- 浏览: 1524698 次
- 性别:
- 来自: 厦门
文章分类
- 全部博客 (516)
- Java (49)
- Java/Struts 2.0 (25)
- Java/Spring、Spring MVC (11)
- Java/Quartz (3)
- Java/Lucene (6)
- Java/Hibernate (19)
- Java/openJPA (7)
- Java/DWR (7)
- Java/Security、Spring Security/OAuth2 (6)
- Java/Threading (9)
- Java/XML (22)
- java/design pattern (4)
- Android (2)
- JavaScript (46)
- jquery (3)
- DB/MySQL (23)
- DB/Oracle (16)
- PHP (25)
- CSS (20)
- Linux (38)
- C/C++、DLL、Makefile、VC++ (31)
- 正则 (9)
- Eclipse (4)
- 安全、网络等概念 (25)
- 集群 (7)
- 网页 (5)
- 视频\音频 (1)
- HTML (6)
- 计算机数学/算法 (3)
- Virtualbox (1)
- LDAP (2)
- 数据挖掘 (6)
- 工具破解 (1)
- 其他 (13)
- Mail (1)
- 药材 (3)
- 游戏 (2)
- hadoop (13)
- 压力测试 (3)
- 设计模式 (3)
- java/Swing (2)
- 缓存/Memcache (0)
- 缓存/Redis (1)
- OSGI (2)
- OSGI/Gemini (0)
- 文档写作 (0)
- java/Servlet (3)
- MQ/RabbitMQ (2)
- MQ/RocketMQ (0)
- MQ/Kafka (1)
- maven (0)
- SYS/linux (1)
- cache/redis (1)
- DB/Mongodb (2)
- nginx (1)
- postman (1)
- 操作系统/ubuntu (1)
- golang (1)
- dubbo (1)
- 技术管理岗位 (0)
- mybatis-plus (0)
最新评论
-
pgx89112:
大神,请赐我一份这个示例的项目代码吧,万分感谢,1530259 ...
spring的rabbitmq配置 -
string2020:
不使用增强器 怎么弄?
OpenJPA的增强器 -
孟江波:
学习了,楼主,能否提供一份源代码啊,学习一下,十分感谢!!!4 ...
spring的rabbitmq配置 -
eachgray:
...
spring-data-redis配置事务 -
qljoeli:
学习了,楼主,能否提供一份源代码啊,学习一下,十分感谢!!!1 ...
spring的rabbitmq配置
This tutorial demonstrates how to use Web Services Security (WS-Security), defined by the Organization for the Advancement of Structured Information Standards (OASIS)
, with Apache Axis 1.3. Once you configure your Axis toolkit for WS-Security, WS-Security headers are automatically included in your SOAP requests.
The Apache Axis implementation of WS-Security, through the Apache WSS4J Java libraries, allows you to send authentication information in your request instead of relying on a preliminary request/response from ArcWeb Authentication Web Service. See the Apache WSS4J Web site for more information about the Apache implementation of WS-Security.
The first part of this tutorial explains the system requirements and the WSS4J parameters for Username Token security header in your ArcWeb Services requests. The second part of this tutorial provides step-by-step instructions for using these parameters in a request. It assumes you have Apache Axis 1.3 and JDK 1.5 running on Jakarta (Apache) Tomcat. This tutorial also assumes you have an active subscription to ArcWeb Services. See ArcWeb Services authentication for general information on the ArcWeb Services authentication process.
System requirements
You must have the following components on your system before sending requests to ArcWeb Services using WS-Security with Axis.
Apache Axis 1.3 (Final)
JDK 1.5
Jakarta (Apache) Tomcat 5.5.12
Apache WSS4J libraries 1.1.0
Active subscription to ArcWeb Services
WSDoAllSender parameters
WSDoAllSender and WSDoAllReceiver are the main Axis handlers implemented in WSS4J library for creating and interpreting secure SOAP requests. The WSDoAllSender handler is contained on the client side and is used to add a security header to a request. The WSDoAllReciever handler, implemented on the server that will receive this request, validates the authentication information in the incoming request header.
WSDoAllSender handler contains the following parameters.
Parameter
Description
action
Contains the security action. The valid value is "usernameToken" which directs the handler to insert a token into the SOAP request.
user
Contains the user name.
passwordType
Contains the encoding type of the password. The valid value is "PasswordDigest". "PasswordDigest" sends the password in digest mode.
mustUnderstand
Must be set to false. It indicates that the security header inserted in the SOAP request is not a mandatory SOAP header and that it doesn't need to be understood by the Web service server.
password
Contains the Base64-encoded SHA-1 password. Use the WS-Security Password Helper to translate your plain text password into the proper format.
