【发布时间】:2016-06-15 06:42:04
【问题描述】:
您好,我创建了这个类来处理所有 spring 安全异常:
import org.apache.cxf.binding.soap.SoapFault;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
/**
* The Class SoapAuthenticationInterceptor.
*/
public class SoapAuthenticationInterceptor extends AbstractPhaseInterceptor<SoapMessage> implements InitializingBean {
/** The authentication manager. */
private AuthenticationManager authenticationManager;
/** The authentication required. */
private boolean authenticationRequired = true;
/**
* Instantiates a new soap authentication interceptor.
*/
public SoapAuthenticationInterceptor() {
super(Phase.RECEIVE);
}
/**
* Sets the authentication manager.
*
* @param authenticationManager
* the new authentication manager
*/
public void setAuthenticationManager(AuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager;
}
/**
* Sets the authentication required.
*
* @param authenticationRequired
* the new authentication required
*/
public void setAuthenticationRequired(boolean authenticationRequired) {
this.authenticationRequired = authenticationRequired;
}
/*
* (non-Javadoc)
*
* @see
* org.springframework.beans.factory.InitializingBean#afterPropertiesSet()
*/
public void afterPropertiesSet() throws Exception {
if (authenticationManager == null) {
throw new IllegalStateException("No authentication manager has been configured");
}
}
/*
* (non-Javadoc)
*
* @see org.apache.cxf.interceptor.Interceptor#handleMessage(org.apache.cxf.
* message.Message)
*/
public void handleMessage(SoapMessage message) throws Fault {
Authentication authentication = message.getExchange().get(Authentication.class);
if (authentication != null) {
try {
authentication = authenticationManager.authenticate(authentication);
message.getExchange().put(Authentication.class, authentication);
} catch (AuthenticationException ex) {
throw new SoapFault("Bad credentials", message.getVersion().getSender());
}
} else if (authenticationRequired) {
throw new SoapFault("Authentication required", message.getVersion().getSender());
}
}
}
然后在我的 applicationContext.xml 中我已经像这样配置了这个拦截器:
<bean id="soapAuthenticationInterceptor" class="com.test.cxf.interceptors.SoapAuthenticationInterceptor">
<property name="authenticationManager" ref="authenticationManager" />
</bean>
<cxf:bus>
<cxf:features>
<cxf:logging />
</cxf:features>
<cxf:inInterceptors>
<ref bean="soapAuthenticationInterceptor" />
</cxf:inInterceptors>
<cxf:outFaultInterceptors>
<ref bean="soapAuthenticationInterceptor" />
</cxf:outFaultInterceptors>
</cxf:bus>
我的问题是,当我发送带有错误登录名/密码的 soapui 信封时,不会调用拦截器?
你能帮帮我吗?
【问题讨论】:
-
您是否定义了您要“参考”的类 authenticationManager?
-
是的,代码工作正常,没有例外
-
好的。您说当您发送错误的登录名/密码时不会调用拦截器。否则会被调用吗?
-
当我使用spring security成功登录时调用拦截器,但在登录/密码错误之前没有
-
回复在这里:Solution is a filter not an interceptor 但还有另一个问题。
标签: spring-security cxf jax-ws interceptor