<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd"> <import resource="classpath:META-INF/cxf/cxf.xml" /> <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" /> <import resource="classpath:META-INF/cxf/cxf-servlet.xml" /> <!-- 客户端Portal配置webservice --> <!-- cxf服务端安全认证 Webservice --> <bean id="scurityServiceBean" class="cn.edu.hbcf.privilege.ws.impl.SeurityServiceImpl"> </bean> <jaxws:endpoint id="seurityService" address="/SecurityService" implementor="#scurityServiceBean"> <jaxws:inInterceptors> <bean class="org.apache.cxf.interceptor.LoggingInInterceptor" /> <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" /> <!-- <bean class="cn.edu.hbcf.privilege.ws.interceptor.ClientInterceptor"/> --> </jaxws:inInterceptors> <jaxws:outInterceptors> <bean class="org.apache.cxf.interceptor.LoggingOutInterceptor" /> </jaxws:outInterceptors> </jaxws:endpoint> <jaxws:endpoint id="userService" address="/UserService" implementor="#userWebServiceImpl"> <jaxws:inInterceptors> <bean class="org.apache.cxf.interceptor.LoggingOutInterceptor" /> <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" /> <bean class="cn.edu.hbcf.privilege.ws.interceptor.ClientInterceptor"/> </jaxws:inInterceptors> </jaxws:endpoint> <jaxws:endpoint id="cxfSecuityService" address="/getCxfSecuityService" implementor="#cxfSecuityServiceImpl"> <jaxws:inInterceptors> <bean class="org.apache.cxf.interceptor.LoggingOutInterceptor" /> <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" /> </jaxws:inInterceptors> </jaxws:endpoint> </beans>
SecurityService
package cn.edu.hbcf.privilege.ws; import java.util.List; import javax.jws.WebParam; import javax.jws.WebService; import javax.xml.soap.SOAPException; import cn.edu.hbcf.common.vo.Criteria; import cn.edu.hbcf.privilege.pojo.BaseModules; import cn.edu.hbcf.privilege.pojo.BaseUsers; @WebService public interface SecurityService { /** * 登录事件,返回登录状态 * @param criteria * @return */ String selectByBaseUser(@WebParam(name = "criteria") Criteria criteria); BaseUsers selectByExample(@WebParam(name = "criteria") Criteria criteria); /** * 用户登录 * @param account 账号 必需 * @param password 密码 必需 * @return 登录成功则返回01 否则返回失败信息 */ String checkLogin(@WebParam(name="account") String account,@WebParam(name="password") String password,@WebParam(name="token") String token) throws SOAPException; /** * 根据用户账号返回用户信息 * @param account * @return */ BaseUsers getUserByAccount(@WebParam(name="account") String account,@WebParam(name="token") String token) throws SOAPException; /** * 返回用户权限 * @param baseUsers * @return */ List<BaseModules> getMobileModules(@WebParam(name="account") String account,@WebParam(name="token") String token) throws SOAPException; }
package cn.edu.hbcf.privilege.ws.impl; import java.util.List; import javax.jws.WebService; import javax.xml.soap.SOAPException; import org.apache.commons.codec.digest.DigestUtils; import org.apache.commons.lang.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import cn.edu.hbcf.common.vo.Criteria; import cn.edu.hbcf.common.vo.TreeMenu; import cn.edu.hbcf.framework.service.AbstractRegisterService; import cn.edu.hbcf.privilege.dao.BaseUsersMapper; import cn.edu.hbcf.privilege.pojo.BaseModules; import cn.edu.hbcf.privilege.pojo.BaseUsers; import cn.edu.hbcf.privilege.service.BaseRoleModuleService; import cn.edu.hbcf.privilege.service.BaseUsersService; import cn.edu.hbcf.privilege.ws.SecurityService; @WebService(serviceName = "securityService", portName = "securityServicePort", endpointInterface = "cn.edu.hbcf.privilege.ws.SecurityService") public class SeurityServiceImpl extends AbstractRegisterService implements SecurityService { private final String TOKEN = "8b1749f054d35ea24ea4101eccbabb7e"; @Autowired private BaseUsersService userService; @Autowired private BaseUsersMapper userMapper; @Autowired private BaseRoleModuleService baseRoleModuleService; @Override public String checkLogin(String account, String password, String token) throws SOAPException { if (TOKEN.equals(token)) { if (StringUtils.isBlank(account)) { throw new