Apache CXF实战之九 发布使用SSL的Web Service

本文链接：http://blog.csdn.net/kongxx/article/details/7738717

Apache CXF实战之一 Hello World Web Service

Apache CXF实战之二 集成Sping与Web容器

Apache CXF实战之三 传输Java对象

Apache CXF实战之四 构建RESTful Web Service

Apache CXF实战之五 压缩Web Service数据

Apache CXF实战之六 创建安全的Web Service

Apache CXF实战之七 使用Web Service传输文件

Apache CXF实战之八 Map类型绑定

在使用Web Service的时候，在很多情况下会要求我们发布ssl的web service，此时如果web service是作为一个war包部署在tomcat之类的web容器中的时候，我们可以通过修改tomcat的配置来比较容易的部署发布成ssl的web service的，当对于独立运行的程序来书，此时发布web service是需要一些操作的，下面看看在CXF中怎样发布并调用SSL的Web Service。

1. 首先是一个pojo的实体类

[java] view plaincopyprint?

1. package com.googlecode.garbagecan.cxfstudy.ssl;
3. public class User {
4. private String id;
5. private String name;
6. private String password;
7. public String getId() {
8. return id;
9. }
10. public void setId(String id) {
11. this.id = id;
12. }
13. public String getName() {
14. return name;
15. }
16. public void setName(String name) {
17. this.name = name;
18. }
19. public String getPassword() {
20. return password;
21. }
22. public void setPassword(String password) {
23. this.password = password;
24. }
25. }

package com.googlecode.garbagecan.cxfstudy.ssl;public class User {private String id;private String name;private String password;public String getId() {return id;}public void setId(String id) {this.id = id;}public String getName() {return name;}public void setName(String name) {this.name = name;}public String getPassword() {return password;}public void setPassword(String password) {this.password = password;}}

2. 下面是Web Service的接口和实现类，这两个类和前面文章中介绍的没什么区别

[java] view plaincopyprint?

1. package com.googlecode.garbagecan.cxfstudy.ssl;
3. import java.util.List;
5. import javax.jws.WebMethod;
6. import javax.jws.WebResult;
7. import javax.jws.WebService;
9. @WebService
10. public interface UserService {
11. @WebMethod
12. @WebResult List<User> list();
14. }
16. package com.googlecode.garbagecan.cxfstudy.ssl;
18. import java.util.ArrayList;
19. import java.util.List;
21. public class UserServiceImplimplements UserService {
23. public List<User> list() {
24. List<User> users = new ArrayList<User>();
25. for (int i =0; i < 10; i++) {
26. User user = new User();
27. user.setId("" + i);
28. user.setName("user_" + i);
29. user.setPassword("password_" + i);
30. users.add(user);
31. }
32. return users;
33. }
35. }

package com.googlecode.garbagecan.cxfstudy.ssl;import java.util.List;import javax.jws.WebMethod;import javax.jws.WebResult;import javax.jws.WebService;@WebServicepublic interface UserService {@WebMethod@WebResult List<User> list();}package com.googlecode.garbagecan.cxfstudy.ssl;import java.util.ArrayList;import java.util.List;public class UserServiceImpl implements UserService {public List<User> list() {List<User> users = new ArrayList<User>();for (int i = 0; i < 10; i++) {User user = new User();user.setId("" + i);user.setName("user_" + i);user.setPassword("password_" + i);users.add(user);}return users;}}

3. 下面看看Server端代码

[java] view plaincopyprint?

