处理 Spring 安全异常 CXF
Handle Spring Security Exception CXF
您好,我创建了这个 class 来处理所有 spring 安全异常:
import org.apache.cxf.binding.soap.SoapFault;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
/**
* The Class SoapAuthenticationInterceptor.
*/
public class SoapAuthenticationInterceptor extends AbstractPhaseInterceptor<SoapMessage> implements InitializingBean {
/** The authentication manager. */
private AuthenticationManager authenticationManager;
/** The authentication required. */
private boolean authenticationRequired = true;
/**
* Instantiates a new soap authentication interceptor.
*/
public SoapAuthenticationInterceptor() {
super(Phase.RECEIVE);
}
/**
* Sets the authentication manager.
*
* @param authenticationManager
* the new authentication manager
*/
public void setAuthenticationManager(AuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager;
}
/**
* Sets the authentication required.
*
* @param authenticationRequired
* the new authentication required
*/
public void setAuthenticationRequired(boolean authenticationRequired) {
this.authenticationRequired = authenticationRequired;
}
/*
* (non-Javadoc)
*
* @see
* org.springframework.beans.factory.InitializingBean#afterPropertiesSet()
*/
public void afterPropertiesSet() throws Exception {
if (authenticationManager == null) {
throw new IllegalStateException("No authentication manager has been configured");
}
}
/*
* (non-Javadoc)
*
* @see org.apache.cxf.interceptor.Interceptor#handleMessage(org.apache.cxf.
* message.Message)
*/
public void handleMessage(SoapMessage message) throws Fault {
Authentication authentication = message.getExchange().get(Authentication.class);
if (authentication != null) {
try {
authentication = authenticationManager.authenticate(authentication);
message.getExchange().put(Authentication.class, authentication);
} catch (AuthenticationException ex) {
throw new SoapFault("Bad credentials", message.getVersion().getSender());
}
} else if (authenticationRequired) {
throw new SoapFault("Authentication required", message.getVersion().getSender());
}
}
}
然后在我的 applicationContext.xml 中,我已经像这样配置了这个拦截器:
<bean id="soapAuthenticationInterceptor" class="com.test.cxf.interceptors.SoapAuthenticationInterceptor">
<property name="authenticationManager" ref="authenticationManager" />
</bean>
<cxf:bus>
<cxf:features>
<cxf:logging />
</cxf:features>
<cxf:inInterceptors>
<ref bean="soapAuthenticationInterceptor" />
</cxf:inInterceptors>
<cxf:outFaultInterceptors>
<ref bean="soapAuthenticationInterceptor" />
</cxf:outFaultInterceptors>
</cxf:bus>
我的问题是当我发送一个错误的 soapui 信封时 login/password 拦截器没有被调用?
你能帮帮我吗?
解决方案是覆盖 DigestAuthenticationEntryPoint.for the code class is in this url
您好,我创建了这个 class 来处理所有 spring 安全异常:
import org.apache.cxf.binding.soap.SoapFault;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
/**
* The Class SoapAuthenticationInterceptor.
*/
public class SoapAuthenticationInterceptor extends AbstractPhaseInterceptor<SoapMessage> implements InitializingBean {
/** The authentication manager. */
private AuthenticationManager authenticationManager;
/** The authentication required. */
private boolean authenticationRequired = true;
/**
* Instantiates a new soap authentication interceptor.
*/
public SoapAuthenticationInterceptor() {
super(Phase.RECEIVE);
}
/**
* Sets the authentication manager.
*
* @param authenticationManager
* the new authentication manager
*/
public void setAuthenticationManager(AuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager;
}
/**
* Sets the authentication required.
*
* @param authenticationRequired
* the new authentication required
*/
public void setAuthenticationRequired(boolean authenticationRequired) {
this.authenticationRequired = authenticationRequired;
}
/*
* (non-Javadoc)
*
* @see
* org.springframework.beans.factory.InitializingBean#afterPropertiesSet()
*/
public void afterPropertiesSet() throws Exception {
if (authenticationManager == null) {
throw new IllegalStateException("No authentication manager has been configured");
}
}
/*
* (non-Javadoc)
*
* @see org.apache.cxf.interceptor.Interceptor#handleMessage(org.apache.cxf.
* message.Message)
*/
public void handleMessage(SoapMessage message) throws Fault {
Authentication authentication = message.getExchange().get(Authentication.class);
if (authentication != null) {
try {
authentication = authenticationManager.authenticate(authentication);
message.getExchange().put(Authentication.class, authentication);
} catch (AuthenticationException ex) {
throw new SoapFault("Bad credentials", message.getVersion().getSender());
}
} else if (authenticationRequired) {
throw new SoapFault("Authentication required", message.getVersion().getSender());
}
}
}
然后在我的 applicationContext.xml 中,我已经像这样配置了这个拦截器:
<bean id="soapAuthenticationInterceptor" class="com.test.cxf.interceptors.SoapAuthenticationInterceptor">
<property name="authenticationManager" ref="authenticationManager" />
</bean>
<cxf:bus>
<cxf:features>
<cxf:logging />
</cxf:features>
<cxf:inInterceptors>
<ref bean="soapAuthenticationInterceptor" />
</cxf:inInterceptors>
<cxf:outFaultInterceptors>
<ref bean="soapAuthenticationInterceptor" />
</cxf:outFaultInterceptors>
</cxf:bus>
我的问题是当我发送一个错误的 soapui 信封时 login/password 拦截器没有被调用?
你能帮帮我吗?
解决方案是覆盖 DigestAuthenticationEntryPoint.for the code class is in this url