浏览 7269 次
精华帖 (0) :: 良好帖 (2) :: 新手帖 (0) :: 隐藏帖 (0)
|
|
---|---|
作者 | 正文 |
发表时间:2010-01-10
最后修改:2010-01-11
这个Demo是在CXF+Spring+Hibernate的基础修改而成。在这里我只针对修改的东西进行讲解。 <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd"> <import resource="classpath:META-INF/cxf/cxf.xml" /> <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" /> <import resource="classpath:META-INF/cxf/cxf-servlet.xml" /> <jaxws:endpoint id="service" implementor="com.itdcl.service.ServiceImpl" address="/Service"> <jaxws:inInterceptors> <bean class="org.apache.cxf.interceptor.LoggingInInterceptor" /> <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" /> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> <constructor-arg> <map> <entry key="action" value="UsernameToken" /> <entry key="passwordType" value="PasswordText" /> <entry key="user" value="cxfServer" /> <entry key="passwordCallbackRef"> <ref bean="serverPasswordCallback" /> </entry> </map> </constructor-arg> </bean> </jaxws:inInterceptors> </jaxws:endpoint> <bean id="serverPasswordCallback" class="com.itdcl.ws.ServerPasswordCallback" /> </beans> action:UsernameToken指使用用户令牌 passwordType:PasswordText指密码加密策略,这里直接文本 user:cxfServer指别名 passwordCallBackRef:serverPasswordCallback指消息验证 消息验证类: package com.itdcl.ws; import java.io.IOException; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.UnsupportedCallbackException; import org.apache.ws.security.WSPasswordCallback; public class ServerPasswordCallback implements CallbackHandler { public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { WSPasswordCallback pc = (WSPasswordCallback) callbacks[0]; String pw = pc.getPassword(); String idf = pc.getIdentifier(); System.out.println("password:"+pw); System.out.println("identifier:"+idf); if (pw.equals("josen") && idf.equals("admin")) { // 验证通过 } else { throw new SecurityException("验证失败"); } } } 消息验证类通过实现CallbackHandler接口,实现handle方法来进行用户认证。 那么,客户端又怎样来验证消息是否确呢。 <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd"> <jaxws:client id="service" address="http://localhost:9999/cxf/Service" serviceClass="com.itdcl.service.IService"> <jaxws:outInterceptors> <bean class="org.apache.cxf.interceptor.LoggingOutInterceptor" /> <bean class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" /> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"> <constructor-arg> <map> <entry key="action" value="UsernameToken" /> <entry key="passwordType" value="PasswordText" /> <entry key="user" value="cxfClient" /> <entry key="passwordCallbackRef"> <ref bean="clientPasswordCallback" /> </entry> </map> </constructor-arg> </bean> </jaxws:outInterceptors> </jaxws:client> <bean id="clientPasswordCallback" class="com.itdcl.ws.ClientPasswordCallback" /> </beans> 客户端在发送SOAP时对消息对认证,策略跟服务端一样。但是认证类有所区别: package com.itdcl.ws; import java.io.IOException; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.UnsupportedCallbackException; import org.apache.ws.security.WSPasswordCallback; public class ClientPasswordCallback implements CallbackHandler { public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for(int i=0;i<callbacks.length;i++) { WSPasswordCallback pc = (WSPasswordCallback)callbacks[i]; pc.setPassword("josen"); pc.setIdentifier("admin"); } } } 客户端在发送消息,设置好用户名和密码。服务端用相应的用户名和密码进行验证。 令牌验证就如此简单。 声明:ITeye文章版权属于作者,受法律保护。没有作者书面许可不得转载。
推荐链接
|
|
返回顶楼 | |
发表时间:2010-11-24
若验证失败,怎么给客户端返回调用失败的信息
|
|
返回顶楼 | |
发表时间:2010-11-25
你捕捉异常信息
|
|
返回顶楼 | |
发表时间:2010-12-02
在服务器端使用了CXF的WS-Security,客户端用axis的话如何处理?如何发送给服务器端验证?
|
|
返回顶楼 | |