`
conkeyn
  • 浏览: 1529084 次
  • 性别: Icon_minigender_1
  • 来自: 厦门
社区版块
存档分类
最新评论

[Java] Testing SOAP Headers with a Simple Axis Handler

 
阅读更多

转自:http://weblogs.asp.net/jdanforth/archive/2006/03/13/440116.aspx

This is not a tutorial, but just some sharing of my brief learnings when testing a simple Axis Handler (somewhat similar to ASP.NET Soap Extensions). I wrote 2 programs - one simple web service client as a Java console program and one web service. The client calls a web service method called test() but adds a simple SOAP header containing a username and a password. The web service has a BasicHandler, defined in the deployment descriptor as a request handler, which checks each request and makes sure it contains the correct SOAP header with the correct username and password. The handler also sets the validated username in a ThreadLocal variable, which is then picked up by the web service method. If the request does not contain the correct SOAP header, username and password, a fault is thrown.

There are several ways for the handler class to set data which can be picked up by the web service method, and I know there is a debate going on around the use of ThreadLocals, but I thought it could be useful in this particular case.

I don't think it matters much which version of Axis you use, but I went for Axis version 1.3. Note that this is test-code, not tested for production. If you find something smelly in the code, I would love to hear about it. Another note is the way I build up the SOAP header and my somewhat sloppy usage of XML namespace. I know it can be done much better, but the intention was to test the handler code :)

Note that the web service client code is auto-generated from the WSDL and I've not bothered to show the code for it here.

First, the client code:

package test;

import org.apache.axis.message.*;

public class MyClient {

 public static void main(String[] args) {
 
  System.out.println("Hello, this is the client!");
 
  MyServiceServiceLocator wsloc = new MyServiceServiceLocator();
 
  SOAPHeaderElement oHeaderElement;
  javax.xml.soap.SOAPElement oElement;
  MyServiceSoapBindingStub ws;
 
   try {
    ws = (MyServiceSoapBindingStub)wsloc.getMyService();

    oHeaderElement = new SOAPHeaderElement("http://test",
     "securityHeader");
    oHeaderElement.setPrefix("sec");
    oHeaderElement.setMustUnderstand(false);
    oElement = oHeaderElement.addChildElement("username");
    oElement.addTextNode("johan");
    oElement = oHeaderElement.addChildElement("password");
    oElement.addTextNode("secret");
    
    ws.setHeader(oHeaderElement);
    System.out.println(ws.test());
   } catch (Exception e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
   }
 
 }

}


Then, the web service code (most comments and javadoc removed):

package test.service;

import test.service.handler.MyHandler;

public class MyService
{
 public String test()
 {
  String username = MyHandler.getUsername();
  MyHandler.setUsername(null); //clean up
 
  return "Hello from Service! User is = " + username;
 }
}

Finally, the Handler code looks something like this:

package test.service.handler;

import org.apache.axis.AxisFault;
import org.apache.axis.Message;
import org.apache.axis.MessageContext;
import org.apache.axis.handlers.BasicHandler;

import java.util.Iterator;

import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPHeader;
import javax.xml.soap.SOAPHeaderElement;

import org.apache.axis.message.SOAPEnvelope;

/**
 * Simple Axis handler which looks for a SOAP header
 * containing two elements - username and password. Invoke() method
 * checks these...
 *
 * @author Johan Danforth
 */
public class MyHandler extends BasicHandler {

 private static final long serialVersionUID = 1L;
 private static ThreadLocal _username = new ThreadLocal();

    public static String getUsername() {
        return ((String) (_username.get())).toString();
    }
  
    public static void setUsername(String value) {
        _username.set(value);
    }
 
 /**
  * Method called by Axis handler, checks SOAP header with
  * username and password.
  *
  * @throws AxisFault if header is missing or invalid or wrong username or password
  */
 public void invoke(MessageContext msgContext) throws AxisFault {

  boolean processedHeader = false;
 
  try {
   Message msg = msgContext.getRequestMessage();
   SOAPEnvelope envelope = msg.getSOAPEnvelope();
   SOAPHeader header = envelope.getHeader();
   Iterator it = header.examineAllHeaderElements();
   SOAPHeaderElement hel;
 
   while (it.hasNext()) {
    hel = (SOAPHeaderElement) it.next();
    String headerName = hel.getNodeName();
    if(headerName.equals("sec:securityHeader"))
    {
     checkUsername(hel);
     processedHeader = true;
    }
   }
  } catch (SOAPException e) {
   //capture and wrap any exception.
   throw new AxisFault("Failed to retrieve the SOAP Header or it's details properly.", e);
  }

  if(!processedHeader)
   throw new AxisFault("Failed to retrieve the SOAP Header");
 
