我正在摸着头: 使用Interceptor检查一些SOAP头,如何中止拦截器链但仍然向用户回复错误?
抛出一个错误对输出有效,但请求仍在处理中,我宁愿不让所有服务检查消息上下文中的某些标志。
使用“message.getInterceptorChain()。abort();”中止真的中止所有处理,但是也没有任何东西返回给客户端。
什么是正确的方法?
public class HeadersInterceptor extends AbstractSoapInterceptor {
public HeadersInterceptor() {
super(Phase.PRE_LOGICAL);
}
@Override
public void handleMessage(SoapMessage message) throws Fault {
Exchange exchange = message.getExchange();
BindingOperationInfo bop = exchange.getBindingOperationInfo();
Method action = ((MethodDispatcher) exchange.get(Service.class)
.get(MethodDispatcher.class.getName())).getMethod(bop);
if (action.isAnnotationPresent(NeedsHeaders.class)
&& !headersPresent(message)) {
Fault fault = new Fault(new Exception("No headers Exception"));
fault.setFaultCode(new QName("Client"));
try {
Document doc = DocumentBuilderFactory.newInstance()
.newDocumentBuilder().newDocument();
Element detail = doc.createElementNS(Soap12.SOAP_NAMESPACE, "mynamespace");
detail.setTextContent("Missing some headers...blah");
fault.setDetail(detail);
} catch (ParserConfigurationException e) {
}
// bad: message.getInterceptorChain().abort();
throw fault;
}
}
}
答案 0 :(得分:2)
根据Donal Fellows的建议,我正在回答我的问题。
CXF严重依赖于Spring的AOP,这可能导致各种问题,至少在这方面是这样。我正在为您提供完整的代码。使用开源项目我认为为可能决定不使用WS-Security的任何人提供我自己的几行代码是公平的(我希望我的服务仅在SSL上运行)。我通过浏览CXF来源写了大部分内容。
如果您认为有更好的方法,请评论。
/**
* Checks the requested action for AuthenticationRequired annotation and tries
* to login using SOAP headers username/password.
*
* @author Alexander Hofbauer
*/
public class AuthInterceptor extends AbstractSoapInterceptor {
public static final String KEY_USER = "UserAuth";
@Resource
UserService userService;
public AuthInterceptor() {
// process after unmarshalling, so that method and header info are there
super(Phase.PRE_LOGICAL);
}
@Override
public void handleMessage(SoapMessage message) throws Fault {
Logger.getLogger(AuthInterceptor.class).trace("Intercepting service call");
Exchange exchange = message.getExchange();
BindingOperationInfo bop = exchange.getBindingOperationInfo();
Method action = ((MethodDispatcher) exchange.get(Service.class)
.get(MethodDispatcher.class.getName())).getMethod(bop);
if (action.isAnnotationPresent(AuthenticationRequired.class)
&& !authenticate(message)) {
Fault fault = new Fault(new Exception("Authentication failed"));
fault.setFaultCode(new QName("Client"));
try {
Document doc = DocumentBuilderFactory.newInstance()
.newDocumentBuilder().newDocument();
Element detail = doc.createElementNS(Soap12.SOAP_NAMESPACE, "test");
detail.setTextContent("Failed to authenticate.\n" +
"Please make sure to send correct SOAP headers username and password");
fault.setDetail(detail);
} catch (ParserConfigurationException e) {
}
throw fault;
}
}
private boolean authenticate(SoapMessage msg) {
Element usernameNode = null;
Element passwordNode = null;
for (Header header : msg.getHeaders()) {
if (header.getName().getLocalPart().equals("username")) {
usernameNode = (Element) header.getObject();
} else if (header.getName().getLocalPart().equals("password")) {
passwordNode = (Element) header.getObject();
}
}
if (usernameNode == null || passwordNode == null) {
return false;
}
String username = usernameNode.getChildNodes().item(0).getNodeValue();
String password = passwordNode.getChildNodes().item(0).getNodeValue();
User user = null;
try {
user = userService.loginUser(username, password);
} catch (BusinessException e) {
return false;
}
if (user == null) {
return false;
}
msg.put(KEY_USER, user);
return true;
}
}
如上所述,这是ExceptionHandler / -Logger。起初我无法将它与JAX-RS结合使用(也通过CXF,现在JAX-WS正常工作)。无论如何我不需要JAX-RS,所以现在这个问题已经消失了。
@Aspect
public class ExceptionHandler {
@Resource
private Map<String, Boolean> registeredExceptions;
/**
* Everything in my project.
*/
@Pointcut("within(org.myproject..*)")
void inScope() {
}
/**
* Every single method.
*/
@Pointcut("execution(* *(..))")
void anyOperation() {
}
/**
* Log every Throwable.
*
* @param t
*/
@AfterThrowing(pointcut = "inScope() && anyOperation()", throwing = "t")
public void afterThrowing(Throwable t) {
StackTraceElement[] trace = t.getStackTrace();
Logger logger = Logger.getLogger(ExceptionHandler.class);
String info;
if (trace.length > 0) {
info = trace[0].getClassName() + ":" + trace[0].getLineNumber()
+ " threw " + t.getClass().getName();
} else {
info = "Caught throwable with empty stack trace";
}
logger.warn(info + "\n" + t.getMessage());
logger.debug("Stacktrace", t);
}
/**
* Handles all exceptions according to config file.
* Unknown exceptions are always thrown, registered exceptions only if they
* are set to true in config file.
*
* @param pjp
* @throws Throwable
*/
@Around("inScope() && anyOperation()")
public Object handleThrowing(ProceedingJoinPoint pjp) throws Throwable {
try {
Object ret = pjp.proceed();
return ret;
} catch (Throwable t) {
// We don't care about unchecked Exceptions
if (!(t instanceof Exception)) {
return null;
}
Boolean throwIt = registeredExceptions.get(t.getClass().getName());
if (throwIt == null || throwIt) {
throw t;
}
}
return null;
}
}
答案 1 :(得分:1)
简短回答,在发送请求之前在客户端拦截器中中止的正确方法是使用包装异常创建Fault:
throw new Fault(
new ClientException( // or any non-Fault exception, else blocks in
// abstractClient.checkClientException() (waits for missing response code)
"Error before sending the request"), Fault.FAULT_CODE_CLIENT);
感谢帖子贡献者帮助解决问题。
答案 2 :(得分:1)
CXF允许您指定拦截器在某些拦截器之前或之后。如果您的拦截器正在入站端处理(基于您的描述就是这种情况),则会有一个名为CheckFaultInterceptor的拦截器。您可以将拦截器配置为在它之前:
public HeadersInterceptor(){
super(Phase.PRE_LOGICAL);
getBefore().add(CheckFaultInterceptor.class.getName());
}
理论上的检查故障拦截器检查是否发生了故障。如果有,它会中止拦截器链并调用故障处理程序链。
我还没有测试过这个(它完全基于我试图解决相关问题的可用文档)