如何让cxf客户端简单支持ssl
来源:互联网 发布:系统网络架构图 编辑:程序博客网 时间:2024/04/28 10:35
首先生成自我签名的证书,关于如何使用keytool生成证书网上文章很多,这里不做介绍。
假如我们生成好了mas3server.jks和mas3Trust.jks
先是服务器端tomcat的配置,这里clientAuth默认为false表示不需要双向验证,即服务器端不需要知道客户端的身份,故这里不用配置truststoreFile和truststorePass:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="conf/mas3server.jks"
keystorePass="ccc123" />
这里是cxf的webservice客户端,用spring管理,对应的只需在xml中配置对应的可信任证书即可,例如
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:http="http://cxf.apache.org/transports/http/configuration"
xsi:schemaLocation="
http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd">
<import resource="classpath:META-INF/cxf/cxf.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
<import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
<bean id="clientFactory" class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean">
<property name="serviceClass" value="com.mas.service.webservice.DataSyncSkeleton" />
<property name="address" value="https://localhost:8443/DataSync/DataSyncServer" />
</bean>
<bean id="dataSyncSkeletonClient" class="com.mas.service.webservice.DataSyncSkeleton" factory-bean="clientFactory" factory-method="create" />
<!--*.http-conduit的*代表对所有创建的client生效,若需要自定义可查cxf官网-->
<http:conduit name="*.http-conduit">
<http:tlsClientParameters disableCNCheck="true">
<sec:trustManagers>
<sec:keyStore type="JKS" password="ccc123" file="/tmp/mas3Trust.jks" />
</sec:trustManagers>
<!--不需要双向认证 -->
<!--
<sec:keyManagers keyPassword="password">
<sec:keyStore type="JKS" password="password"
file="/tmp/ossServer.jks"/>
</sec:keyManagers>
-->
<sec:cipherSuitesFilter>
<!-- these filters ensure that a ciphersuite with export-suitable or null encryption is used, but exclude anonymous Diffie-Hellman key change as this is vulnerable to man-in-the-middle attacks -->
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_NULL_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
</http:tlsClientParameters>
</http:conduit>
</beans>
若不是通过spring配置而直接在代码中设置,也比较简单:
//.....获得dataSyncSkeletonClient
org.apache.cxf.endpoint.Client client = ClientProxy.getClient(dataSyncSkeletonClient);
HTTPConduit conduit = (HTTPConduit) client.getConduit();
TLSClientParameters tlscp = conduit.getTlsClientParameters();
if (tlscp == null)
tlscp = new TLSClientParameters();
tlscp.setSecureSocketProtocol("SSL");
try {
TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
InputStream fp = ClassLoader.class.getResourceAsStream("mas3Trust.jks");
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(fp, "ccc123".toCharArray());
fp.close();
factory.init(ks);
tlscp.setTrustManagers(factory.getTrustManagers());
} catch (Exception e) {
e.printStackTrace();
}
conduit.setTlsClientParameters(tlscp);
//....对dataSyncSkeletonClient的调用底层网络传输均是通过ssl加密
- 如何让cxf客户端简单支持ssl
- 如何让apache 支持ssl
- 如何让你的网站支持SSL
- cxf开发实践(添加SSL支持)
- cxf开发实践(添加SSL支持) .
- 让tomcat支持https/ssl
- libcurl如何支持ssl
- 配置apache cxf 客户端支持https
- 让Apache CXF支持WS-Security规范
- 简单的ssl发包客户端
- 基于SSL验证的Apache CXF客户端设计总结
- curl 如何支持 SSL,https
- Nginx下让SSL支持SPDY协议
- Nginx下让SSL支持SPDY协议
- 搭建SSL,让Apache支持Https
- jetty对cxf的支持,简单的cxf实例
- 如何让服务端同时支持WebSocket和SSL加密的WebSocket(即同时支持ws和wss)?
- 使用CXF编写简单客户端与服务端
- VC++信息安全编程(5)实现进程监视清除多余进程
- 约瑟夫问题
- rhel下安装gcc
- android图像处理系列之二--图片旋转、缩放、反转
- oracle sysdate,systimestamp,current_date,current_timestamp
- 如何让cxf客户端简单支持ssl
- VC++信息安全编程(6)实现杀毒程序,杀灭D3病毒范例
- jQuery(1)
- 给想当程序员的大二学生的建议
- 图的深度、广度优先搜索(邻接矩阵)
- Webkit Timer study notes
- VM保护简单原理
- 一些计算机编程的经典书籍总结
- VC++信息安全编程(8)实现扫描内存,实现内存读写