How to use
Verify that Network Time Protocol (NTP) is enabled on your client system. NTP establishes a common clock for all systems connected to the Internet. Since the ArcWeb clock uses NTP, enabling NTP on your system helps prevent unexpected expired token errors.
For more information on how to use NTP to synchronize your system clock, see http://tf.nist.gov/service/pdf/win2000xp.pdf or http://www.akadia.com/services/ntp_synchronize.html.
Download the Apache WSS4J libraries v 1.1.0 from the Apache WSS4J Web site
.
Copy WSS4J.jar to your Axis WEB-INF/lib directory.
You can overwrite the jar file if it already exists.
Download opensaml-1.1.jar from the OpenSAML Web site
and copy to your Axis WEB-INF/lib.
Set up your CLASSPATH variables for the WSS4J implementation as follows.
SET JAVA_HOME=<Path to java base directory>
SET CATALINA_HOME=<Path to Tomcat base directory>
SET AXIS_HOME=<Path to Axis 1.2 base directory>
SET XERCES_HOME=<Path to Xerces base directory>
Set CLASSPATH= %AXIS_HOME%\lib\axis.jar;%AXIS_HOME%\lib\axis-ant.jar; %AXIS_HOME%\lib\axis-schema.jar; %AXIS_HOME%\lib\commons-discovery-0.2.jar;%AXIS_HOME%\lib\commons-logging-1.0.4.jar; %AXIS_HOME%\lib\jaxrpc.jar;%AXIS_HOME%\lib\log4j-1.2.8.jar;%AXIS_HOME%\lib\saaj.jar;%AXIS_HOME%\lib\wsdl4j-1.5.1.jar;%AXIS_HOME%\lib\wss4j.jar;%AXIS_HOME%\lib\xmlsec-1.2.97.jar; %XERCES_HOME%\xml-apis.jar; %XERCES_HOME%\resolver.jar; %XERCES_HOME%\xercesImpl.jar;%CATALINA_HOME%\common\lib\activation.jar;%CATALINA_HOME%\common\lib\mail.jar;%CATALINA_HOME%\common\lib\servlet-api.jar;%JAVA_HOME%\lib\tools.jar;.;%CLASSPATH%;
Restart Apache Tomcat.
You do not need to restart Tomcat if you have automatic deployment/class loading turned on.
Verify that XML Security (xmlsec-1.2.97.jar) is properly configured. Do this by opening the Axis happiness page in a Web browser (typically located at http://localhost:8080/axis) and seeing that XML Security is listed in "Optional Components". If it is not listed, then you should instead see a link to download the xmlsec-1.2.97.jar file. Download the .jar file and save it under %AXIS_HOME%\lib.
You are now ready to send SOAP requests with WS-Security headers. A successful SOAP request requires three steps: adding the deployment descriptor, creating a valid request to a specific ArcWeb service, and troubleshooting any exceptions.
Create a deployment descriptor (client-config.wsdd) to your SOAP request. For example:
<!-- Using the WSDoAllSender security handler in request flow -->
<deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<transport name="http" pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<globalConfiguration>
<requestFlow >
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="UsernameToken"/>
<parameter name="user" value="<ArcWeb user name>"/>
<parameter name="passwordType" value="PasswordDigest"/>
<parameter name="password" value="<WS-Security password>"/>
<parameter name="mustUnderstand" value="false" />
</handler>
</requestFlow >
</globalConfiguration>
</deployment>
See WSDoAllSender parameters for descriptions of the parameters.
Save the deployment descriptor (client-config.wsdd) to any location on your computer (running Tomcat).
Set the following property for the jvm used by Tomcat (5.5.12) and restart Tomcat.
-Daxis.ClientConfigFile=<path of the client-config.wsdd>
Double-click Apache Procrun Service Manager(Tomcat5w.exe) located in the <Tomcat_Home>\bin directory.
Click Java tab > Java Options of Apache Tomcat Properties dialog.
Restart Tomcat.
Create a valid request to an ArcWeb service. See the tutorial Using Axis (Java) with ArcWeb Services for step-by-step instructions for creating requests to ArcWeb Services (skip the step about running WSDL2Java against the Authentication Web Service HTTPS WSDL url).
Now that you have configured Axis for WS-Security, you no longer need to request a token from ArcWeb Authentication Web Service. Instead, your requests to ArcWeb services include the required authentication information via the WS-Security header.
Below is an example of a request. Note that the timestamp information and username are not valid values so you cannot send this request as is.
