一、Spring+CXF整合示例
WebService是一種跨程式語言、跨作業系統平臺的遠端呼叫技術,它是指一個應用程式向外界暴露一個能通過Web呼叫的API介面,我們把呼叫這個WebService的應用程式稱作客戶端,把提供這個WebService的應用程式稱作服務端。
環境
win10+Spring5.1+cxf3.3.2
下載
- 官網下載:https://archive.apache.org/dist/cxf/
- 百度網盤:
連結:https://pan.baidu.com/s/1nsUweTFG_6CcZKaVBCQ7uQ
提取碼:4qp7
服務端
- 新建
web專案
- 放入依賴
將apache-cxf-3.3.2\lib中的jar包全部copy至專案WEB-INF\lib目錄下(偷個懶,這些jar包中包含了Spring所需的jar包)
- 在
web.xml中新增webService的配置攔截
<!--webService -->
<servlet>
<servlet-name>CXFService</servlet-name>
<servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>CXFService</servlet-name>
<url-pattern>/webservice/*</url-pattern>
</servlet-mapping>
webservice服務介面
在專案src目錄下新建pms.inface.WebServiceInterface類
package pms.inface;
import javax.jws.WebMethod;
import javax.jws.WebParam;
import javax.jws.WebResult;
import javax.jws.WebService;
@WebService(targetNamespace = "http://spring.webservice.server", name = "WebServiceInterface")
public interface WebServiceInterface {
@WebMethod
@WebResult(name = "result", targetNamespace = "http://spring.webservice.server")
public String sayBye(@WebParam(name = "word", targetNamespace = "http://spring.webservice.server") String word);
}
- 介面實現類
在專案src目錄下新建pms.impl.WebServiceImpl類
package pms.impl;
import javax.jws.WebService;
import pms.inface.WebServiceInterface;
@WebService
public class WebServiceImpl implements WebServiceInterface{
@Override
public String sayBye(String word) {
return word + "當和這個真實的世界迎面撞上時,你是否找到辦法和自己身上的慾望講和,又該如何理解這個鋪面而來的人生?";
}
}
webservice配置檔案
在WEB-INF目錄下新建webservice配置檔案cxf-webService.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jaxws="http://cxf.apache.org/jaxws"
xmlns:cxf="http://cxf.apache.org/core"
xmlns:http-conf="http://cxf.apache.org/transports/http/configuration"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd
http://cxf.apache.org/core
http://cxf.apache.org/schemas/core.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
">
<import resource="classpath:META-INF/cxf/cxf.xml" />
<!-- 使用jaxws:server標籤釋出WebService服務 ,設定address為訪問地址, 和web.xml檔案中配置的CXF配合為一個完整的路徑 -->
<!-- serviceClass為實現類的介面 serviceBean引用配置好的WebService實現類 -->
<jaxws:server address="/webServiceInterface"
serviceClass="pms.inface.WebServiceInterface">
<jaxws:serviceBean>
<ref bean="WebServiceImpl" />
</jaxws:serviceBean>
</jaxws:server>
<!-- 為所有的WS設定超時時間 ,此時為預設值 連線時間30s,等待回覆時間為60s-->
<http-conf:conduit name="*.http-conduit">
<http-conf:client ConnectionTimeout="60000" ReceiveTimeout="120000"/>
</http-conf:conduit>
</beans>
spring配置檔案
在WEB-INF目錄下新建spring配置檔案applicationContext.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">
<bean id="WebServiceImpl" class="pms.impl.WebServiceImpl"></bean>
<import resource="cxf-webService.xml" />
</beans>
在web.xml中配置applicationContext.xml
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
- 將專案放至
tomcat中啟動
啟動後訪問地址:localhost:PORT/專案名/webservice/webServiceInterface?wsdl,如下圖所示,webservice介面釋出成功
二、SoapUI測試
SoapUI是一個開源測試工具,通過soap/http來檢查、呼叫、實現Web Service的功能/負載/符合性測試。
下載
- 百度網盤
連結:https://pan.baidu.com/s/1N2RTqhvrkuzx7YJvmDeY7Q
提取碼:e1w3
測試
- 開啟
SoapUI,新建一個SOAP專案,將剛才的釋出地址copy至Initial WSDL欄,點選OK按鈕
- 發起介面請求
三、客戶端
使用wsdl2java工具生成webservice客戶端程式碼
- 該工具在剛才下載的
apache-cxf-3.3.2\bin目錄下
- 配置環境變數
設定CXF_HOME,並新增%CXF_HOME %/bin到path環境變數。
CMD命令列輸入wsdl2java -help,有正常提示說明環境已經正確配置
- wsdl2java.bat用法:
wsdl2java –p 包名 –d 存放目錄 -all wsdl地址
-p 指定wsdl的名稱空間,也就是要生成程式碼的包名
-d 指令要生成程式碼所在目錄
-client 生成客戶端測試web service的程式碼
-server 生成伺服器啟動web service程式碼
-impl 生成web service的實現程式碼,我們在方式一用的就是這個
-ant 生成build.xml檔案
-all 生成所有開始端點程式碼
- 生成客戶端程式碼
wsdl2java -p pms.inface -d ./ -all http://localhost:8080/spring_webservice_server/webservice/webServiceInterface?wsdl
客戶端呼叫
