CXF SSL HTTPS
来源:互联网 发布:大数据开发工程师待遇 编辑:程序博客网 时间:2024/05/16 13:42
SSL:tomcat server.xml配置
<!-- SSL --> <Connector port="8443" maxHttpHeaderSize="8192" SSLEnabled="true" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="D:\tomcat6\conf\ssl\server.jks" keystorePass="123456" algorithm="SunX509" /> <!-- SSL END -->
<!-- CXF 服务端 --><jaxws:endpoint id="userWebService" implementor="#userServiceImpl" address="/userservice"><jaxws:inInterceptors><bean class="org.apache.cxf.interceptor.LoggingInInterceptor"></bean><bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor" ><constructor-arg><map><entry key="action" value="UsernameToken Timestamp" /><!-- MD5加密明文密码 --> <entry key="passwordType" value="PasswordDigest" /> <entry key="user" value="admin" /> <entry key="passwordCallbackRef" > <ref bean="serverPasswordCallback" /> </entry> </map></constructor-arg></bean></jaxws:inInterceptors><jaxws:outInterceptors><bean class="org.apache.cxf.interceptor.LoggingOutInterceptor"></bean></jaxws:outInterceptors></jaxws:endpoint><bean id="serverPasswordCallback" class="com.cxf.webservice.callback.ServerPasswordCallback"></bean>
com.cxf.webservice.callback.ServerPasswordCallback:用于密码验证
package com.cxf.webservice.callback;import java.io.IOException;import java.util.HashMap;import java.util.Map;import javax.security.auth.callback.Callback;import javax.security.auth.callback.CallbackHandler;import javax.security.auth.callback.UnsupportedCallbackException;import org.apache.log4j.Logger;import org.apache.ws.security.WSPasswordCallback;public class ServerPasswordCallback implements CallbackHandler {Logger log = Logger.getLogger(ServerPasswordCallback.class);Map<String, String> user = new HashMap<String, String>();{user.put("admin", "1234");user.put("su", "1234");}@Overridepublic void handle(Callback[] callbacks) throws IOException,UnsupportedCallbackException {log.debug("handler passwordcallback method....");WSPasswordCallback wpc = (WSPasswordCallback) callbacks[0];if (!user.containsKey(wpc.getIdentifier())) {throw new SecurityException("No Permission!");}/* * 此处特别注意:: * WSPasswordCallback 的passwordType属性和password 属性都为null, * 你只能获得用户名(identifier), * 一般这里的逻辑是使用这个用户名到数据库中查询其密码, * 然后再设置到password 属性,WSS4J 会自动比较客户端传来的值和你设置的这个值。 * 你可能会问为什么这里CXF 不把客户端提交的密码传入让我们在ServerPasswordCallbackHandler 中比较呢? * 这是因为客户端提交过来的密码在SOAP 消息中已经被加密为MD5 的字符串, * 如果我们要在回调方法中作比较,那么第一步要做的就是把服务端准备好的密码加密为MD5 字符串, * 由于MD5 算法参数不同结果也会有差别,另外,这样的工作CXF 替我们完成不是更简单吗? */wpc.setPassword(user.get(wpc.getIdentifier()));//如果包含用户名,就设置该用户名正确密码,由CXF验证密码String username = wpc.getIdentifier();String password = wpc.getPassword();log.debug("username: "+username + " password: "+password);log.info("User : "+wpc.getIdentifier()+ " login!!!!!");}}
客户端:
<bean id="clientPasswordCallback" class="webservice.cxf.clientPasswordCalback.ClientPasswordCallback"></bean><!-- SSL --><!-- CXF 客户端 --><bean id="userServiceSSL" class="webservice.cxf.client.UserService" factory-bean="clientFactorySSL" factory-method="create" /><bean id="clientFactorySSL" class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean"><property name="address" value="https://127.0.0.1:8443/HSQLDB/webservice/userservice"></property><property name="serviceClass" value="webservice.cxf.client.UserService"></property><property name="outInterceptors"><list><bean class="org.apache.cxf.interceptor.LoggingOutInterceptor" /><bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"><constructor-arg><map><entry key="action" value="UsernameToken Timestamp" /><!-- MD5加密明文密码 --><entry key="passwordType" value="PasswordDigest" /><entry key="user" value="admin" /><entry key="passwordCallbackRef"><ref bean="clientPasswordCallback" /></entry></map></constructor-arg></bean></list></property></bean>
webservice.cxf.clientPasswordCalback.ClientPasswordCallback:设置密码
package webservice.cxf.clientPasswordCalback;import java.io.IOException;import javax.security.auth.callback.Callback;import javax.security.auth.callback.CallbackHandler;import javax.security.auth.callback.UnsupportedCallbackException;import org.apache.ws.security.WSPasswordCallback;public class ClientPasswordCallback implements CallbackHandler {@Overridepublic void handle(Callback[] callbacks) throws IOException,UnsupportedCallbackException {for (Callback callback : callbacks) {//设置用户密码,供服务端验证WSPasswordCallback wsc = (WSPasswordCallback)callback;wsc.setIdentifier("su");wsc.setPassword("1234");}}}
