasswordCallback) callbacks[i]; System.out.println("============>username:"+pc.getIdentifier()); System.out.println("============>password:"+pc.getPassword()); if (!passwords.containsKey(pc.getIdentifier())) try { throw new WSSecurityException("user not match"); } catch (WSSecurityException e) { e.printStackTrace(); } String pass = passwords.get(pc.getIdentifier()); pc.setPassword(pass); } } }
服务端spring配置
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd"> <import resource="classpath:META-INF/cxf/cxf.xml" /> <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" /> <import resource="classpath:META-INF/cxf/cxf-servlet.xml" /> <bean id="logIn" class="org.apache.cxf.interceptor.LoggingInInterceptor" /> <bean id="logOut" class="org.apache.cxf.interceptor.LoggingOutInterceptor" /> <bean id="saajIn" class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" /> <bean id="wss4jIn" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> <constructor-arg> <map> <entry key="action" value="UsernameToken" /> <entry key="passwordType" value="PasswordText" /> <entry key="passwordCallbackClass" value="ws.test.server.security.ServerPasswordCallback" /> </map> </constructor-arg> </bean> <jaxws:server id="helloWorld" serviceClass="ws.test.server.HelloWorld" address="/helloWorldRemote"> <jaxws:inInterceptors> <ref local="logIn"/> <ref local="saajIn"/> <ref local="wss4jIn"/> </jaxws:inInterceptors> <jaxws:outInterceptors> <ref local="logOut"/> </jaxws:outInterceptors> <jaxws:serviceBean> <!-- 要暴露的 bean 的引用 --> <bean class="ws.test.server.impl.HelloWorldImpl"></bean> </jaxws:serviceBean> </jaxws:server> </beans>
二、 客户端代码
客户端回调处理类
public class ClientPasswordCallback implements CallbackHandler { private Map<String, String> passwords = new HashMap<String, String>(); public ClientPasswordCallback() { passwords.put("admin", "admin"); passwords.put("test", "test"); } @Override public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { System.out.println("client:callbacks.length-" + callbacks.length); for (int i = 0; i < callbacks.length; i++) { WSPasswordCallback pc = (WSPasswordCallback) callbacks[i]; int usage = pc.getUsage(); if (!passwords.containsKey(pc.getIdentifier())) try { throw new WSSecurityException("user not exists "); } catch (WSSecurityException e) { e.printStackTrace(); } String pass = passwords.get(pc.getIdentifier()); if (usage == WSPasswordCallback.USERNAME_TOKEN && pass != null) { System.out.println("client:pass" + pass); pc.setPassword(pass); return; } } } }
客户端调用代码
JaxWsProxyFactoryBean proxyFactoryBean = new JaxWsProxyFactoryBean(); proxyFactoryBean.setServiceClass(HelloWorld.class); proxyFactoryBean.setAddress("http://localhost:8085/web/services/wRemote"); proxyFactoryBean.getInInterceptors().add(new LoggingInInterceptor()); proxyFactoryBean.getOutInterceptors().add(new LoggingOutInterceptor()); proxyFactoryBean.getOutInterceptors().add(new SAAJOutInterceptor()); Map<String,Object> param =new HashMap<String,Object>(); param.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN); param.put(WSHandlerConstants.USER, "admin"); param.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT); param.put(WSHandlerConstants.PW_CALLBACK_CLASS, ClientPasswordCallback.class.getName()); WSS4JOutInterceptor wss4jOutInterceptor = new WSS4JOutInterceptor(param); proxyFactoryBean.getOutInterceptors().add(wss4jOutInterceptor); HelloWorld hw = (HelloWorld)proxyFactoryBean.create(); System.out.println(hw.sayHello("aaaaa"));
或
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd"> <import resource="classpath:META-INF/cxf/cxf.xml" /> <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" /> <import resource="classpath:META-INF/cxf/cxf-servlet.xml" /> <jaxws:client id="client" serviceClass="ws.test.server.HelloWorld" address="http://localhost:8080/ws-test-web/services/helloWorldRemote"> <jaxws:inInterceptors> <bean class="org.apache.cxf.interceptor.LoggingInInterceptor"></bean> </jaxws:inInterceptors> <jaxws:outInterceptors> <bean class="org.apache.cxf.interceptor.LoggingOutInterceptor"></bean> <bean class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor"></bean> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"> <constructor-arg> <map> <entry key="#{T(org.apache.ws.security.handler.WSHandlerConstants).ACTION}" value="#{T(org.apache.ws.security.handler.WSHandlerConstants).USERNAME_TOKEN}" /> <entry key="#{T(org.apache.ws.security.handler.WSHandlerConstants).USER}" value="admin" /> <entry key="#{T(org.apache.ws.security.handler.WSHandlerConstants).PASSWORD_TYPE}" value="#{T(org.apache.ws.security.WSConstants).PW_TEXT}" /> <entry key="#{T(org.apache.ws.security.handler.WSHandlerConstants).PW_CALLBACK_CLASS}" value="ws.test.server.security.ClientPasswordCallback" /> </map> </constructor-arg> </bean> </jaxws:outInterceptors> </jaxws:client> </beans>