Web Service修炼之五WS-Security

1.服务器实现

将serverStore.jks拷贝到<工程目录>/src/META-INF/xfire的目录下

1、insecurity.properties文件，放在META-INF/xfire/下

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks//密钥库类型
org.apache.ws.security.crypto.merlin.keystore.password=scpass//serverStore.jks的访问密码
org.apache.ws.security.crypto.merlin.file=META-INF/xfire/serverStore.jks//密钥库文件所在位置

2、service.xml文件，放在META-INF/xfire/下

<?xmlversion="1.0"encoding="UTF-8"?>

<!-- START SNIPPET: services -->

<beansxmlns="http://xfire.codehaus.org/config/1.0">

<service>

<name>SayHelloService</name>

<namespace>http://com.test.wsses/SayHelloService

</namespace>

<serviceClass>com.test.wsses.SayHelloService

</serviceClass>

<implementationClass>com.test.wsses.SayHelloServiceImpl

</implementationClass>

<inHandlers>

<handler

handlerClass="org.codehaus.xfire.util.dom.DOMInHandler"/>

<beanclass="org.codehaus.xfire.security.

wss4j.WSS4JInHandler"xmlns="">

<propertyname="properties">

<props>

<propkey="action">Encrypt Signature</prop>

<!--组合动作用空格分隔(报文加密和数字签名);在XFire中，动作的执行顺序和动作的编写顺序一致，如“Encrypt Signature”表示先解密再验证数字签名（对于InHandler）-->

<!--验证签名须使用client数字证书，属性文件需要提供访问密钥库client数字证书的配置-->

<propkey="signaturePropFile">

META-INF/xfire/insecurity.properties

</prop>

<!--解密须使用server的私钥，属性文件必须提供访问密钥库中私钥的相关配置-->

<propkey="decryptionPropFile">

META-INF/xfire/insecurity.properties

</prop>

//指定一个密码回调实现类

<propkey="passwordCallbackClass">

com.test.wsses.PasswordHandler

</prop>

</props>

</property>

</bean>

</inHandlers>

</service>

</beans>

<!-- END SNIPPET: services -->

3、PasswordHandler类

package com.test.wsses;

import java.io.IOException;

import java.util.HashMap;

import java.util.Map;

import javax.security.auth.callback.Callback;

import javax.security.auth.callback.CallbackHandler;

import javax.security.auth.callback.UnsupportedCallbackException;

import org.apache.ws.security.WSPasswordCallback;

publicclass PasswordHandlerimplements CallbackHandler {

@SuppressWarnings("unchecked")

private Map passwords =new HashMap();

@SuppressWarnings("unchecked")

public PasswordHandler() {

passwords.put("server","serverpass");

passwords.put("client","clientpass");

}

publicvoid handle(Callback[] callbacks)throws IOException,

UnsupportedCallbackException {

System.out.println("Handling Password!");

WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];

String id = pc.getIdentifer();

System.out.println("id:"+id+" ,password:"+(String)passwords.get(id));

pc.setPassword((String)passwords.get(id));

}

}

2.客户端实现

1、PasswordHandler类

packagecom.test.wsses;

importjava.io.IOException;

importjava.util.HashMap;

import java.util.Map;

import javax.security.auth.callback.Callback;

importjavax.security.auth.callback.CallbackHandler;

importjavax.security.auth.callback.UnsupportedCallbackException;

importorg.apache.ws.security.WSPasswordCallback;

publicclass PasswordHandlerimplements CallbackHandler {

@SuppressWarnings("unchecked")

private Map passwords =new HashMap();

@SuppressWarnings("unchecked")

public PasswordHandler() {

passwords.put("server","serverpass");

passwords.put("client","clientpass");

}

publicvoid handle(Callback[] callbacks)throws IOException,

UnsupportedCallbackException {

System.out.println("Handling Password!");

WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];

String id = pc.getIdentifer();

System.out.println("id:"+id+" ,password:"+(String)passwords.get(id));

pc.setPassword((String)passwords.get(id));

}

}

2、outsecurity.properties文件，位于<工程目录>/src/下。

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks//密钥库类型
org.apache.ws.security.crypto.merlin.keystore.password=scpass//clientStore.jks的访问密码
org.apache.ws.security.crypto.merlin.file=clientStore.jks//密钥库文件所在位置

将clientStore.jks拷贝到<工程目录>/src目录下。

3、客户端访问类

package com.test.wsses.client;

import java.net.MalformedURLException;

import org.apache.ws.security.WSConstants;

importorg.apache.ws.security.handler.WSHandlerConstants;

import org.codehaus.xfire.client.Client;

import org.codehaus.xfire.client.XFireProxyFactory;

import org.codehaus.xfire.security.wss4j.WSS4JOutHandler;

import org.codehaus.xfire.service.Service;

import org.codehaus.xfire.service.binding.ObjectServiceFactory;

import org.codehaus.xfire.transport.http.CommonsHttpMessageSender;

import org.codehaus.xfire.util.dom.DOMOutHandler;

import com.test.wsses.PasswordHandler;

publicclass SayHelloClient {

publicstaticvoid main(String args[]){

String serviceURL ="http://localhost:8080/wsses/services/SayHelloService";

//创建service对象

Service serviceModel =new ObjectServiceFactory().create(SayHelloService.class);

XFireProxyFactory serviceFactory =new XFireProxyFactory();

try{

//获取服务对象

SayHelloService service = (SayHelloService) serviceFactory.create(serviceModel, serviceURL);

//忽略http连接的超时时间,0为不设置超时时间，》=1为超时毫秒数

Client client = Client.getInstance(service);

client.setProperty(CommonsHttpMessageSender.HTTP_TIMEOUT,"0");

//WS-Security

WSS4JOutHandler wsOut =new WSS4JOutHandler();

String actions =WSHandlerConstants.ENCRYPT + " " +WSHandlerConstants.SIGNATURE;//组合动作用空格分隔

wsOut.setProperty(WSHandlerConstants.ACTION, actions);

//加密属性设置:使用server数字证书进行加密

wsOut.setProperty(WSHandlerConstants.ENCRYPTION_USER,"server");

wsOut.setProperty(WSHandlerConstants.ENC_PROP_FILE,"outsecurity.properties");

//签名属性设置：使用client私钥进行签名

wsOut.setProperty(WSHandlerConstants.USER,"client");

wsOut.setProperty(WSHandlerConstants.SIG_PROP_FILE,"outsecurity.properties");

wsOut.setProperty(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PASSWORD_DIGEST);

wsOut.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS, PasswordHandler.class.getName());

wsOut.setProperty(WSHandlerConstants.SIG_KEY_ID,"IssuerSerial");

client.addOutHandler(new DOMOutHandler());

client.addOutHandler(wsOut);

//调用服务

String helloMsg = service.sayHello("dabing");

System.out.println(helloMsg);

helloMsg = service.sayHello(null);

System.out.println(helloMsg);

}catch (MalformedURLException e){

e.printStackTrace();

}

}

}

运行结果如下：

Handling Password!

id:client ,password:clientpass

dabing,早上好,还没有去工作吗 ?

Handling Password!

id:client ,password:clientpass

你叫什么名字呢？