- 新建
web專案
- 放入依賴
將apache-cxf-3.3.2\lib中的jar包全部copy至專案WEB-INF\lib目錄下 - 將
wsdl2java生成的程式碼放至src.pms.inface目錄下
呼叫方法一:
- 新建
webServiceClientMain測試
package pms;
import org.apache.cxf.jaxws.JaxWsProxyFactoryBean;
import pms.inface.WebServiceInterface;
public class webServiceClientMain {
public static void main(String[] args) {
JaxWsProxyFactoryBean svr = new JaxWsProxyFactoryBean();
svr.setServiceClass(WebServiceInterface.class);
svr.setAddress("http://localhost:8080/spring_webservice_server/webservice/webServiceInterface?wsdl");
WebServiceInterface webServiceInterface = (WebServiceInterface) svr.create();
System.out.println(webServiceInterface.sayBye("honey,"));
}
}
- 執行
webServiceClientMain
呼叫方法二:
- 在src目錄下新建
applicationContext.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:jaxws="http://cxf.apache.org/jaxws"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd">
<jaxws:client id="webServiceInterface"
serviceClass="pms.inface.WebServiceInterface"
address="http://localhost:8080/spring_webservice_server/webservice/webServiceInterface?wsdl" >
</jaxws:client>
</beans>
- 新建
webServiceClientTest測試
package pms;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import pms.inface.WebServiceInterface;
public class webServiceClientTest {
public static void main(String[] args) {
ApplicationContext context = new ClassPathXmlApplicationContext("applicationContext.xml");
WebServiceInterface webServiceInterface = context.getBean(WebServiceInterface.class);
String result = webServiceInterface.sayBye("honey,");
System.out.println(result);
}
}
- 執行
webServiceClientTest
四、服務端攔截器
- 需求場景:服務提供方安全驗證,也就是
webservice自定義請求頭的實現,服務介面在身份認證過程中的密碼欄位滿足SM3(雜湊函式演算法標準)的加密要求 SM3加密所需jar包:commons-lang3-3.9.jar、bcprov-jdk15on-1.60.jar,這兩個jar包在剛才下載的apache-cxf-3.3.2\lib下就有- 請求頭格式
<security>
<username></username>
<password></password>
</auth>
- 在
src.pms.interceptor下新建WebServiceInInterceptor攔截器攔截請求,解析頭部
package pms.interceptor;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.xml.namespace.QName;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.headers.Header;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.apache.cxf.transport.http.AbstractHTTPDestination;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import pms.support.Sm3Utils;
import pms.support.StringUtils;
/**
* WebService的輸入攔截器
* @author coisini
* @date May 2020, 13
*
*/
public class WebServiceInInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
private static final String USERNAME = "admin";
private static final String PASSWORD = "P@ssw0rd";
/**
* 允許訪問的IP
*/
private static final String ALLOWIP = "127.0.0.1;XXX.XXX.XXX.XXX";
public WebServiceInInterceptor() {
/*
* 攔截器鏈有多個階段,每個階段都有多個攔截器,攔截器在攔截器鏈的哪個階段起作用,可以在攔截器的建構函式中宣告
* RECEIVE 接收階段,傳輸層處理
* (PRE/USER/POST)_STREAM 流處理/轉換階段
* READ SOAPHeader讀取
* (PRE/USER/POST)_PROTOCOL 協議處理階段,例如JAX-WS的Handler處理
* UNMARSHAL SOAP請求解碼階段
* (PRE/USER/POST)_LOGICAL SOAP請求解碼處理階段
* PRE_INVOKE 呼叫業務處理之前進入該階段
* INVOKE 呼叫業務階段
* POST_INVOKE 提交業務處理結果,並觸發輸入聯結器
*/
super(Phase.PRE_INVOKE);
}
/**
* 客戶端傳來的 soap 訊息先進入攔截器這裡進行處理,客戶端的賬目與密碼訊息放在 soap 的訊息頭<security></security>中,
* 類似如下:
* <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
* <soap:Header><security><username>admin</username><password>P@ssw0rd</password></security></soap:Header>
* <soap:Body></soap:Body></soap:Envelope>
* 現在只需要解析其中的 <head></head>標籤,如果解析驗證成功,則放行,否則這裡直接丟擲異常,
* 服務端不會再往後執行,客戶端也會跟著丟擲異常,得不到正確結果
*
* @param message
* @throws Fault
*/
@Override
public void handleMessage(SoapMessage message) throws Fault {
System.out.println("PRE_INVOKE");
HttpServletRequest request = (HttpServletRequest)message.get(AbstractHTTPDestination.HTTP_REQUEST);