 }

 private void checkUsername(SOAPHeaderElement hel) throws AxisFault {
  String username = getUsername(hel);
  String password = getPassword(hel);
 
  if(!(username.equals("johan") && password.equals("secret")))
  {
   throw new AxisFault("Access Denied");
  }
  else
  {
   //set username as threadlocal variable
   _username.set(username);
  }
 }

 private String getPassword(SOAPHeaderElement hel) throws AxisFault {
  org.w3c.dom.Node passwordNode = hel.getLastChild();
  String nodename = passwordNode.getNodeName();
  if(!nodename.equals("sec:password"))
   throw new AxisFault("Missing password element in SOAP header.");
  String password = passwordNode.getFirstChild().getNodeValue();
  System.out.println("password = " + password);
  return password;
 }

 private String getUsername(SOAPHeaderElement hel) throws AxisFault {
  org.w3c.dom.Node usernameNode = hel.getFirstChild();
  String nodename = usernameNode.getNodeName();
  if(!nodename.equals("sec:username"))
   throw new AxisFault("Missing username element in SOAP header.");
  String username = usernameNode.getFirstChild().getNodeValue();
  System.out.println("username = " + username);
  return username;
 }
}


I need to share with you the deployment descriptors and the web.xml as well. I run the Axis Servlets in the same web app as my web service code. It's up to you how you prefer to do it really. I thought it was easier this way when I used the latest version of Eclipse. That's why the web.xml is full of Axis stuff and I'm using a separate server-config.wsdd instead of registering the service through the Axis admin tool pointing at a separate deploy.wsdd file. I'm attaching a sample deploy.wsdd file as well, just in case someone is unfamiliar with the server-config file.

My web.xml looks like this:

<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
 <display-name>
 HelloWorld2</display-name>
 <servlet>
  <display-name>
  Apache-Axis Servlet</display-name>
  <servlet-name>AxisServlet</servlet-name>
  <servlet-class>
  org.apache.axis.transport.http.AxisServlet</servlet-class>
 </servlet>
 <servlet>
  <display-name>
  Axis Admin Servlet</display-name>
  <servlet-name>AdminServlet</servlet-name>
  <servlet-class>
  org.apache.axis.transport.http.AdminServlet</servlet-class>
  <load-on-startup>100</load-on-startup>
 </servlet>
 <servlet-mapping>
  <servlet-name>AxisServlet</servlet-name>
  <url-pattern>/servlet/AxisServlet</url-pattern>
 </servlet-mapping>
 <servlet-mapping>
  <servlet-name>AxisServlet</servlet-name>
  <url-pattern>*.jws</url-pattern>
 </servlet-mapping>
 <servlet-mapping>
  <servlet-name>AxisServlet</servlet-name>
  <url-pattern>/services/*</url-pattern>
 </servlet-mapping>
 <servlet-mapping>
  <servlet-name>AdminServlet</servlet-name>
  <url-pattern>/servlet/AdminServlet</url-pattern>
 </servlet-mapping>
 <welcome-file-list>
  <welcome-file>index.html</welcome-file>
  <welcome-file>index.htm</welcome-file>
  <welcome-file>index.jsp</welcome-file>
  <welcome-file>default.html</welcome-file>
  <welcome-file>default.htm</welcome-file>
  <welcome-file>default.jsp</welcome-file>
 </welcome-file-list>
</web-app>


My server-config.wsdd looks like this:

