Geek Answers Handbook

CXF WS, Interceptor: stop processing, respond with an error

I scratch my head over this: Using Interceptor to check multiple SOAP headers, how can I break the chain of interceptors, but still respond with an error to the user?

Throwing an error works in relation to the output, but the request is still being processed, and I would prefer that all services do not check any flag in the context of the message.

Cancel using "message.getInterceptorChain (). Abort ();" does interrupt all processing, but then also returns nothing to the client.

Which is the right way?

public class HeadersInterceptor extends AbstractSoapInterceptor {

    public HeadersInterceptor() {
        super(Phase.PRE_LOGICAL);
    }

    @Override
    public void handleMessage(SoapMessage message) throws Fault {
        Exchange exchange = message.getExchange();
        BindingOperationInfo bop = exchange.getBindingOperationInfo();
        Method action = ((MethodDispatcher) exchange.get(Service.class)
                .get(MethodDispatcher.class.getName())).getMethod(bop);

        if (action.isAnnotationPresent(NeedsHeaders.class)
                && !headersPresent(message)) {
            Fault fault = new Fault(new Exception("No headers Exception"));
            fault.setFaultCode(new QName("Client"));

            try {
                Document doc = DocumentBuilderFactory.newInstance()
                        .newDocumentBuilder().newDocument();
                Element detail = doc.createElementNS(Soap12.SOAP_NAMESPACE, "mynamespace");
                detail.setTextContent("Missing some headers...blah");
                fault.setDetail(detail);

            } catch (ParserConfigurationException e) {
            }

            // bad: message.getInterceptorChain().abort();
            throw fault;
        }
    }
}
+5
source share
3 answers

Donal Fellows, .

CXF Spring , , , . . , , , WS-Security ( , SSL). , CXF.

, , , .

/**
 * Checks the requested action for AuthenticationRequired annotation and tries
 * to login using SOAP headers username/password.
 * 
 * @author Alexander Hofbauer
 */
public class AuthInterceptor extends AbstractSoapInterceptor {
    public static final String KEY_USER = "UserAuth";

    @Resource
    UserService userService;

    public AuthInterceptor() {
        // process after unmarshalling, so that method and header info are there
        super(Phase.PRE_LOGICAL);
    }

    @Override
    public void handleMessage(SoapMessage message) throws Fault {
        Logger.getLogger(AuthInterceptor.class).trace("Intercepting service call");

        Exchange exchange = message.getExchange();
        BindingOperationInfo bop = exchange.getBindingOperationInfo();
        Method action = ((MethodDispatcher) exchange.get(Service.class)
                .get(MethodDispatcher.class.getName())).getMethod(bop);

        if (action.isAnnotationPresent(AuthenticationRequired.class)
                && !authenticate(message)) {
            Fault fault = new Fault(new Exception("Authentication failed"));
            fault.setFaultCode(new QName("Client"));

            try {
                Document doc = DocumentBuilderFactory.newInstance()
                        .newDocumentBuilder().newDocument();
                Element detail = doc.createElementNS(Soap12.SOAP_NAMESPACE, "test");
                detail.setTextContent("Failed to authenticate.\n" +
                        "Please make sure to send correct SOAP headers username and password");
                fault.setDetail(detail);

            } catch (ParserConfigurationException e) {
            }

            throw fault;
        }
    }

    private boolean authenticate(SoapMessage msg) {
        Element usernameNode = null;
        Element passwordNode = null;

        for (Header header : msg.getHeaders()) {
            if (header.getName().getLocalPart().equals("username")) {
                usernameNode = (Element) header.getObject();
            } else if (header.getName().getLocalPart().equals("password")) {
                passwordNode = (Element) header.getObject();
            }
        }

        if (usernameNode == null || passwordNode == null) {
            return false;
        }
        String username = usernameNode.getChildNodes().item(0).getNodeValue();
        String password = passwordNode.getChildNodes().item(0).getNodeValue();

        User user = null;
        try {
            user = userService.loginUser(username, password);
        } catch (BusinessException e) {
            return false;
        }
        if (user == null) {
            return false;
        }

        msg.put(KEY_USER, user);
        return true;
    }
}

, ExceptionHandler/-Logger. JAX-RS ( CXF, JAX-WS ). JAX-RS, .

@Aspect
public class ExceptionHandler {
    @Resource
    private Map<String, Boolean> registeredExceptions;


    /**
     * Everything in my project.
     */
    @Pointcut("within(org.myproject..*)")
    void inScope() {
    }

    /**
     * Every single method.
     */
    @Pointcut("execution(* *(..))")
    void anyOperation() {
    }

    /**
     * Log every Throwable.
     * 
     * @param t
     */
    @AfterThrowing(pointcut = "inScope() && anyOperation()", throwing = "t")
    public void afterThrowing(Throwable t) {
        StackTraceElement[] trace = t.getStackTrace();
        Logger logger = Logger.getLogger(ExceptionHandler.class);

        String info;
        if (trace.length > 0) {
            info = trace[0].getClassName() + ":" + trace[0].getLineNumber()
                    + " threw " + t.getClass().getName();
        } else {
            info = "Caught throwable with empty stack trace";
        }
        logger.warn(info + "\n" + t.getMessage());
        logger.debug("Stacktrace", t);
    }

    /**
     * Handles all exceptions according to config file.
     * Unknown exceptions are always thrown, registered exceptions only if they
     * are set to true in config file.
     * 
     * @param pjp
     * @throws Throwable
     */
    @Around("inScope() && anyOperation()")
    public Object handleThrowing(ProceedingJoinPoint pjp) throws Throwable {
        try {
            Object ret = pjp.proceed();
            return ret;
        } catch (Throwable t) {
            // We don't care about unchecked Exceptions
            if (!(t instanceof Exception)) {
                return null;
            }

            Boolean throwIt = registeredExceptions.get(t.getClass().getName());
            if (throwIt == null || throwIt) {
                throw t;
            }
        }
        return null;
    }
}
+2

, - Fault :

throw new Fault(
      new ClientException( // or any non-Fault exception, else blocks in
      // abstractClient.checkClientException() (waits for missing response code)
      "Error before sending the request"), Fault.FAULT_CODE_CLIENT);

, .

+1

CXF , . ( ), , CheckFaultInterceptor. , :

public HeadersInterceptor(){
    super(Phase.PRE_LOGICAL);
    getBefore().add(CheckFaultInterceptor.class.getName());
}

, . , .

( , , )

+1

More articles:


All Articles