Test:
package cxf.client.test;import java.io.IOException;import java.io.InputStream;import java.security.KeyStore;import java.security.KeyStoreException;import java.security.NoSuchAlgorithmException;import java.security.UnrecoverableKeyException;import java.security.cert.CertificateException;import java.util.List;import javax.net.ssl.KeyManager;import javax.net.ssl.KeyManagerFactory;import javax.net.ssl.TrustManager;import javax.net.ssl.TrustManagerFactory;import org.apache.cxf.configuration.jsse.TLSClientParameters;import org.apache.cxf.endpoint.Client;import org.apache.cxf.frontend.ClientProxy;import org.apache.cxf.transport.http.HTTPConduit;import org.junit.Before;import org.junit.Test;import org.springframework.context.ApplicationContext;import org.springframework.context.support.ClassPathXmlApplicationContext;import webservice.cxf.client.Person;import webservice.cxf.client.UserService;public class Spring_Cxf_Client_Test {ApplicationContext app ;@Beforepublic void initAPP(){app = new ClassPathXmlApplicationContext("cxf-client.xml");}private final static String trustStore = "truststore.jks"; private final static String keyStore = "client.jks"; private final static String trustStorePass = "123456"; private final static String keyStorePass = "123456"; @Testpublic void testSSL() throws IOException{UserService us = (UserService) app.getBean("userServiceSSL");Client proxy = ClientProxy.getClient(us);HTTPConduit conduit = (HTTPConduit) proxy.getConduit(); TLSClientParameters tlsParams = conduit.getTlsClientParameters(); if (tlsParams == null) { tlsParams = new TLSClientParameters(); } tlsParams.setSecureSocketProtocol("SSL"); tlsParams.setKeyManagers(getKeyManagers()); tlsParams.setTrustManagers(getTrustManagers()); conduit.setTlsClientParameters(tlsParams); String response = us.sayhello("SSL");System.out.println(response);List<Person> ps = us.getAllUser();for (Person person : ps) {System.out.println("#####"+person.getId()+"#####"+person.getName()+"#####"+person.getCity()+"#####");}}private static TrustManager[] getTrustManagers() throws IOException {try {String alg = TrustManagerFactory.getDefaultAlgorithm();TrustManagerFactory factory = TrustManagerFactory.getInstance(alg);InputStream fp = Spring_Cxf_Client_Test.class.getResourceAsStream(trustStore);KeyStore ks = KeyStore.getInstance("JKS");ks.load(fp, trustStorePass.toCharArray());fp.close();factory.init(ks);TrustManager[] tms = factory.getTrustManagers();return tms;} catch (NoSuchAlgorithmException e) {e.printStackTrace();} catch (KeyStoreException e) {e.printStackTrace();} catch (CertificateException e) {e.printStackTrace();}return null;}private static KeyManager[] getKeyManagers() throws IOException {try {String alg = KeyManagerFactory.getDefaultAlgorithm();KeyManagerFactory factory = KeyManagerFactory.getInstance(alg);InputStream fp = Spring_Cxf_Client_Test.class.getResourceAsStream(keyStore);KeyStore ks = KeyStore.getInstance("JKS");ks.load(fp, keyStorePass.toCharArray());fp.close();factory.init(ks, keyStorePass.toCharArray());KeyManager[] keyms = factory.getKeyManagers();return keyms;} catch (NoSuchAlgorithmException e) {e.printStackTrace();} catch (KeyStoreException e) {e.printStackTrace();} catch (CertificateException e) {e.printStackTrace();} catch (UnrecoverableKeyException e) {e.printStackTrace();}return null;}}
- CXF SSL HTTPS
- HTTPS SSL
- SSL (https)
- ssl HTTPS
- ssl && https
- https & SSL
- https/ssl
- SSL,HTTPS
- HTTPS,SSL
- HTTPS SSL
- HTTPS(SSL)
- https ssl
- https ssl
- https,ssl
- cxf webservice 调用 https
- HTTPS、SSL、数字证书
- HTTPS,SSL编程
- 关于SSL和https
- STL中的set::iterator为const_iterator
- JS的arguments对象
- Leftmost Digit(数论)
- PHP使用多进程解决办法处理大数据/内存泄漏
- CVSListBox类的扩展使用
- CXF SSL HTTPS
- think in java 读书笔记
- 内存调试的东西D/dalvikvm( 809 ): GC_CONCURRENT freed
- 使用Spread.Net如何将文本自定义为形状
- 花生壳 路由器配置
- 发布使用SSL的Web Service
- 八数码问题
- android: 静态XML和动态加载XML混合使用,以及重写Layout控件
- Tomcat中关于Servlet映射器Mapper的实现