<?xml version="1.0" encoding="UTF-8"?>
<deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
 <globalConfiguration>
  <parameter name="sendMultiRefs" value="true"/>
  <parameter name="disablePrettyXML" value="true"/>
  <parameter name="adminPassword" value="admin"/>
  <parameter name="attachments.Directory" value="C:\Java\eclipse\workspace\HelloWorld2\.deployables\HelloWorld2\WEB-INF\attachments"/>
  <parameter name="dotNetSoapEncFix" value="true"/>
  <parameter name="enableNamespacePrefixOptimization" value="true"/>
  <parameter name="sendXMLDeclaration" value="true"/>
  <parameter name="sendXsiTypes" value="true"/>
  <parameter name="attachments.implementation" value="org.apache.axis.attachments.AttachmentsImpl"/>
  <requestFlow>
   <handler type="java:org.apache.axis.handlers.JWSHandler">
    <parameter name="scope" value="session"/>
   </handler>
   <handler type="java:org.apache.axis.handlers.JWSHandler">
    <parameter name="scope" value="request"/>
    <parameter name="extension" value=".jwr"/>
   </handler>
  </requestFlow>
 </globalConfiguration>
 <handler name="LocalResponder" type="java:org.apache.axis.transport.local.LocalResponder"/>
 <handler name="URLMapper" type="java:org.apache.axis.handlers.http.URLMapper"/>
 <handler name="Authenticate" type="java:org.apache.axis.handlers.SimpleAuthenticationHandler"/>
 <service name="AdminService" provider="java:MSG">
  <parameter name="allowedMethods" value="AdminService"/>
  <parameter name="enableRemoteAdmin" value="true"/>
  <parameter name="className" value="org.apache.axis.utils.Admin"/>
  <namespace>http://xml.apache.org/axis/wsdd/</namespace>
 </service>
 <service name="Version" provider="java:RPC">
  <parameter name="allowedMethods" value="getVersion"/>
  <parameter name="className" value="org.apache.axis.Version"/>
 </service>
 <service name="MyService" provider="java:RPC" style="wrapped" use="literal">
  <operation name="test" qname="ns3:test" returnQName="ns3:testReturn" returnType="xsd:string" soapAction="" xmlns:ns3="http://test" xmlns:xsd="http://www.w3.org/2001/XMLSchema"/>
  <parameter name="allowedMethods" value="test"/>
  <requestFlow>
   <handler type="java:test.service.handler.MyHandler">
    </handler>
  </requestFlow>
  <parameter name="typeMappingVersion" value="1.2"/>
  <parameter name="wsdlPortType" value="MyService"/>
  <parameter name="className" value="test.service.MyService"/>
  <parameter name="wsdlServicePort" value="MyService"/>
  <parameter name="schemaQualified" value="http://test"/>
  <parameter name="wsdlTargetNamespace" value="http://test"/>
  <parameter name="wsdlServiceElement" value="MyServiceService"/>
 </service>
 <transport name="http">
  <requestFlow>
   <handler type="URLMapper"/>
   <handler type="java:org.apache.axis.handlers.http.HTTPAuthHandler"/>
  </requestFlow>
  <parameter name="qs:list" value="org.apache.axis.transport.http.QSListHandler"/>
  <parameter name="qs:wsdl" value="org.apache.axis.transport.http.QSWSDLHandler"/>
  <parameter name="qs.list" value="org.apache.axis.transport.http.QSListHandler"/>
  <parameter name="qs.method" value="org.apache.axis.transport.http.QSMethodHandler"/>
  <parameter name="qs:method" value="org.apache.axis.transport.http.QSMethodHandler"/>
  <parameter name="qs.wsdl" value="org.apache.axis.transport.http.QSWSDLHandler"/>
 </transport>
 <transport name="local">
  <responseFlow>
   <handler type="LocalResponder"/>
  </responseFlow>
 </transport>
</deployment>


A sample deploy.wsdd could look like this:

<?xml version="1.0" encoding="UTF-8"?>
<!-- Use this file to deploy some handlers/chains and services      -->
<!-- Two ways to do this:                                           -->
<!--   java org.apache.axis.client.AdminClient deploy.wsdd          -->
<!--      after the axis server is running                          -->
<!-- or                                                             -->
<!--   java org.apache.axis.utils.Admin client|server deploy.wsdd   -->
<!--      from the same directory that the Axis engine runs         -->
<deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">

  <service name="MyService" provider="java:RPC" style="wrapped" use="literal">
      <parameter name="wsdlTargetNamespace" value="http://test"/>
      <parameter name="wsdlServiceElement" value="MyServiceService"/>
      <parameter name="schemaQualified" value="http://test"/>
      <parameter name="wsdlServicePort" value="MyService"/>
      <parameter name="className" value="test.service.MyService"/>
      <parameter name="wsdlPortType" value="MyService"/>
      <parameter name="typeMappingVersion" value="1.2"/>
      <operation xmlns:operNS="http://test" xmlns:retNS="http://test" xmlns:rtns="http://www.w3.org/2001/XMLSchema" name="test" qname="operNS:test" returnQName="retNS:testReturn" returnType="rtns:string" soapAction="">
      </operation>
      <parameter name="allowedMethods" value="test"/>
  <requestFlow>
   <handler type="java:test.service.handler.MyHandler">
    </handler>
  </requestFlow>
  </service>
</deployment>

分享到:
评论

相关推荐

    Java Webservice Axis2 Client(含soapheader验证)

    Java Web服务 Axis2 客户端是开发基于SOAP协议的应用程序时常用的一种工具,它允许开发者创建和消费Web服务。Axis2是Apache软件基金会提供的一个高效、灵活且可扩展的Web服务框架,支持多种协议,包括SOAP 1.1和1.2...

