`
conkeyn
  • 浏览: 1529006 次
  • 性别: Icon_minigender_1
  • 来自: 厦门
社区版块
存档分类
最新评论

Using WS-Security with Axis (Java) v2006

 
阅读更多

转自:http://www.arcwebservices.com/v2006/help/index_Left.htm#StartTopic=soap/samples/wssecurity_axis.htm#|SkinName=ArcWeb

 

This tutorial demonstrates how to use Web Services Security (WS-Security), defined by the Organization for the Advancement of Structured Information Standards (OASIS) , with Apache Axis 1.3. Once you configure your Axis toolkit for WS-Security, WS-Security headers are automatically included in your SOAP requests.

The Apache Axis implementation of WS-Security, through the Apache WSS4J Java libraries, allows you to send authentication information in your request instead of relying on a preliminary request/response from ArcWeb Authentication Web Service. See the Apache WSS4J Web site for more information about the Apache implementation of WS-Security.

The first part of this tutorial explains the system requirements and the WSS4J parameters for Username Token security header in your ArcWeb Services requests. The second part of this tutorial provides step-by-step instructions for using these parameters in a request. It assumes you have Apache Axis 1.3 and JDK 1.5 running on Jakarta (Apache) Tomcat. This tutorial also assumes you have an active subscription to ArcWeb Services. See ArcWeb Services authentication for general information on the ArcWeb Services authentication process.
System requirements

You must have the following components on your system before sending requests to ArcWeb Services using WS-Security with Axis.

    Apache Axis 1.3 (Final)
    JDK 1.5
    Jakarta (Apache) Tomcat 5.5.12
    Apache WSS4J libraries 1.1.0
    Active subscription to ArcWeb Services

WSDoAllSender parameters

WSDoAllSender and WSDoAllReceiver are the main Axis handlers implemented in WSS4J library for creating and interpreting secure SOAP requests. The WSDoAllSender handler is contained on the client side and is used to add a security header to a request. The WSDoAllReciever handler, implemented on the server that will receive this request, validates the authentication information in the incoming request header. 

WSDoAllSender handler contains the following parameters.

Parameter
   

Description

action
   

Contains the security action. The valid value is "usernameToken" which directs the handler to insert a token into the SOAP request.

user
   

Contains the user name.

passwordType
   

Contains the encoding type of the password. The valid value is "PasswordDigest". "PasswordDigest" sends the password in digest mode.

mustUnderstand
   

Must be set to false. It indicates that the security header inserted in the SOAP request is not a mandatory SOAP header and that it doesn't need to be understood by the Web service server.

password
   

Contains the Base64-encoded SHA-1 password. Use the WS-Security Password Helper to translate your plain text password into the proper format.
How to use

    Verify that Network Time Protocol (NTP) is enabled on your client system. NTP establishes a common clock for all systems connected to the Internet. Since the ArcWeb clock uses NTP, enabling NTP on your system helps prevent unexpected expired token errors.

For more information on how to use NTP to synchronize your system clock, see http://tf.nist.gov/service/pdf/win2000xp.pdf or http://www.akadia.com/services/ntp_synchronize.html.

    Download the Apache WSS4J libraries v 1.1.0 from the Apache WSS4J Web site .

    Copy WSS4J.jar to your Axis WEB-INF/lib directory.

You can overwrite the jar file if it already exists.

    Download opensaml-1.1.jar from the OpenSAML Web site and copy to your Axis WEB-INF/lib.

    Set up your CLASSPATH variables for the WSS4J implementation as follows.
        SET JAVA_HOME=<Path to java base directory>
        SET CATALINA_HOME=<Path to Tomcat base directory>
        SET AXIS_HOME=<Path to Axis 1.2 base directory>
        SET XERCES_HOME=<Path to Xerces base directory>
        Set CLASSPATH= %AXIS_HOME%\lib\axis.jar;%AXIS_HOME%\lib\axis-ant.jar; %AXIS_HOME%\lib\axis-schema.jar; %AXIS_HOME%\lib\commons-discovery-0.2.jar;%AXIS_HOME%\lib\commons-logging-1.0.4.jar; %AXIS_HOME%\lib\jaxrpc.jar;%AXIS_HOME%\lib\log4j-1.2.8.jar;%AXIS_HOME%\lib\saaj.jar;%AXIS_HOME%\lib\wsdl4j-1.5.1.jar;%AXIS_HOME%\lib\wss4j.jar;%AXIS_HOME%\lib\xmlsec-1.2.97.jar; %XERCES_HOME%\xml-apis.jar; %XERCES_HOME%\resolver.jar; %XERCES_HOME%\xercesImpl.jar;%CATALINA_HOME%\common\lib\activation.jar;%CATALINA_HOME%\common\lib\mail.jar;%CATALINA_HOME%\common\lib\servlet-api.jar;%JAVA_HOME%\lib\tools.jar;.;%CLASSPATH%;
    Restart Apache Tomcat.