1. package com.googlecode.garbagecan.cxfstudy.ssl;
3. import java.io.File;
4. import java.io.FileInputStream;
5. import java.security.KeyStore;
7. import javax.net.ssl.KeyManager;
8. import javax.net.ssl.KeyManagerFactory;
9. import javax.net.ssl.TrustManager;
10. import javax.net.ssl.TrustManagerFactory;
12. import org.apache.cxf.configuration.jsse.TLSServerParameters;
13. import org.apache.cxf.configuration.security.ClientAuthentication;
14. import org.apache.cxf.configuration.security.FiltersType;
15. import org.apache.cxf.endpoint.Server;
16. import org.apache.cxf.jaxws.JaxWsServerFactoryBean;
17. import org.apache.cxf.transport.http_jetty.JettyHTTPServerEngineFactory;
19. public class MyServer {
21. private staticfinal int port =12345;
23. private staticfinal String address = "https://0.0.0.0:"+port+"/ws/ssl/userService";
25. public staticvoid main(String[] args) throws Exception {
26. System.out.println("Starting Server");
28. configureSSLOnTheServer();
30. JaxWsServerFactoryBean factoryBean = new JaxWsServerFactoryBean();
31. factoryBean.setServiceClass(UserServiceImpl.class);
32. factoryBean.setAddress(address);
34. Server server = factoryBean.create();
35. String endpoint = server.getEndpoint().getEndpointInfo().getAddress();
37. System.out.println("Server started at " + endpoint);
38. }
40. public staticvoid configureSSLOnTheServer() {
41. File file = new File(MyServer.class.getResource("/com/googlecode/garbagecan/cxfstudy/ssl/test.jks").getFile());
43. try {
44. TLSServerParameters tlsParams = new TLSServerParameters();
45. KeyStore keyStore = KeyStore.getInstance("JKS");
46. String password = "mypassword";
47. String storePassword = "mypassword";
49. keyStore.load(new FileInputStream(file), storePassword.toCharArray());
50. KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
51. keyFactory.init(keyStore, password.toCharArray());
52. KeyManager[] keyManagers = keyFactory.getKeyManagers();
53. tlsParams.setKeyManagers(keyManagers);
55. keyStore.load(new FileInputStream(file), storePassword.toCharArray());
56. TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
57. trustFactory.init(keyStore);
58. TrustManager[] trustManagers = trustFactory.getTrustManagers();
59. tlsParams.setTrustManagers(trustManagers);
61. FiltersType filtersTypes = new FiltersType();
62. filtersTypes.getInclude().add(".*_EXPORT_.*");
63. filtersTypes.getInclude().add(".*_EXPORT1024_.*");
64. filtersTypes.getInclude().add(".*_WITH_DES_.*");
65. filtersTypes.getInclude().add(".*_WITH_NULL_.*");
66. filtersTypes.getExclude().add(".*_DH_anon_.*");
67. tlsParams.setCipherSuitesFilter(filtersTypes);
69. ClientAuthentication ca = new ClientAuthentication();
70. ca.setRequired(true);
71. ca.setWant(true);
72. tlsParams.setClientAuthentication(ca);
74. JettyHTTPServerEngineFactory factory = new JettyHTTPServerEngineFactory();
75. factory.setTLSServerParametersForPort(port, tlsParams);
76. } catch (Exception e) {
77. e.printStackTrace();
78. }
79. }
81. }

