浏览 8474 次
|
锁定老帖子 主题:CXF密码验证_服务端和客户端配置
精华帖 (0) :: 良好帖 (0) :: 新手帖 (0) :: 隐藏帖 (0)
|
|
|---|---|
| 作者 | 正文 |
|
发表时间:2010-05-27
最后修改:2010-05-27
CXF密码认证是在我前面的一篇文章WebService CXF+struts+spring 示例 的基础上写的.如果你感觉看不懂这篇.那就先看看前面的那篇文章吧! 1:spring服务端的配置
<bean id="Customer" class="org.web.HelloServiceImpl"></bean>
<jaxws:endpoint id="custom" implementor="#Customer" address="/web" >
<jaxws:inInterceptors>
<bean class="org.apache.cxf.interceptor.LoggingInInterceptor" />
<bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
<map>
<entry key="action" value="UsernameToken" />
<entry key="passwordType"
value="PasswordText" />
<entry key="user" value="cxfServer" />
<entry key="passwordCallbackRef">
<ref bean="serverPasswordCallback" />
</entry>
</map>
</constructor-arg>
</bean>
</jaxws:inInterceptors>
</jaxws:endpoint>
<bean id="serverPasswordCallback" class="org.web.ServerPasswordCallback" />
action:UsernameToken 是使用用户令牌 passwordType:PasswordText 是指密码加密策略.这里是直接密码文本. user:cxfServer 是指别名 passwordCallbackRef:serverPasswordCallback 是这密码验证..类..就是下面配置的.. 2: 类:serverPasswordCallback
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.ws.security.WSPasswordCallback;
public class ServerPasswordCallback implements CallbackHandler {
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
WSPasswordCallback pc=(WSPasswordCallback) callbacks[0];
String pw=pc.getPassword();
String idf=pc.getIdentifier();
System.out.println("密码是:"+pw);
System.out.println("类型是:"+idf);
if(pw.equals("wdwsb")&&idf.equals("admin")){
System.out.println("成功");
}
else{
throw new SecurityException("验证失败");
}
}
这个不用多说..就是密码验证..很简单!! 3:spring客户端的配置:
<bean id="webTest" class="org.web.HelloService" factory-bean="client" factory-method="create"/> <bean id="client" class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean" > <property name="address" value="http://127.0.0.1:88/Hello/web/web"></property> <property name="serviceClass" value="org.web.HelloService"></property> <property name="outInterceptors"> <list> <bean class="org.apache.cxf.interceptor.LoggingOutInterceptor" /> <bean class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" /> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"> <constructor-arg> <map> <entry key="action" value="UsernameToken" /> <entry key="passwordType" value="PasswordText" /> <entry key="user" value="cxfClient" /> <entry key="passwordCallbackRef"> <ref bean="clientPasswordCallback" /> </entry> </map> </constructor-arg> </bean> </list> </property> </bean> <bean id="clientPasswordCallback" class="org.web.clientPasswordCallback"></bean> 跟server的配置差不多..没多少要讲的.呵呵... 4: 类clientPasswordCallback的配置
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.ws.security.WSPasswordCallback;
public class clientPasswordCallback implements CallbackHandler {
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for(int i=0;i<callbacks.length;i++){
WSPasswordCallback ps=(WSPasswordCallback) callbacks[i];
ps.setPassword("wdwsb");
ps.setIdentifier("admin");
}
}
到此为止..密码认证用户令牌就完成了... 测试!
通过!
当然我前面写的一篇文章是最基本的.缺少了一些jar包.会报错的. 所以要加上以下jar包..
声明:ITeye文章版权属于作者,受法律保护。没有作者书面许可不得转载。
推荐链接
|
| 返回顶楼 | |
|
发表时间:2010-08-04
例子中 id, password是写死的,
ps.setPassword("wdwsb");
ps.setIdentifier("admin");
如果 我希望是填入当前登陆用户的用户名,密码,怎么办呢? |
| 返回顶楼 | |
|
发表时间:2011-04-29
serverPasswordCallback这里有问题:
org.apache.ws.security.validate中
WSPasswordCallback pwCb = new WSPasswordCallback(user, null, pwType, 2, data);
try
{
data.getCallbackHandler().handle(new Callback[] { pwCb });
}
也就是说,在这里要设置password,然后
if (passwordsAreEncoded)
passDigest = UsernameToken.doPasswordDigest(nonce, createdTime, Base64.decode(origPassword));
else {
passDigest = UsernameToken.doPasswordDigest(nonce, createdTime, origPassword);
}
if (!(passDigest.equals(password))) {
throw new WSSecurityException(5);
}
在这里比两个密码是否一致,之后的操作由框架完成所以 serverPasswordCallback要做的是setPassword,而不是在这里比较. apache-cxf-2.4.0 
|
| 返回顶楼 | |
|
发表时间:2011-04-29
PasswordDigest类型的时候是设置password,PasswordText类型时是直接验证的
zhouxianglh 写道 serverPasswordCallback这里有问题:
org.apache.ws.security.validate中
WSPasswordCallback pwCb = new WSPasswordCallback(user, null, pwType, 2, data);
try
{
data.getCallbackHandler().handle(new Callback[] { pwCb });
}
也就是说,在这里要设置password,然后
if (passwordsAreEncoded)
passDigest = UsernameToken.doPasswordDigest(nonce, createdTime, Base64.decode(origPassword));
else {
passDigest = UsernameToken.doPasswordDigest(nonce, createdTime, origPassword);
}
if (!(passDigest.equals(password))) {
throw new WSSecurityException(5);
}
在这里比两个密码是否一致,之后的操作由框架完成所以 serverPasswordCallback要做的是setPassword,而不是在这里比较. apache-cxf-2.4.0 |
| 返回顶楼 | |
|
发表时间:2011-05-04
为什么我的pc.getPassword()得到的值为null
|
| 返回顶楼 | |
