Spring HttpInvoker 服务端安全验证的和客户端请求配置

1、服务端

服务Java接口

package service;

public interface TestService {
    int add(int i,int j);
}

服务的Java实现

package service.impl;
import org.springframework.stereotype.Service;
import service.TestService;
@Service("testService")
public class TestServiceImpl implements TestService {
    @Override
    public int add(int i, int j) {
        System.out.println("Add method Invoked! " + i + "+" + j + "=?");
        return i+j;
    }
}

Tomcat的tomcat-users.xml

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
  <role rolename="remoting"/>
  <user username="rpc" password="123456" roles="remoting"/>
</tomcat-users>

WEB-INF/web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.4"
    xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
    <display-name>Spring2.5Study_Remote</display-name>
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath:applicationContext.xml,classpath:org/codehaus/xfire/spring/xfire.xml</param-value>
    </context-param>
    
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
    <servlet>
        <servlet-name>remoting</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>remoting</servlet-name>
        <url-pattern>*.rpc</url-pattern>
    </servlet-mapping> 
    
    <security-constraint>
        <web-resource-collection>
			<web-resource-name>Remoting Protect</web-resource-name>
			<url-pattern>/remoting/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
			<role-name>remoting</role-name>
        </auth-constraint>
    </security-constraint>
	
    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>Tomcat Supported Realm</realm-name>
    </login-config>
	
    <security-role>
        <description>
        An role defined in "conf/tomcat-users.xml"
        </description>
        <role-name>remoting</role-name>
    </security-role>
    
    <welcome-file-list>
        <welcome-file>index.html</welcome-file>
        <welcome-file>index.htm</welcome-file>
        <welcome-file>index.jsp</welcome-file>
    </welcome-file-list>
    
</web-app>

WEB-INF/remoting-servlet.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
           http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
           http://www.springframework.org/schema/context
           http://www.springframework.org/schema/context/spring-context-2.5.xsd">
		   
   <bean class="org.springframework.web.servlet.handler.BeanNameUrlHandlerMapping">
        <property name="interceptors" ref="authorizationInterceptor"/>
    </bean>

    <bean id="authorizationInterceptor" class="org.springframework.web.servlet.handler.UserRoleAuthorizationInterceptor">
        <property name="authorizedRoles" value="remoting"/>
    </bean>

    <!-- rpc service define -->
    <bean name="/remoting/testService.rpc"  class="org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter">
        <property name="service" ref="testService" />
        <property name="serviceInterface" value="service.TestService" />
    </bean>
</beans>

2、客户端请求

URI uri = new URI(serviceUrl);
        
        CommonsHttpInvokerRequestExecutor executor = new CommonsHttpInvokerRequestExecutor();
        HttpClient client = executor.getHttpClient();
        HttpClientParams params = client.getParams();
        params.setConnectionManagerTimeout(300000); //??
        params.setSoTimeout(300000); //??
        params.setAuthenticationPreemptive(true);       //抢先认证
        client.getState().setCredentials(new AuthScope(uri.getHost(),uri.getPort()),new UsernamePasswordCredentials(username,password));
        
        HttpInvokerProxyFactoryBean factoryBean = new HttpInvokerProxyFactoryBean();
        factoryBean.setServiceInterface(serviceInterface);
        factoryBean.setServiceUrl(serviceUrl);
        factoryBean.setHttpInvokerRequestExecutor(executor);
        factoryBean.afterPropertiesSet();
        
        return factoryBean.getObject();