package com.googlecode.garbagecan.cxfstudy.ssl;import java.io.File;import java.io.FileInputStream;import java.security.KeyStore;import javax.net.ssl.KeyManager;import javax.net.ssl.KeyManagerFactory;import javax.net.ssl.TrustManager;import javax.net.ssl.TrustManagerFactory;import org.apache.cxf.configuration.jsse.TLSServerParameters;import org.apache.cxf.configuration.security.ClientAuthentication;import org.apache.cxf.configuration.security.FiltersType;import org.apache.cxf.endpoint.Server;import org.apache.cxf.jaxws.JaxWsServerFactoryBean;import org.apache.cxf.transport.http_jetty.JettyHTTPServerEngineFactory;public class MyServer {private static final int port = 12345;private static final String address = "https://0.0.0.0:"+port+"/ws/ssl/userService";public static void main(String[] args) throws Exception {System.out.println("Starting Server");configureSSLOnTheServer();JaxWsServerFactoryBean factoryBean = new JaxWsServerFactoryBean();factoryBean.setServiceClass(UserServiceImpl.class);factoryBean.setAddress(address);Server server = factoryBean.create();String endpoint = server.getEndpoint().getEndpointInfo().getAddress();System.out.println("Server started at " + endpoint);}public static void configureSSLOnTheServer() {File file = new File(MyServer.class.getResource("/com/googlecode/garbagecan/cxfstudy/ssl/test.jks").getFile());try {TLSServerParameters tlsParams = new TLSServerParameters();KeyStore keyStore = KeyStore.getInstance("JKS");String password = "mypassword";String storePassword = "mypassword";keyStore.load(new FileInputStream(file), storePassword.toCharArray());KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());keyFactory.init(keyStore, password.toCharArray());KeyManager[] keyManagers = keyFactory.getKeyManagers();tlsParams.setKeyManagers(keyManagers);keyStore.load(new FileInputStream(file), storePassword.toCharArray());TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());trustFactory.init(keyStore);TrustManager[] trustManagers = trustFactory.getTrustManagers();tlsParams.setTrustManagers(trustManagers);FiltersType filtersTypes = new FiltersType();filtersTypes.getInclude().add(".*_EXPORT_.*");filtersTypes.getInclude().add(".*_EXPORT1024_.*");filtersTypes.getInclude().add(".*_WITH_DES_.*");filtersTypes.getInclude().add(".*_WITH_NULL_.*");filtersTypes.getExclude().add(".*_DH_anon_.*");tlsParams.setCipherSuitesFilter(filtersTypes);ClientAuthentication ca = new ClientAuthentication();ca.setRequired(true);ca.setWant(true);tlsParams.setClientAuthentication(ca);JettyHTTPServerEngineFactory factory = new JettyHTTPServerEngineFactory();factory.setTLSServerParametersForPort(port, tlsParams);} catch (Exception e) {e.printStackTrace();}}}

4. 下面看看Client端代码

[java] view plaincopyprint?

1. package com.googlecode.garbagecan.cxfstudy.ssl;
3. import java.io.File;
4. import java.io.FileInputStream;
5. import java.security.KeyStore;
7. import javax.net.ssl.KeyManager;
8. import javax.net.ssl.KeyManagerFactory;
9. import javax.net.ssl.TrustManager;
10. import javax.net.ssl.TrustManagerFactory;
12. import org.apache.cxf.configuration.jsse.TLSClientParameters;
13. import org.apache.cxf.configuration.security.FiltersType;
14. import org.apache.cxf.endpoint.Client;
15. import org.apache.cxf.frontend.ClientProxy;
16. import org.apache.cxf.jaxws.JaxWsProxyFactoryBean;
17. import org.apache.cxf.transport.http.HTTPConduit;
19. public class MyClient {
21. private staticfinal String address = "https://localhost:12345/ws/ssl/userService";
23. public staticvoid main(String[] args) throws Exception {
24. JaxWsProxyFactoryBean factoryBean = new JaxWsProxyFactoryBean();
25. factoryBean.setAddress(address);
26. factoryBean.setServiceClass(UserService.class);
27. Object obj = factoryBean.create();
28. UserService userService = (UserService) obj;
30. configureSSLOnTheClient(userService);
32. System.out.println(userService.list());
33. }
35. private staticvoid configureSSLOnTheClient(Object obj) {
36. File file = new File(MyServer.class.getResource("/com/googlecode/garbagecan/cxfstudy/ssl/test.jks").getFile());
38. Client client = ClientProxy.getClient(obj);
39. HTTPConduit httpConduit = (HTTPConduit) client.getConduit();
41. try {
42. TLSClientParameters tlsParams = new TLSClientParameters();
43. tlsParams.setDisableCNCheck(true);
45. KeyStore keyStore = KeyStore.getInstance("JKS");
46. String password = "mypassword";
47. String storePassword = "mypassword";
49. keyStore.load(new FileInputStream(file), storePassword.toCharArray());
50. TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
51. trustFactory.init(keyStore);
52. TrustManager[] trustManagers = trustFactory.getTrustManagers();
53. tlsParams.setTrustManagers(trustManagers);
55. keyStore.load(new FileInputStream(file), storePassword.toCharArray());
56. KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
57. keyFactory.init(keyStore, password.toCharArray());
58. KeyManager[] keyManagers = keyFactory.getKeyManagers();
59. tlsParams.setKeyManagers(keyManagers);
61. FiltersType filtersTypes = new FiltersType();
62. filtersTypes.getInclude().add(".*_EXPORT_.*");
63. filtersTypes.getInclude().add(".*_EXPORT1024_.*");
64. filtersTypes.getInclude().add(".*_WITH_DES_.*");
65. filtersTypes.getInclude().add(".*_WITH_NULL_.*");
66. filtersTypes.getExclude().add(".*_DH_anon_.*");
67. tlsParams.setCipherSuitesFilter(filtersTypes);
69. httpConduit.setTlsClientParameters(tlsParams);
70. } catch (Exception e) {
71. e.printStackTrace();
72. }
73. }
74. }

