使用Camel CXF在SoapHeaderAuthentication中响应消息记录问题

时间:2016-12-16 10:10:59

标签: soap apache-camel cxf blueprint-osgi cxfrs

我使用camel cxf作为我的webservices,并希望验证来自soap UI的命中凭据。我正在使用cxf拦截器,发布哪个凭证得到验证,但我无法在Soap UI响应中以json / xml格式打印错误消息。

以下是我的蓝图: -

<cxf:rsServer id="testingService"
    address="http://127.0.0.1:8183/test/myWebserviceEndPoint"
    serviceClass="com.test.SerFac">
    <cxf:providers>
        <bean class="com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider" />
    </cxf:providers>
    <cxf:inInterceptors>
          <bean class="org.apache.cxf.interceptor.LoggingInInterceptor" />
          <bean class="com.test.BasicAuthAuthorizationInterceptor" />
   </cxf:inInterceptors>
   <cxf:outInterceptors>
          <bean class="org.apache.cxf.interceptor.LoggingOutInterceptor" />
   </cxf:outInterceptors>
</cxf:rsServer>

以下是BasicAuthAuthorizationInterceptor.java

public class BasicAuthAuthorizationInterceptor extends SoapHeaderInterceptor {

protected Logger log = Logger.getLogger(getClass());

/** Map of allowed users to this system with their corresponding passwords. */
private Map<String,String> users;

@Required
public void setUsers(Map<String, String> users) {
    this.users = users;
}

@Override public void handleMessage(Message message) throws Fault {
    // This is set by CXF
    AuthorizationPolicy policy = message.get(AuthorizationPolicy.class);

    // If the policy is not set, the user did not specify credentials
    // A 401 is sent to the client to indicate that authentication is required
    if (policy == null) {
        if (log.isDebugEnabled()) {
            log.debug("User attempted to log in with no credentials");
        }
        sendErrorResponse(message, HttpURLConnection.HTTP_UNAUTHORIZED);
        return;
    }

    if (log.isDebugEnabled()) {
        log.debug("Logging in use: " + policy.getUserName());
    }

    // Verify the password
    String realPassword = users.get(policy.getUserName());
    if (realPassword == null || !realPassword.equals(policy.getPassword())) {
        log.error("Invalid username or password for user: " + policy.getUserName());

        sendErrorResponse(message, HttpURLConnection.HTTP_FORBIDDEN);
    }
}

private void sendErrorResponse(Message message, int responseCode) {
    Message outMessage = getOutMessage(message);
    outMessage.put(Message.RESPONSE_CODE, responseCode);

    // Set the response headers
    Map<String, List<String>> responseHeaders =
        (Map<String, List<String>>)message.get(Message.PROTOCOL_HEADERS);
    if (responseHeaders != null) {
        responseHeaders.put("WWW-Authenticate", Arrays.asList(new String[]{"Basic realm=realm"}));
        responseHeaders.put("Content-Length", Arrays.asList(new String[]{"0"}));
    }
    message.getInterceptorChain().abort();
    try {
        getConduit(message).prepare(outMessage);
        close(outMessage);
    } catch (IOException e) {
        log.warn(e.getMessage(), e);
    }
}

private Message getOutMessage(Message inMessage) {
    Exchange exchange = inMessage.getExchange();
    Message outMessage = exchange.getOutMessage();
    if (outMessage == null) {
        Endpoint endpoint = exchange.get(Endpoint.class);
        outMessage = endpoint.getBinding().createMessage();
        exchange.setOutMessage(outMessage);
    }
    outMessage.putAll(inMessage);
    return outMessage;
}

private Conduit getConduit(Message inMessage) throws IOException {
    Exchange exchange = inMessage.getExchange();
    EndpointReferenceType target = exchange.get(EndpointReferenceType.class);
    Conduit conduit =
        exchange.getDestination().getBackChannel(inMessage, null, target);
    exchange.setConduit(conduit);
    return conduit;
}

private void close(Message outMessage) throws IOException {
    OutputStream os = outMessage.getContent(OutputStream.class);
    os.flush();
    os.close();
}

}

来自soap UI的回复: -

以xml格式: -

<xml/>

原始: -

HTTP/1.1 403 Forbidden
Accept-Encoding: gzip,deflate
Authorization: Basic fLaWs3dvcmQ6cGFzc3dvcmQx
Content-Length: 0
Content-Type: application/json
Host: localhost:8183
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
WWW-Authenticate: Basic realm=realm
Server: Jetty(8.1.17.v20150415)

如果我提供了错误的凭据,任何人都可以帮助如何在soap UI中打印错误消息吗?

1 个答案:

答案 0 :(得分:0)

实现ContainerRequestFilter解决了这个问题。如需更多建议,请发布。

https://community.oracle.com/docs/DOC-1003506

http://javatech-blog.blogspot.co.uk/2015/04/jax-rs-filters-example.html