Web Service修炼之五WS-Security
来源:互联网 发布:炫动相机软件 编辑:程序博客网 时间:2024/04/30 05:43
1.服务器实现
将serverStore.jks拷贝到<工程目录>/src/META-INF/xfire的目录下
1、insecurity.properties文件,放在META-INF/xfire/下
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks//密钥库类型
org.apache.ws.security.crypto.merlin.keystore.password=scpass//serverStore.jks的访问密码
org.apache.ws.security.crypto.merlin.file=META-INF/xfire/serverStore.jks//密钥库文件所在位置
2、service.xml文件,放在META-INF/xfire/下
<?xmlversion="1.0"encoding="UTF-8"?>
<!-- START SNIPPET: services -->
<beansxmlns="http://xfire.codehaus.org/config/1.0">
<service>
<name>SayHelloService</name>
<namespace>http://com.test.wsses/SayHelloService
</namespace>
<serviceClass>com.test.wsses.SayHelloService
</serviceClass>
<implementationClass>com.test.wsses.SayHelloServiceImpl
</implementationClass>
<inHandlers>
<handler
handlerClass="org.codehaus.xfire.util.dom.DOMInHandler"/>
<beanclass="org.codehaus.xfire.security.
wss4j.WSS4JInHandler"xmlns="">
<propertyname="properties">
<props>
<propkey="action">Encrypt Signature</prop>
<!--组合动作用空格分隔(报文加密和数字签名);在XFire中,动作的执行顺序和动作的编写顺序一致,如“Encrypt Signature”表示先解密再验证数字签名(对于InHandler)-->
<!--验证签名须使用client数字证书,属性文件需要提供访问密钥库client数字证书的配置-->
<propkey="signaturePropFile">
META-INF/xfire/insecurity.properties
</prop>
<!--解密须使用server的私钥,属性文件必须提供访问密钥库中私钥的相关配置-->
<propkey="decryptionPropFile">
META-INF/xfire/insecurity.properties
</prop>
//指定一个密码回调实现类
<propkey="passwordCallbackClass">
com.test.wsses.PasswordHandler
</prop>
</props>
</property>
</bean>
</inHandlers>
</service>
</beans>
<!-- END SNIPPET: services -->
3、PasswordHandler类
package com.test.wsses;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.ws.security.WSPasswordCallback;
publicclass PasswordHandlerimplements CallbackHandler {
@SuppressWarnings("unchecked")
private Map passwords =new HashMap();
@SuppressWarnings("unchecked")
public PasswordHandler() {
passwords.put("server","serverpass");
passwords.put("client","clientpass");
}
publicvoid handle(Callback[] callbacks)throws IOException,
UnsupportedCallbackException {
System.out.println("Handling Password!");
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
String id = pc.getIdentifer();
System.out.println("id:"+id+" ,password:"+(String)passwords.get(id));
pc.setPassword((String)passwords.get(id));
}
}
2.客户端实现
1、PasswordHandler类
packagecom.test.wsses;
importjava.io.IOException;
importjava.util.HashMap;
import java.util.Map;
import javax.security.auth.callback.Callback;
importjavax.security.auth.callback.CallbackHandler;
importjavax.security.auth.callback.UnsupportedCallbackException;
importorg.apache.ws.security.WSPasswordCallback;
publicclass PasswordHandlerimplements CallbackHandler {
@SuppressWarnings("unchecked")
private Map passwords =new HashMap();
@SuppressWarnings("unchecked")
public PasswordHandler() {
passwords.put("server","serverpass");
passwords.put("client","clientpass");
}
publicvoid handle(Callback[] callbacks)throws IOException,
UnsupportedCallbackException {
System.out.println("Handling Password!");
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
String id = pc.getIdentifer();
System.out.println("id:"+id+" ,password:"+(String)passwords.get(id));
pc.setPassword((String)passwords.get(id));
}
}
2、outsecurity.properties文件,位于<工程目录>/src/下。
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks//密钥库类型
org.apache.ws.security.crypto.merlin.keystore.password=scpass//clientStore.jks的访问密码
