Web Service修炼之四WS-Security

来源：互联网发布：php jquery post json 编辑：程序博客网时间：2024/04/27 15:18

1.服务器实现

将serverStore.jks拷贝到<工程目录>/src/META-INF/xfire的目录下

1、insecurity.properties文件，放在META-INF/xfire/下

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks //密钥库类型
org.apache.ws.security.crypto.merlin.keystore.password=scpass //serverStore.jks的访问密码
org.apache.ws.security.crypto.merlin.file=META-INF/xfire/serverStore.jks//密钥库文件所在位置

2、service.xml文件，放在META-INF/xfire/下

<?xml version="1.0" encoding="UTF-8"?>

<name>SayHelloService</name>

<namespace>http://com.test.wsses/SayHelloService

</namespace>

<serviceClass>com.test.wsses.SayHelloService

</serviceClass>

<implementationClass>com.test.wsses.SayHelloServiceImpl

</implementationClass>

<handler

handlerClass="org.codehaus.xfire.util.dom.DOMInHandler"/>

<bean class="org.codehaus.xfire.security.

wss4j.WSS4JInHandler" xmlns="">

<props>

<prop key="action">Encrypt</prop>

//Encrypt代表报文加密；Signature代表数字签名

//验证数字签名需要访问保存着client数字证书的密钥库，

/ /通过属性文件提供相应的配置信息。

META-INF/xfire/insecurity.properties

</prop>

//解密操作需要访问保存着server私钥的密钥库，

//通过属性文件提供相应的配置信息

META-INF/xfire/insecurity.properties

</prop>

//指定一个密码回调实现类

com.test.wsses.PasswordHandler

</prop>

</props>

</property>

</bean>

</inHandlers>

</service>

</beans>

3、PasswordHandler类

package com.test.wsses;

import java.io.IOException;

import java.util.HashMap;

import java.util.Map;

import javax.security.auth.callback.Callback;

import javax.security.auth.callback.CallbackHandler;

import javax.security.auth.callback.UnsupportedCallbackException;

import org.apache.ws.security.WSPasswordCallback;

public class PasswordHandler implements CallbackHandler {

@SuppressWarnings("unchecked")

private Map passwords = new HashMap();

@SuppressWarnings("unchecked")

public PasswordHandler() {

passwords.put("server", "serverpass");

passwords.put("client", "clientpass");

}

public void handle(Callback[] callbacks) throws IOException,

UnsupportedCallbackException {

System.out.println("Handling Password!");

WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];

String id = pc.getIdentifer();

System.out.println("id:"+id+" ,password:"+(String) passwords.get(id));

pc.setPassword((String) passwords.get(id));

}

2.客户端实现

1、PasswordHandler类

package com.test.wsses;

import java.io.IOException;

import java.util.HashMap;

import java.util.Map;

import javax.security.auth.callback.Callback;

import javax.security.auth.callback.CallbackHandler;

import javax.security.auth.callback.UnsupportedCallbackException;

import org.apache.ws.security.WSPasswordCallback;

public class PasswordHandler implements CallbackHandler {

@SuppressWarnings("unchecked")

private Map passwords = new HashMap();

@SuppressWarnings("unchecked")

public PasswordHandler() {

passwords.put("server", "serverpass");

passwords.put("client", "clientpass");

}

public void handle(Callback[] callbacks) throws IOException,

UnsupportedCallbackException {

System.out.println("Handling Password!");

WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];

String id = pc.getIdentifer();

System.out.println("id:"+id+" ,password:"+(String) passwords.get(id));

pc.setPassword((String) passwords.get(id));

}

2、outsecurity.properties文件，位于<工程目录>/src/下。

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks //密钥库类型
org.apache.ws.security.crypto.merlin.keystore.password=scpass //clientStore.jks的访问密码
org.apache.ws.security.crypto.merlin.file=clientStore.jks //密钥库文件所在位置

将clientStore.jks拷贝到<工程目录>/src目录下。

3、客户端访问类

package com.test.wsses.client;

import java.net.MalformedURLException;

import org.apache.ws.security.WSConstants;

import org.apache.ws.security.handler.WSHandlerConstants;

import org.codehaus.xfire.client.Client;

import org.codehaus.xfire.client.XFireProxyFactory;

import org.codehaus.xfire.security.wss4j.WSS4JOutHandler;

import org.codehaus.xfire.service.Service;

import org.codehaus.xfire.service.binding.ObjectServiceFactory;

import org.codehaus.xfire.transport.http.CommonsHttpMessageSender;

import org.codehaus.xfire.util.dom.DOMOutHandler;

public class SayHelloClient {

public static void main(String args[]){

String serviceURL = "http://localhost:8080/wsses/services/SayHelloService";

//创建service对象

Service serviceModel = new ObjectServiceFactory().create(SayHelloService.class);

XFireProxyFactory serviceFactory = new XFireProxyFactory();

try{

//获取服务对象

SayHelloService service = (SayHelloService) serviceFactory.create(serviceModel, serviceURL);

//忽略http连接的超时时间,0为不设置超时时间，》=1为超时毫秒数

Client client = Client.getInstance(service);

client.setProperty(CommonsHttpMessageSender.HTTP_TIMEOUT, "0");

WSS4JOutHandler wsOut = new WSS4JOutHandler();

String actions =WSHandlerConstants.ENCRYPT; //报文加密；WSHandlerConstants.SIGNATURE代表数字签名

wsOut.setProperty(WSHandlerConstants.ACTION, actions);

wsOut.setProperty(WSHandlerConstants.ENC_PROP_FILE, "outsecurity.properties");//WSHandlerConstants.SIG_PROP_FILE代表数字签名

wsOut.setProperty(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PASSWORD_DIGEST);//密码为加密

wsOut.setProperty(WSHandlerConstants.USER, "client"); //用户名为密钥库中密钥对的别名，密码为私钥的访问密钥(数字签名为client，报文加密为server)

wsOut.setProperty(WSHandlerConstants.ENCRYPTION_USER, "server");//报文加密为server

//wsOut.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS, PasswordHandler.class.getName());

//wsOut.setProperty(WSHandlerConstants.SIG_KEY_ID, "IssuerSerial");

client.addOutHandler(new DOMOutHandler());

client.addOutHandler(wsOut);

//调用服务

String helloMsg = service.sayHello("dabing");

System.out.println(helloMsg);

helloMsg = service.sayHello(null);

System.out.println(helloMsg);

} catch (MalformedURLException e){

e.printStackTrace();

}

运行结果如下：

dabing,早上好,还没有去工作吗 ?

你叫什么名字呢？

0 0