<?xml version="1.0" encoding="utf-8" ?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soap:Header>
<wsa:Action>findPlace</wsa:Action>
<wsa:MessageID>uuid:99c89fad-9c84-4fde-adc1-b1d1b3e0e35b</wsa:MessageID>
<wsa:ReplyTo>
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:To>http://www.arcwebservices.com/services/v2006/PlaceFinder</wsa:To>
<wsse:Security>
<wsu:Timestamp wsu:Id="Timestamp-ce4fb682-9726-49ce-93cd-6e17156fee07">
<wsu:Created>2005-12-02T21:38:34Z</wsu:Created>
<wsu:Expires>2005-12-02T21:43:34Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-d15f7571-38d5-4411-9160-184d4fbe36d7">
<wsse:Username>
<ArcWeb username>
</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">2dj7Kf8eOLRnlihYS/MeDXlhAzU=</wsse:Password>
<wsse:Nonce>SpOU0e+TITWqgej21qYelQ==</wsse:Nonce>
<wsu:Created>2005-12-02T21:38:34Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
<findPlace xmlns="http://www.arcwebservices.com/v2006">
<placeName>Redlands</placeName>
<placeFinderOptions>
<dataSource xmlns="">ArcWeb:ESRI.Gazetteer.World</dataSource>
<filterCountry xsi:nil="true" xmlns="" />
<filterExtent xsi:nil="true" xmlns="" />
<filterType xsi:nil="true" xmlns="" />
<resultSetRange xsi:nil="true" xmlns="" />
<searchType xsi:nil="true" xmlns="" />
</placeFinderOptions>
<token />
</findPlace>
</soap:Body>
</soap:Envelope>
Troubleshoot any exceptions.
The most common reason for exceptions is improperly set CLASSPATH variables. See Step 5 for the CLASSPATH variable settings related to WSS4J.
See the Apache Wiki site for more troubleshooting information.
发表评论
-
xStream开发HTTP的XML内容
2013-07-03 09:58 10531、编写自定义XPPDriver代码: package ... -
AXIS2 开发示例
2013-06-28 17:10 1042实体类: package com.mport.entity ... -
HttpURLConnection or URLConnection post xml content to web server
2013-05-31 01:56 2058客户端示例1: package client; ... -
Axis2 体系结构
2012-06-19 12:34 1003前言 结构都是它本身所能产生效率的结果。任何一个成功 ... -
Axis 1.4 基于wss4j UsernameToken 的安全验证
2011-12-30 17:24 2462利用以下的wsdl文件生成客户端及服务端代码: < ... -
wss4j和axis2实现WS-Security(2)
2011-12-29 12:13 1082转自:http://hi.baidu.com/zhaopeng ... -
wss4j和axis2实现WS-Security(1)
2011-12-29 11:31 1192转自:http://hi.baidu.com/zhaopeng ... -
[Java] Testing SOAP Headers with a Simple Axis Handler
2011-12-23 11:02 1155转自:http://weblogs.asp.net/jdanf ... -
Axis 1.4 将WSDL文件逆向后String数组只变成String
2011-12-22 08:26 2028这些天在对一个项目扩展功能时使用Axis 1. ... -
实现Axis web service 的数字证书认证(CLIENT-CERT)
2011-12-09 12:28 3726本文参考自:J2EE Web服务开发系列之十二: 实现安全的 ... -
实现Axis web service 的基本方式认证(BASIC)
2011-12-09 10:41 2185本文参考自:J2EE Web服务开发系列之十二: 实现安全的A ... -
生成SOAP消息示例
2011-09-27 11:36 11275调用 web service 时生成soap消息的区别, ... -
Axis 1.4 上传二进制文件(base64Binary)
2011-04-22 16:32 2038服务端代码: package samples.userg ... -
Axis 1.4 WSDL2Java、Java2WSDL的使用
2011-04-21 16:52 3440d:>java -classpath % ... -
在axis1.4中传递复杂类型数组参数(ArrayMapping)
2011-04-21 11:50 3738Axis1.4环境配置: 配置一些工具在命 ... -
axis2 学习(rpc)
2011-04-15 16:03 2146刚开始学习时,可不必考虑某些包的功能。我当前是把所有的包都导进 ... -
xfire 学习
2011-04-14 13:45 822我 -
学习dom4j的jaxb实现(半成品)
2011-03-08 16:47 1276primer.xml <?xml version=&q ... -
使用dom4j修改xml元素
2011-02-21 15:47 12263预先编写一个xml文件book ... -
使用 dom4j编写一个简单输出到文件的例子
2011-02-21 15:03 1093代码编写是参考这篇文档: http://blog.csd ...
相关推荐
本文将深入探讨如何使用CXF框架结合ws-security标准来实现对Java客户端调用Web服务的安全接口。CXF是一个开源的服务框架,它允许开发人员创建和消费各种Web服务,而ws-security(Web Services Security)则是用于...