package com.googlecode.garbagecan.cxfstudy.ssl;import java.io.File;import java.io.FileInputStream;import java.security.KeyStore;import javax.net.ssl.KeyManager;import javax.net.ssl.KeyManagerFactory;import javax.net.ssl.TrustManager;import javax.net.ssl.TrustManagerFactory;import org.apache.cxf.configuration.jsse.TLSClientParameters;import org.apache.cxf.configuration.security.FiltersType;import org.apache.cxf.endpoint.Client;import org.apache.cxf.frontend.ClientProxy;import org.apache.cxf.jaxws.JaxWsProxyFactoryBean;import org.apache.cxf.transport.http.HTTPConduit;public class MyClient {private static final String address = "https://localhost:12345/ws/ssl/userService";public static void main(String[] args) throws Exception {JaxWsProxyFactoryBean factoryBean = new JaxWsProxyFactoryBean();factoryBean.setAddress(address);factoryBean.setServiceClass(UserService.class);Object obj = factoryBean.create();UserService userService = (UserService) obj;configureSSLOnTheClient(userService);System.out.println(userService.list());}private static void configureSSLOnTheClient(Object obj) {File file = new File(MyServer.class.getResource("/com/googlecode/garbagecan/cxfstudy/ssl/test.jks").getFile());Client client = ClientProxy.getClient(obj);HTTPConduit httpConduit = (HTTPConduit) client.getConduit();try {TLSClientParameters tlsParams = new TLSClientParameters();tlsParams.setDisableCNCheck(true);KeyStore keyStore = KeyStore.getInstance("JKS");String password = "mypassword";String storePassword = "mypassword";keyStore.load(new FileInputStream(file), storePassword.toCharArray());TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());trustFactory.init(keyStore);TrustManager[] trustManagers = trustFactory.getTrustManagers();tlsParams.setTrustManagers(trustManagers);keyStore.load(new FileInputStream(file), storePassword.toCharArray());KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());keyFactory.init(keyStore, password.toCharArray());KeyManager[] keyManagers = keyFactory.getKeyManagers();tlsParams.setKeyManagers(keyManagers);FiltersType filtersTypes = new FiltersType();filtersTypes.getInclude().add(".*_EXPORT_.*");filtersTypes.getInclude().add(".*_EXPORT1024_.*");filtersTypes.getInclude().add(".*_WITH_DES_.*");filtersTypes.getInclude().add(".*_WITH_NULL_.*");filtersTypes.getExclude().add(".*_DH_anon_.*");tlsParams.setCipherSuitesFilter(filtersTypes);httpConduit.setTlsClientParameters(tlsParams);} catch (Exception e) {e.printStackTrace();}}}

5. 我们需要手动生成jks文件，并将其放在maven工程resources的/com/googlecode/garbagecan/cxfstudy/ssl/目录下，下面是手动生成时使用的命令

[plain] view plaincopyprint?

1. keytool -genkey -alias test -keyalg RSA -keypass mypassword -storepass mypassword -dname "CN=, OU=, O=, L=, ST=, C=" -validity 3650 -keystore test.jks

keytool -genkey -alias test -keyalg RSA -keypass mypassword -storepass mypassword -dname "CN=, OU=, O=, L=, ST=, C=" -validity 3650 -keystore test.jks

6. 最后我们可以通过启动MyServer和MyClient来验证我们的测试。