码迷,mamicode.com
首页 > Web开发 > 详细

【webservice】基于axis2设计带soaphead安全机制的webservice服务端

时间:2014-09-04 19:06:20      阅读:258      评论:0      收藏:0      [点我收藏+]

标签:webservice   axis   soaphead   

还是用axis2写的。是先有客户端,再有这个服务端,严格根据客户端的请求报文来写的哦。是否解决了“ 先有鸡还是先有蛋”的问题。。报文的话,请参照我的上一篇博文《【webservice】调试方法篇(二)》,那么,我的编程步骤是这样的。

1、新建java工程,导入axis2的包、dom4j工具包。

2、根据客户端的请求报文上面soap的命名空间,为工程设计包名,因此,本工程的供外部调用类(Server类)的所在包是cn.com.ultrapower.webservice.service。

3、编辑配置文件services.xml如下:

<!-- webservice配置文件   -->
<service name="Prc_Service" >
	<description>
		Please Type your service description here
	</description>
	<messageReceivers>
		<messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only" class="org.apache.axis2.rpc.receivers.RPCInOnlyMessageReceiver" />
		<messageReceiver  mep="http://www.w3.org/2004/08/wsdl/in-out"  class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
	</messageReceivers>
	<parameter name="ServiceClass">cn.com.ultrapower.webservice.service.Server</parameter>
</service>

4、根据客户端的请求报文上面soap的请求方法,定义Server类里面的对外方法是SendXML(String requestXml,String busiKey)。根据报文可知道:<soapenv:Header>的参数是username与password,<soapenv:body>的参数是busiKey(请求的业务)与requestXml(请求的业务的查询参数,xml格式,需要dom4j分析)。

5、其他工具类设计:用于加载关于业务码busiKey的map的InitBusiKey.java,

6、其他工具类设计:用于加载user的账号密码、接口权限、接口流量等配置信息的InitUser.java,

下面提供Server类的全部代码:

package cn.com.ultrapower.webservice.service;

import java.io.UnsupportedEncodingException;
import java.util.Calendar;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;

import org.apache.axiom.om.OMElement;
import org.apache.axiom.soap.SOAPHeader;
import org.apache.axis2.context.MessageContext;
import org.dom4j.DocumentException;

import cn.com.ultrapower.webservice.service.conf.InitBusiKey;
import cn.com.ultrapower.webservice.service.conf.InitUser;
import cn.com.ultrapower.webservice.service.service.CRBT_Service;
import cn.com.ultrapower.webservice.service.service.ISAG_Service;
import cn.com.ultrapower.webservice.service.service.MMSC_Service;
import cn.com.ultrapower.webservice.service.service.WAPGW_Service;


public class Server{
	//userFlowMap是累加用户在单位时间里对某接口的访问次数
	private static Map<String, Long[]> userFlowMap = new HashMap<String, Long[]>();//String为用户名username,Long[0]为时间,Long[1]为次数
	String responseCode = "";  //查询服务返回的状态码
	String responseXML = "";  //查询服务返回的业务数据
	/*
	 * @para busiKey :     业务平台标识
	 * @para requestXml :  查询条件的XML字符串
	 * 定义返回码responseCode:
		001	输入参数的busiKey无效
		004	请求方权限验证失败
		003	查询接口达到最大并发能力
		002	输入参数的requestXML无效
		005	请求的查询时间超时
		999	其它错误
		000	服务接口处理成功
	 * */
	public String SendXML (String requestXml,String busiKey){
		try{
			String serviceName = InitBusiKey.getInitBusiKey().getServiceName(busiKey);
			if(serviceName!=null && !serviceName.equals("") && serviceName.length()>0){
				String Username = checkAuth(serviceName);
				if(Username!=null && !Username.equals("")){
					if(checkFlow(Username)){
						responseCode = "000";	//000:服务接口处理成功
						responseXML = readRequestXml(serviceName,requestXml);
						String returnData = returnData();
						return returnData;
					}else{
						responseCode = "003";	//003:查询接口达到最大并发能力
						responseXML = "";
						String returnData = returnData();
						return returnData;
					}
				}else{
					responseCode = "004";	//004:请求方权限验证失败
					responseXML = "";
					String returnData = returnData();
					return returnData;
				}
			}else{
				responseCode = "001";	//001:输入参数的busiKey无效
				responseXML = "";
				String returnData = returnData();
				return returnData;
			}
		}catch(NumberFormatException e){//002:参数string转int出错(参数requestXML无效)
			e.printStackTrace();
			responseCode = "002";
			responseXML = "";
			String returnData = returnData();
			return returnData;
		}catch(NullPointerException e){//002:参数为空时出错((参数requestXML无效))
			e.printStackTrace();
			responseCode = "002";
			responseXML = "";
			String returnData = returnData();
			return returnData;
		}catch(Exception e){
			e.printStackTrace();
			responseCode = "999";	//999:其它错误
			responseXML = "";
			String returnData = returnData();
			return returnData;
		}
	}
	
	private String returnData(){
		StringBuffer returnData = new StringBuffer("<?xml version=\"1.0\" encoding=\"UTF-8\"?>");
		returnData.append("<root>");
		returnData.append("<responseCode>"); returnData.append(responseCode); returnData.append("</responseCode>");
		returnData.append("<responseXML>"); returnData.append(responseXML); returnData.append("</responseXML>");
		returnData.append("</root>");
		return returnData.toString();
	}
	