而Apache WSS4J(Web Services Secure Utilities for Java)则是Apache软件基金会开发的一个实现WS-Security标准的开源库,它为Java开发者提供了处理和验证Web服务消息安全性的工具。 首先,我们来看一下标题提到的...
在Java中,通常使用Apache CXF、Axis2等Web服务框架,它们内置了对WS-Security的支持。 使用"ws-security jar"时,开发者可以配置Web服务客户端和服务器端的策略,设置签名和加密算法,指定认证方式,以及处理证书...
`ws-security`是Java EE环境中一个抽象的概念,它代表了实现WS-Security规范的一系列接口和类。这些接口和类定义了如何在SOAP消息中添加和验证安全令牌,如数字签名、加密内容以及身份验证信息。通过`ws-security`,...
【标题】:"axis2+rampart实现ws-security" 在WS-Security(Web Services Security)标准中,axis2和rampart是两个关键组件,用于在Web服务中实现安全功能。Axis2是Apache的一个开放源码Web服务引擎,它提供了一个...
在实际开发中,WS-Security的实现通常依赖于库,如Apache CXF、Axis2或Spring-WS,它们提供了API来简化WS-Security的集成。开发者可以通过这些库轻松地在SOAP消息中添加和验证安全元素。 为了实现WS-Security,...
标签:apache-ws-axis.jar.zip,apache,ws,axis,jar.zip包下载,依赖包
axis-imageshtml5-3d-mult-axis-imageshtml5-3d-mult-axis-imageshtml5-3d-mult-axis-images
标题中的"axis2.eclipse.codengen.plugin-SNAPSHOT-axis2-eclipse-codegen-plugin.zip"指出这是一个Axis2的Eclipse插件,主要用于代码生成工具。在 Axis2 的开发环境中,此插件扮演着至关重要的角色,它能帮助开发者...
标题中的"axis2-eclipse-codegen-plugin-1.6.2和axis2-eclipse-service-plugin-1.6.2"指的是两个与Apache Axis2相关的Eclipse插件:Axis2代码生成插件和Axis2服务插件,它们是版本1.6.2的。Apache Axis2是一个流行的...
共四个文件,都是最先版的,希望可以帮助大家。axis2-eclipse-service-archiver-wizard和axis2-eclipse-codegen-wizard和axis2-1.6.1-bin和axis2-1.6.1-war
Apache Axis2是著名的开源Web服务框架,用于构建和部署高效且灵活的Web服务。这个框架是基于Axis1的升级版,提供了许多改进和新特性,包括更好的性能、模块化架构和增强的MIME支持。标题提到的“axis2-1.5.1-bin.zip...
Axis支持多种安全模型,包括基本认证、HTTPS、WS-Security等。这些机制可以保护Web服务免受未经授权的访问和攻击。 7. **版本控制和兼容性**:虽然例子中使用的是Axis1.4,但随着技术的发展,后续有Axis2等更新版本...
标题“wsdaix-1.1-axis-1.4-bin”揭示了这是一个关于WS-DAI(Web Services Distributed Access Interface)的软件包,版本为1.1,与Apache Axis 1.4集成。Apache Axis是Java平台上的一个开源SOAP(简单对象访问协议...
【标题】"xalanjava源码-axis-axis2-java-rampart:ApacheAxis2-Java城墙" 这个标题提及了几个关键的IT概念,主要是与Java相关的开源项目和库。首先,"xalanjava源码"指的是Xalan-Java,这是一个开源的Java XML转换...
4. **丰富的支持库**:AXIS提供了对多种协议和标准的支持,如SOAP、HTTP、HTTPS、MTOM(Message Transmission Optimization Mechanism)、WS-Security等。 5. **可扩展性**:AXIS允许开发者通过插件系统添加自定义...
标题中的"axis2-1.6.2-war+axis2-1.6.1-war+axis2-1.6.2-bin"表明这是一个包含不同版本的Apache Axis2服务框架的集合。Axis2是Apache软件基金会开发的一个Web服务引擎,它主要用于创建和部署Web服务以及处理SOAP消息...
支持开发 Axis2 的动力是探寻模块化更强、灵活性更高和更有效的体系结构,这种体系结构可以很容易地插入到其他相关 Web 服务标准和协议(如 WS-Security、WS-ReliableMessaging 等)的实现中。 Apache Axis2 是Axis...
8. **安全性**:Axis2支持WS-Security规范,可以实现服务的安全性,包括加密、签名、消息完整性检查等功能。此外,还可以通过模块扩展实现身份验证、授权等安全机制。 9. **与其他技术的集成**:Axis2可以与各种...