1. 首页
  2. 问答
  3. 在请求的方法中访问SOAP消息头

在请求的方法中访问SOAP消息头

2013-08-30 87 views
1

编辑:消息已被清除并添加了代码在请求的方法中访问SOAP消息头

我使用基本Java客户端开发基于jax-ws的Web服务。

我使用SOAP处理程序来验证用户。一个在客户端将userId和令牌添加到SOAP头中,另一个在服务器端获得这些信息并使用数据库对用户进行身份验证。

客户端(简体):

import static modules.auth.AuthClient.userID; 
import static modules.auth.AuthClient.token; 

public boolean handleMessage(SOAPMessageContext context) { 

    //Getting SOAP headers 
    SOAPMessage soapMsg = context.getMessage(); 
    SOAPEnvelope soapEnv = soapMsg.getSOAPPart().getEnvelope(); 
    SOAPHeader soapHeader = soapEnv.getHeader(); 

    QName qname; 
    SOAPHeaderElement soapHeaderElement; 

    //Add userID in SOAP header 
    qname = new QName("****","UserID"); 
    soapHeaderElement = soapHeader.addHeaderElement(qname); 
    soapHeaderElement.setActor(SOAPConstants.URI_SOAP_ACTOR_NEXT); 
    soapHeaderElement.addTextNode(userID); 

    //Add token in SOAP header 
    qname = new QName("****","Token"); 
    soapHeaderElement = soapHeader.addHeaderElement(qname); 
    soapHeaderElement.setActor(SOAPConstants.URI_SOAP_ACTOR_NEXT); 
    soapHeaderElement.addTextNode(token); 

    soapMsg.saveChanges(); 

    return true; 
}

服务器端(简体):

public boolean handleMessage(SOAPMessageContext context) { 
    Boolean isRequest = (Boolean) context.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY); 

    if (!isRequest) { 
     //Getting SOAP headers 
     SOAPMessage soapMsg = context.getMessage(); 
     SOAPEnvelope soapEnv = soapMsg.getSOAPPart().getEnvelope(); 
     SOAPHeader soapHeader = soapEnv.getHeader(); 

     Iterator it = soapHeader.extractHeaderElements(SOAPConstants.URI_SOAP_ACTOR_NEXT); 

     Node userIDNode = (Node) it.next(); 
     String userID = (userIDNode == null) ? null : userIDNode.getValue(); 

     Node tokenNode = (Node) it.next(); 
     String token = (tokenNode == null) ? null : tokenNode.getValue(); 

     //Return if the user is connected 
     User u = AuthWS.validToken(userID, token); 

     //Here I have my user but I don't know how to get it in my requested method 
    } 
    return true; 
}

为了管理用户的权利,我想直接访问我的用户请求的方法。方法

例可要求:

public Project getProject(@WebParam(name = "name") String name) throws WebServiceFailure, EntityNotFoundException { 

    //Here I would like to verify the user's rights 

    try { 
     PreparedStatement ps = DBConnect.getStatement("SELECT name FROM projects WHERE name = '" + name + "'"); 
     ResultSet res = ps.executeQuery(); 
     if(res.next()){ 
      Project p = new Project(res.getString("name")); 
      ps.close(); 
      return p; 
     } else { 
      ps.close(); 
      throw new EntityNotFoundException("Can't find the project '"+name+"'"); 
     } 
    } catch (SQLException ex) { 
     throw new WebServiceFailure(ex.getMessage()); 
    } 
}

非常感谢

来源

2013-08-30 Gfaramaz

+0

在您的SOAP处理程序中,您可以从'SOAPMessageContext'获取servlet请求对象。你可以使用'request.setAttribute()'来设置你的用户ID。 – happymeal

+0

这类问题是关于主题的,但是您需要更具体地说明您正在尝试做什么以及您尝试过哪些方法对您没有帮助。你的服务运行在什么样的环境中? “请求方法”的输入是什么? – chrylis

+0

请添加您到目前为止的代码 –

回答

3

最后,我发现正是我一直在寻找:

Follow this link.

部分中“腹背受敌从处理程序级别到应用程序的信息“

来源

2013-09-02 13:17:43 Gfaramaz

相关问题

 相关问题