String ipAddr=request.getRemoteAddr();
System.out.println("客戶端訪問IP----"+ipAddr);
if(!ALLOWIP.contains(ipAddr)) {
throw new Fault(new IllegalArgumentException("非法IP地址"), new QName("0009"));
}
/**
* org.apache.cxf.headers.Header
* QName :xml 限定名稱,客戶端設定頭資訊時,必須與伺服器保持一致,否則這裡返回的 header 為null,則永遠通不過的
*/
Header authHeader = null;
//獲取驗證頭
List<Header> headers = message.getHeaders();
for(Header h:headers){
if(h.getName().toString().contains("security")){
authHeader=h;
break;
}
}
System.out.println("authHeader");
System.out.println(authHeader);
if(authHeader !=null) {
Element auth = (Element) authHeader.getObject();
NodeList childNodes = auth.getChildNodes();
String username = null,password = null;
for(int i = 0, len = childNodes.getLength(); i < len; i++){
Node item = childNodes.item(i);
if(item.getNodeName().contains("username")){
username = item.getTextContent();
System.out.println(username);
}
if(item.getNodeName().contains("password")){
password = item.getTextContent();
System.out.println(password);
}
}
if(StringUtils.isBlank(username) || StringUtils.isBlank(password)) {
throw new Fault(new IllegalArgumentException("使用者名稱或密碼不能為空"), new QName("0001"));
}
if(!Sm3Utils.verify(USERNAME, username) || !Sm3Utils.verify(PASSWORD,password)) {
throw new Fault(new IllegalArgumentException("使用者名稱或密碼錯誤"), new QName("0008"));
}
if (Sm3Utils.verify(USERNAME, username) && Sm3Utils.verify(PASSWORD,password)) {
System.out.println("webService 服務端自定義攔截器驗證通過....");
return;//放行
}
}else {
throw new Fault(new IllegalArgumentException("請求頭security不合法"), new QName("0010"));
}
}
// 出現錯誤輸出錯誤資訊和棧資訊
public void handleFault(SoapMessage message) {
Exception exeption = message.getContent(Exception.class);
System.out.println(exeption.getMessage());
}
}
- 在
src.pms.support下新建Sm3Utils加密類
package pms.support;
import java.io.UnsupportedEncodingException;
import java.security.Security;
import java.util.Arrays;
import org.bouncycastle.crypto.digests.SM3Digest;
import org.bouncycastle.crypto.macs.HMac;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.pqc.math.linearalgebra.ByteUtils;
/**
* SM3加密
* @author coisini
* @date May 2020, 13
*/
public class Sm3Utils {
private static final String ENCODING = "UTF-8";
static {
Security.addProvider(new BouncyCastleProvider());
}
/**
* sm3演算法加密
* @explain
* @param paramStr
* 待加密字串
* @return 返回加密後,固定長度=32的16進位制字串
*/
public static String encrypt(String paramStr){
// 將返回的hash值轉換成16進位制字串
String resultHexString = "";
try {
// 將字串轉換成byte陣列
byte[] srcData = paramStr.getBytes(ENCODING);
// 呼叫hash()
byte[] resultHash = hash(srcData);
// 將返回的hash值轉換成16進位制字串
resultHexString = ByteUtils.toHexString(resultHash);
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
return resultHexString;
}
/**
* 返回長度=32的byte陣列
* @explain 生成對應的hash值
* @param srcData
* @return
*/
public static byte[] hash(byte[] srcData) {
SM3Digest digest = new SM3Digest();
digest.update(srcData, 0, srcData.length);
byte[] hash = new byte[digest.getDigestSize()];
digest.doFinal(hash, 0);
return hash;
}
/**
* 通過金鑰進行加密
* @explain 指定金鑰進行加密
* @param key
* 金鑰
* @param srcData
* 被加密的byte陣列
* @return
*/
public static byte[] hmac(byte[] key, byte[] srcData) {
KeyParameter keyParameter = new KeyParameter(key);
SM3Digest digest = new SM3Digest();
HMac mac = new HMac(digest);
mac.init(keyParameter);
mac.update(srcData, 0, srcData.length);
byte[] result = new byte[mac.getMacSize()];
mac.doFinal(result, 0);
return result;
}
/**
* 判斷源資料與加密資料是否一致
* @explain 通過驗證原陣列和生成的hash陣列是否為同一陣列,驗證2者是否為同一資料
* @param srcStr
* 原字串
* @param sm3HexString
* 16進位制字串
* @return 校驗結果
*/
public static boolean verify(String srcStr, String sm3HexString) {
boolean flag = false;