    C#调用使用java的带soaphead的webservice

    本案例中,我们将探讨如何使用C#在VS2013环境下调用一个Java编写的带有SOAP Header的Web服务。这个过程涉及到.NET Framework的Web服务客户端代理生成、SOAP消息的处理以及与Java Web服务的交互。 首先,我们需要...

    java soap server

    Java SOAP Server是一个基于Java平台的简单网络服务提供者,它使用SOAP(Simple Object Access Protocol)协议来交换数据。SOAP是一种轻量级、独立于语言的协议,主要用于在Web上进行分布式计算,允许不同系统间的...

    vc++连接webservice soap协议

    Web服务通常使用SOAP(Simple Object Access Protocol)协议来传输数据,这是一种基于XML的协议,用于在不同系统之间交换结构化信息。本篇将详细探讨如何在VC++中连接并使用SOAP协议的Web服务。 首先,理解SOAP协议...

    axis2相关资源

    它能够处理各种SOAP消息,包括SOAP envelop、SOAP headers和SOAP bodies,提供了强大的消息处理能力。 5. 传输机制:Axis2支持多种传输协议,如HTTP、HTTPS、JMS等。这使得服务可以通过不同的方式进行通信,满足...

    SOAP安全验证全套示例

    **SOAP(Simple Object Access Protocol)安全验证全套示例** SOAP是一种基于XML的协议,用于在Web服务中交换结构化和类型化的信息。在SOAP中,安全验证是确保只有授权的客户端能够访问服务的重要环节。本示例将...

    simple-modify-headers-crx插件

    简单的修改头 该扩展基于规则表重写标头。 可能:添加,修改或删除HTTP(S)请求或响应的标头字段以文件(json格式)导出配置从文件中导入配置... webRequest,webRequestBlocking, ... 支持语言:English (United States)

    JAX-WS SOAP header设值

    通常,设置SOAP头涉及到创建自定义消息处理器(MessageHandler)或者利用JAXB(Java Architecture for XML Binding)来绑定XML对象到SOAP消息。 在标签中,“源码”暗示了可能会涉及具体的代码示例,而“工具”可能...

    CXF客户端添加soapHeader代码 + jar包 + apache-cxf-3.1.15

    3. 编写SOAP Header处理逻辑:接下来,我们需要创建一个类来表示Header并实现`javax.xml.ws.handler.soap.SOAPHandler&lt;SOAPMessageContext&gt;`接口。 ```java import javax.xml.soap.SOAPHeader; import javax.xml....

    Learning Python Web Penetration Testing 1st

    You will then learn to interact with a web application using Python, understand the anatomy of an HTTP request, URL, headers and message body, and later create a script to perform a request, and ...

    java与wcf通信

    3. **Java访问WCF服务**:Java通过使用SOAP客户端库(如Apache CXF、Axis2)可以调用WCF服务。这涉及到理解WSDL(Web Service Description Language),它定义了服务接口和消息格式。 4. **C#客户端代码**:这部分...

    java对接com.ibm.mq工具jar合集7.0.1.3.rar

    Java对接IBM MQ(Message Queuing)是企业级应用中常用的一种技术,用于实现应用程序之间的异步通信和数据交换。IBM MQ提供了一种可靠且高效的消息传递机制,支持多种平台和编程语言,包括Java。在本资源包"java对接...

    c#调用java带身份验证webservice

    对于Java Web服务,通常使用SOAP(Simple Object Access Protocol)协议,它基于XML来传递数据。C#可以通过创建一个与Java Web服务的WSDL(Web Service Description Language)文件对应的代理类来实现调用。 1. **...

    PocketSOAP1.5.5

    Comes with a propertyBag serializer, serialize any persistant VB object to/from a SOAP complex type out of the box with no extra code !. Support for both 1999 & 2001 Schema versions. Efficient stream ...

    C#通过SOAP使用HttpWebRequest调用带有身份验证的WebService示例

    本示例使用C#构造SOAP信息,通过HttpWebRequest调用java编写的带有Windows身份验证的WebService,代码中详细注释了每行代码的功能与作用; 对应文章:http://blog.csdn.net/cgs_______/article/details/77894599

    java操作zip_包括加解密码

    在Java中,我们可以使用标准的`java.util.zip`库来处理基本的ZIP文件操作,但若涉及到加密和解密,就需要借助第三方库,例如`Zip4j`。本文将深入探讨如何使用Java和Zip4j库进行ZIP文件的加密与解密。 首先,`java....

    Java邮件开发Fundamentals of the JavaMail API

    A general familiarity with object-oriented programming concepts and the Java programming language is necessary. The Java language essentials tutorial can help. copyright 1996-2000 Magelang ...

    Java操作csv文件

    首先,Java并没有内置的库直接支持CSV操作,但我们可以借助第三方库,如Apache Commons CSV、OpenCSV或Java 8引入的java.util.CSV API。在这里,我们以Apache Commons CSV为例,因为它是业界广泛使用的库,提供了...

    CXF打印SOAP报文,记录WebService日志

    ### CXF打印SOAP报文与记录WebService日志 在企业级应用开发中,尤其是涉及到服务端接口(如WebService)的设计与实现时,日志记录变得尤为重要。它不仅可以帮助开发者更好地理解系统运行状况、定位问题所在,还能...

Global site tag (gtag.js) - Google Analytics