	
	//检测用户账号及接口权限(soaphead安全机制)
	private String checkAuth(String serviceName){
		boolean pwIsOK = false;
		boolean authIsOK = false;
		String Username="",Password="",Address="",Province="";
		MessageContext msgContext = MessageContext.getCurrentMessageContext();  
		SOAPHeader header = msgContext.getEnvelope().getHeader();
		Iterator list = header.getChildren();
		while (list.hasNext()){  
		    OMElement element = (OMElement) list.next();  
		    if (element.getLocalName().equals("Username")){  
			    Username = element.getText();  
			}  
			if (element.getLocalName().equals("Password")){  
		        Password = element.getText();  
		    }  
		} 
		if(Password.equals(InitUser.getInitUser().getUser(Username).getPassword())) pwIsOK=true;
		if(InitUser.getInitUser().getUser(Username).getServiceAuth().contains((","+serviceName+","))) authIsOK=true;
		System.out.println("step1.checkAuth >>>>>>>>> pwIsOK:"+pwIsOK+" authIsOK:"+authIsOK);
		if(pwIsOK && authIsOK) return Username;
		else return "";
	}
	
	//控制用户查询频率(接口流量)
	private boolean checkFlow(String Username){
		boolean flowIsOK = true;
		long nowTime = Calendar.getInstance().getTime().getTime();
		if(userFlowMap.get(Username)==null){
			Long[] userflow = {nowTime,1L};	//userflow[0]为初始时间,userflow[1]为期间访问次数
			userFlowMap.put(Username, userflow);
			flowIsOK = true;
		}else if(nowTime>(userFlowMap.get(Username)[0]+60000)){
			Long[] userflow = {nowTime,1L};	//userflow[0]为初始时间,userflow[1]为期间访问次数
			userFlowMap.put(Username, userflow);
			flowIsOK = true;
		}else if(userFlowMap.get(Username)[0]<=nowTime && nowTime<=(userFlowMap.get(Username)[0]+60000)){
			if(userFlowMap.get(Username)[1]<InitUser.getInitUser().getUser(Username).getFlowIn1Min()){
				Long[] userflow = {userFlowMap.get(Username)[0],userFlowMap.get(Username)[1]+1};//访问次数+1
				userFlowMap.put(Username, userflow);
				flowIsOK = true;
			}else{
				flowIsOK = false;
			}
		}
		System.out.println("step2.checkFlow >>>>>>>>> flowIsOK:"+flowIsOK);
		return flowIsOK;
	}
	
	//执行查询服务
	private String readRequestXml(String serviceName,String requestXml) throws DocumentException,NumberFormatException, NullPointerException, UnsupportedEncodingException{
		System.out.println("step3.readRequestXml >>>>>>>>> serviceName: "+serviceName);
		//选择对应的service
		if(serviceName.equals("WAPGW"))  return new WAPGW_Service().readXML(requestXml);
		if(serviceName.equals("MMSC"))  return new MMSC_Service().readXML(requestXml);
		if(serviceName.equals("ISAG"))  return new ISAG_Service().readXML(requestXml);
		if(serviceName.equals("CRBT"))  return new CRBT_Service().readXML(requestXml);
		else return "";
	}
	
}


一百几十行代码,有没有看的晕晕的?希望你能够耐心地理解到这段代码,更希望这段代码能给你带来帮助!

用axis2用得时间长了,自己也希望有些突破。前阵子重写了这段业务,完全放弃了axis2,直接弄了个servlet,也就是javaweb系统,小巧呢,直接扔到tomcat的webapps就能跑了,用上一篇博文《【webservice】调试方法篇(二)》上面的源码测试,是没问题的。但是,没能及时联系到客户端厂家联调了,因为,我已经申请离职了。今天是在公司的最后一天,就偷闲整理了webservice的系列博文,希望能给大家带来帮助吧。入行不深,且祝我前程似锦吧~

转载请说明出自whilejolly:http://blog.csdn.net/seedingly/article/details/39055107


【webservice】基于axis2设计带soaphead安全机制的webservice服务端

标签:webservice   axis   soaphead   

原文地址:http://blog.csdn.net/seedingly/article/details/39055107

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!