try {
byte[] srcData = srcStr.getBytes(ENCODING);
byte[] sm3Hash = ByteUtils.fromHexString(sm3HexString);
byte[] newHash = hash(srcData);
if (Arrays.equals(newHash, sm3Hash))
flag = true;
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
return flag;
}
public static void main(String[] args) {
// 測試二:account
String account = "admin";
String passoword = "P@ssw0rd";
String hex = Sm3Utils.encrypt(account);
System.out.println(hex);//dc1fd00e3eeeb940ff46f457bf97d66ba7fcc36e0b20802383de142860e76ae6
System.out.println(Sm3Utils.encrypt(passoword));//c2de40449a2019db9936381fa9810c22c8548a8635ed2b7fb3c7ec362e37429d
//驗證加密後的16進位制字串與加密前的字串是否相同
boolean flag = Sm3Utils.verify(account, hex);
System.out.println(flag);// true
}
}
StringUtils工具類
package pms.support;
/**
* 字串工具類
* @author coisini
* @date Nov 27, 2019
*/
public class StringUtils {
/**
* 判空操作
* @param value
* @return
*/
public static boolean isBlank(String value) {
return value == null || "".equals(value) || "null".equals(value) || "undefined".equals(value);
}
}
- 在
cxf-webService.xml新增攔截器配置
<!-- 在此處引用攔截器 -->
<bean id="InInterceptor"
class="pms.interceptor.WebServiceInInterceptor" >
</bean>
<cxf:bus>
<cxf:inInterceptors>
<ref bean="InInterceptor" />
</cxf:inInterceptors>
</cxf:bus>
SoapUI呼叫
java呼叫
服務端攔截器到此結束,由上圖可以看出攔截器配置生效
五、客戶端攔截器
- 在
src.pms.support下新建AddHeaderInterceptor攔截器攔截請求,新增自定義認證頭部
package pms.support;
import java.util.List;
import javax.xml.namespace.QName;
import org.apache.cxf.binding.soap.SoapHeader;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.headers.Header;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
public class AddHeaderInterceptor extends AbstractPhaseInterceptor<SoapMessage>{
private String userName;
private String password;
public AddHeaderInterceptor(String userName, String password) {
super(Phase.PREPARE_SEND);
this.userName = userName;
this.password = password;
}
@Override
public void handleMessage(SoapMessage msg) throws Fault {
System.out.println("攔截...");
/**
* 生成的XML文件
* <authHeader>
* <userName>admin</userName>
* <password>P@ssw0rd</password>
* </authHeader>
*/
// SoapHeader部分待新增的節點
QName qName = new QName("security");
Document doc = DOMUtils.createDocument();
Element pwdEl = doc.createElement("password");
pwdEl.setTextContent(password);
Element userEl = doc.createElement("username");
userEl.setTextContent(userName);
Element root = doc.createElement("security");
root.appendChild(userEl);
root.appendChild(pwdEl);
// 建立SoapHeader內容
SoapHeader header = new SoapHeader(qName, root);
// 新增SoapHeader內容
List<Header> headers = msg.getHeaders();
headers.add(header);
}
}
java呼叫,修改webServiceClientMain呼叫程式碼如下
public class webServiceClientMain {
public static void main(String[] args) {
JaxWsProxyFactoryBean svr = new JaxWsProxyFactoryBean();
svr.setServiceClass(WebServiceInterface.class);
svr.setAddress("http://localhost:8081/spring_webservice_server/webservice/webServiceInterface?wsdl");
WebServiceInterface webServiceInterface = (WebServiceInterface) svr.create();
// jaxws API 轉到 cxf API 新增日誌攔截器
org.apache.cxf.endpoint.Client client = org.apache.cxf.frontend.ClientProxy
.getClient(webServiceInterface);
org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();
//新增自定義的攔截器
cxfEndpoint.getOutInterceptors().add(new AddHeaderInterceptor("dc1fd00e3eeeb940ff46f457bf97d66ba7fcc36e0b20802383de142860e76ae6", "c2de40449a2019db9936381fa9810c22c8548a8635ed2b7fb3c7ec362e37429d"));
System.out.println(webServiceInterface.sayBye("honey,"));
}
}
SoapUI呼叫
六、程式碼示例
服務端:https://github.com/Maggieq8324/spring_webservice_server.git
客戶端:https://github.com/Maggieq8324/spring_webservice_client.git
.end