SOAPException("用户账号account不能为空!"); } if (StringUtils.isBlank(password)) { throw new SOAPException("用户密码password不能为空!"); } Criteria criteria = new Criteria(); password = DigestUtils.md5Hex(password); criteria.put("account", account); criteria.put("passwordIn", password); return userService.selectByBaseUser(criteria); } else { throw new SOAPException("用户权限不足!"); } } @Override public List<BaseModules> getMobileModules(String account,String token) throws SOAPException { if (TOKEN.equals(token)) { if (StringUtils.isBlank(account)) { throw new SOAPException("用户账号account不能为空!"); } BaseUsers baseUser = new BaseUsers(); List<String> roleIdList = baseRoleModuleService .getUserRoleList(baseUser); baseUser.setRoleIdList(roleIdList); Criteria c = new Criteria(); c.put("user", baseUser); c.put("appId", 12); TreeMenu menu = baseRoleModuleService.selectModulesByUser(c); return menu.getList(); } else { throw new SOAPException("用户权限不足!"); } } @Override public BaseUsers getUserByAccount(String account,String token) throws SOAPException { if (TOKEN.equals(token)) { if (StringUtils.isBlank(account)) { throw new SOAPException("用户账号account不能为空!"); } BaseUsers user = null; Criteria c = new Criteria(); c.put("account", account); List<BaseUsers> userList = userMapper.queryUserList(c); if (userList.size() > 0) { user = userList.get(0); } return user; } else { throw new SOAPException("用户权限不足!"); } } @Override public String selectByBaseUser(Criteria criteria) { // TODO Auto-generated method stub return userService.selectByBaseUser(criteria); } @Override public BaseUsers selectByExample(Criteria criteria) { BaseUsers user = null; List<BaseUsers> userList = userService.selectByExample(criteria); if(userList.size()>0){ user = userList.get(0); user.setRoleIdList(baseRoleModuleService.getUserRoleList(user)); } return user; } }
CxfSecuityService
package cn.edu.hbcf.privilege.ws; import javax.jws.WebParam; import javax.jws.WebService; @WebService public interface CxfSecuityService { String registerUser(@WebParam(name="userName")String userName,@WebParam(name="password") String password); }
CxfSecuityServiceImpl
package cn.edu.hbcf.privilege.ws.impl; import java.util.List; import javax.annotation.Resource; import javax.jws.WebService; import javax.servlet.http.HttpSession; import javax.xml.ws.WebServiceContext; import javax.xml.ws.handler.MessageContext; import org.apache.commons.codec.digest.DigestUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import cn.edu.hbcf.common.vo.Criteria; import cn.edu.hbcf.framework.dao.FrameworkMapper; import cn.edu.hbcf.framework.pojo.APIKeyWebservice; import cn.edu.hbcf.privilege.dao.BaseAPIKeysMapper; import cn.edu.hbcf.privilege.pojo.BaseAPIKeys; import cn.edu.hbcf.privilege.ws.CxfSecuityService; @Service @WebService(serviceName = "cxfSecuityService", portName = "cxfSecuityServicePort", endpointInterface = "cn.edu.hbcf.privilege.ws.CxfSecuityService") public class CxfSecuityServiceImpl implements CxfSecuityService{ @Resource private WebServiceContext wsContext; private MessageContext mc; private HttpSession session; @Autowired private BaseAPIKeysMapper keyMapper; @Autowired private FrameworkMapper frameWorkMapper; @Override public String registerUser(String userName, String password) { Criteria criteria = new Criteria(); criteria.put("keyName", userName); List<BaseAPIKeys> keysList = keyMapper.selectByExample(criteria); if (!keysList.isEmpty()) { BaseAPIKeys userKey = keysList.get(0); password = DigestUtils.md5Hex(password); if (password.equals(userKey.getKeyPassword())) { mc = wsContext.getMessageContext(); session = ((javax.servlet.http.HttpServletRequest) mc .get(MessageContext.SERVLET_REQUEST)).getSession(); ((javax.servlet.ServletContext) mc .get(MessageContext.SERVLET_CONTEXT)) .setAttribute( "session", session); session.setAttribute("msg", "ok"); criteria.clear(); criteria.put("key_id", userKey.getKeyId()); List<APIKeyWebservice> list = frameWorkMapper.queryListByAPIKeyId(criteria); session.setAttribute("perm", list); return "认证成功!"; } } return "认证失败!"; } }