xfire webService 加入用户名密码验证 02

1.需要的jar包


       除了xfire和spring必要的包外 还需要 wss4j-1.5.1.jar 和 commons-codec-1.3.jar

2.servicebean配置如下

<bean name="ticketcheckService" class="org.codehaus.xfire.spring.ServiceBean">
       <property name="serviceBean" ref="ticketcheckWS" />
       <property name="name" value="checkTicket"></property>
       <property name="serviceClass"
           value="ticketcheck.service.IticketCheck" />
       <property name="inHandlers">
           <list>
              <ref bean="addressingHandler" />
               <ref bean="domInHandler" />
              <ref bean="wss4jHandler" />
           </list>
       </property>




      <property name="properties">
          <props>

  <!-- 等待HttpConnectionManager从连接池中返回空闲连接的超时时间 -->

  <prop key="http.connection.manager.timeout">2000</prop>

  <!-- 等待建立连接的超时时间 -->

  <prop key="http.connection.manager.timeout">3000</prop>

  <!-- 等待服务器返回数据超时时间 -->

  <prop key="http.connection.manager.timeout">5000</prop>

  <!-- 连接到单个服务器的连接数上限 -->

  <prop key="http.connection.manager.timeout">10</prop>

  <!-- 连接到所有服务器的连接个数上限 -->

  <prop key="http.connection.manager.timeout">30</prop>

      </props>

       </property>


    </bean>


    <bean id="addressingHandler" class="org.codehaus.xfire.addressing.AddressingInHandler" />
    <bean id="domInHandler" class="org.codehaus.xfire.util.dom.DOMInHandler" />
  
  
    <bean id="wss4jHandler"  class="org.codehaus.xfire.security.wss4j.WSS4JInHandler"  >
    <property name="properties">
            <!--
            <props>
            <prop key="action">UsernameToken</prop>
            <prop key="passwordCallbackClass">ticketcheck.service.impl.PasswordHandlerImpl</prop>
            </props>
             -->
           <map>
             <entry key="action" value="UsernameToken"></entry>
             <entry key="passwordCallbackRef" value-ref="securityHandler" >  </entry>
           </map>
        </property>
     </bean>
    <bean id="securityHandler" class="ticketcheck.service.impl.PasswordHandlerImpl">
       <property name="userInfo">
           <map>
              <entry key="user1" value="pwd1"></entry>
              <entry key="user2" value="pwd2"></entry>
           </map>
       </property>
    </bean>
这里 在wss4jHandler配置中原先 用<props> 是无法实现passwordCallback的bean 注入(应用properties值都是字符的所以passwordCallbackRef 在<props>中是不起作用的)

下面就是实现securityHandler



3.PasswordHandlerImpl



import java.io.IOException;
import java.util.HashMap;


import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSecurityException;




import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;


/**
* 验证用户密码
*/


public class PasswordHandlerImpl implements CallbackHandler {
    private HashMap<String, String> userInfo ; //保存的用户名密码信息

    public void setUserInfo(HashMap<String, String> userInfo) {
       this.userInfo = userInfo;
    }

    public void handle(Callback[] callbacks) throws IOException,
           UnsupportedCallbackException {
       WSPasswordCallback callback = (WSPasswordCallback) callbacks[0]; //获取回调对象
       String id = callback.getIdentifer();//获取用户名
String validPw = userInfo.get(id);
       if(validPw == null){
           throw new WSSecurityException("no such user");
       }

       if (WSConstants.PASSWORD_TEXT.equals(callback.getPasswordType())) {//如果是明文密码直接进行判断
           String pw = callback.getPassword();
           if (pw == null || !pw.equalsIgnoreCase(validPw)) {
              throw new WSSecurityException("password not match");
           }
       } else {//如果是密码摘要，向回调设置正确的密码（明文密码）这段主要是在service客户端用到
           callback.setPassword(validPw);
       }
    }
}