org.apache.ws.security.crypto.merlin.file=clientStore.jks//密钥库文件所在位置
将clientStore.jks拷贝到<工程目录>/src目录下。
3、客户端访问类
package com.test.wsses.client;
import java.net.MalformedURLException;
import org.apache.ws.security.WSConstants;
importorg.apache.ws.security.handler.WSHandlerConstants;
import org.codehaus.xfire.client.Client;
import org.codehaus.xfire.client.XFireProxyFactory;
import org.codehaus.xfire.security.wss4j.WSS4JOutHandler;
import org.codehaus.xfire.service.Service;
import org.codehaus.xfire.service.binding.ObjectServiceFactory;
import org.codehaus.xfire.transport.http.CommonsHttpMessageSender;
import org.codehaus.xfire.util.dom.DOMOutHandler;
import com.test.wsses.PasswordHandler;
publicclass SayHelloClient {
publicstaticvoid main(String args[]){
String serviceURL ="http://localhost:8080/wsses/services/SayHelloService";
//创建service对象
Service serviceModel =new ObjectServiceFactory().create(SayHelloService.class);
XFireProxyFactory serviceFactory =new XFireProxyFactory();
try{
//获取服务对象
SayHelloService service = (SayHelloService) serviceFactory.create(serviceModel, serviceURL);
//忽略http连接的超时时间,0为不设置超时时间,》=1为超时毫秒数
Client client = Client.getInstance(service);
client.setProperty(CommonsHttpMessageSender.HTTP_TIMEOUT,"0");
//WS-Security
WSS4JOutHandler wsOut =new WSS4JOutHandler();
String actions =WSHandlerConstants.ENCRYPT + " " +WSHandlerConstants.SIGNATURE;//组合动作用空格分隔
wsOut.setProperty(WSHandlerConstants.ACTION, actions);
//加密属性设置:使用server数字证书进行加密
wsOut.setProperty(WSHandlerConstants.ENCRYPTION_USER,"server");
wsOut.setProperty(WSHandlerConstants.ENC_PROP_FILE,"outsecurity.properties");
//签名属性设置:使用client私钥进行签名
wsOut.setProperty(WSHandlerConstants.USER,"client");
wsOut.setProperty(WSHandlerConstants.SIG_PROP_FILE,"outsecurity.properties");
wsOut.setProperty(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PASSWORD_DIGEST);
wsOut.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS, PasswordHandler.class.getName());
wsOut.setProperty(WSHandlerConstants.SIG_KEY_ID,"IssuerSerial");
client.addOutHandler(new DOMOutHandler());
client.addOutHandler(wsOut);
//调用服务
String helloMsg = service.sayHello("dabing");
System.out.println(helloMsg);
helloMsg = service.sayHello(null);
System.out.println(helloMsg);
}catch (MalformedURLException e){
e.printStackTrace();
}
}
}
运行结果如下:
Handling Password!
id:client ,password:clientpass
dabing,早上好,还没有去工作吗 ?
Handling Password!
id:client ,password:clientpass
你叫什么名字呢?
- Web Service修炼之五WS-Security
- Web Service修炼之三WS-Security
- Web Service修炼之四WS-Security
- SSL &WS-Security--Web Service安全保障
- SSL &WS-Security--Web Service安全保障
- SSL WS-Security--Web Service安全保障
- SSL + WS-Security = Web Service安全保障
- 转:SSL &WS-Security--Web Service安全保障
- Web Service 、WS-Security、Java和.net的互通
- SSL + WS-Security = Web Service安全保障
- SSL + WS-Security = Web Service安全保障
- SSL + WS-Security = Web Service安全保障
- SSL + WS-Security = Web Service安全保障
- Web services security (WS-Security)
- 使用策略集构建符合 WS-security 安全规范的 JAX-WS Web Service 客户端
- Web Service修炼之二Xfire+Spring
- JAX-WS Web Service
- Web Service系列之实例之JAX-WS
- 数据库锁
- IO学习
- 模态框
- Glyph Metrics
- 汉诺塔中的运行流程图
- Web Service修炼之五WS-Security
- 在google地图上显示路线
- Caused by: java.lang.IllegalStateException: Per-clause not recognized
- Poj 2752 Seek the Name, Seek the Fame
- Java编程思想重点笔记(Java开发必看)
- 第15章:计时器(Chronometer)
- 递归摘录
- HDOJ 2084 数塔(动规)(水)
- 1657: 求日龄