You do not need to restart Tomcat if you have automatic deployment/class loading turned on.

    Verify that XML Security (xmlsec-1.2.97.jar) is properly configured. Do this by opening the Axis happiness page in a Web browser (typically located at http://localhost:8080/axis) and seeing that XML Security is listed in "Optional Components". If it is not listed, then you should instead see a link to download the xmlsec-1.2.97.jar file. Download the .jar file and save it under %AXIS_HOME%\lib.

You are now ready to send SOAP requests with WS-Security headers. A successful SOAP request requires three steps: adding the deployment descriptor, creating a valid request to a specific ArcWeb service, and troubleshooting any exceptions.

    Create a deployment descriptor (client-config.wsdd) to your SOAP request. For example:

<!-- Using the WSDoAllSender security handler in request flow -->
<deployment xmlns="http://xml.apache.org/axis/wsdd/"  xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<transport name="http" pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<globalConfiguration>
<requestFlow >
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="UsernameToken"/>
<parameter name="user" value="<ArcWeb user name>"/>
<parameter name="passwordType" value="PasswordDigest"/>
<parameter name="password" value="<WS-Security password>"/>
<parameter name="mustUnderstand" value="false" />
</handler>
</requestFlow >
</globalConfiguration>
</deployment>

        See WSDoAllSender parameters for descriptions of the parameters.
        Save the deployment descriptor (client-config.wsdd) to any location on your computer (running Tomcat).

    Set the following property for the jvm used by Tomcat (5.5.12) and restart Tomcat.

-Daxis.ClientConfigFile=<path of the client-config.wsdd>

    Double-click Apache Procrun Service Manager(Tomcat5w.exe) located in the <Tomcat_Home>\bin directory.
     Click Java tab > Java Options of Apache Tomcat Properties dialog. 
    Restart Tomcat.

    Create a valid request to an ArcWeb service. See the tutorial Using Axis (Java) with ArcWeb Services for step-by-step instructions for creating requests to ArcWeb Services (skip the step about running WSDL2Java against the Authentication Web Service HTTPS WSDL url).

Now that you have configured Axis for WS-Security, you no longer need to request a token from ArcWeb Authentication Web Service. Instead, your requests to ArcWeb services include the required authentication information via the WS-Security header.

Below is an example of a request. Note that the timestamp information and username are not valid values so you cannot send this request as is.

<?xml version="1.0" encoding="utf-8" ?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soap:Header>
<wsa:Action>findPlace</wsa:Action>
<wsa:MessageID>uuid:99c89fad-9c84-4fde-adc1-b1d1b3e0e35b</wsa:MessageID>
<wsa:ReplyTo>
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:To>http://www.arcwebservices.com/services/v2006/PlaceFinder</wsa:To>
<wsse:Security>
<wsu:Timestamp wsu:Id="Timestamp-ce4fb682-9726-49ce-93cd-6e17156fee07">
<wsu:Created>2005-12-02T21:38:34Z</wsu:Created>
<wsu:Expires>2005-12-02T21:43:34Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-d15f7571-38d5-4411-9160-184d4fbe36d7">
<wsse:Username>
<ArcWeb username>
</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">2dj7Kf8eOLRnlihYS/MeDXlhAzU=</wsse:Password>
<wsse:Nonce>SpOU0e+TITWqgej21qYelQ==</wsse:Nonce>
<wsu:Created>2005-12-02T21:38:34Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
<findPlace xmlns="http://www.arcwebservices.com/v2006">
<placeName>Redlands</placeName>
<placeFinderOptions>
<dataSource xmlns="">ArcWeb:ESRI.Gazetteer.World</dataSource>
<filterCountry xsi:nil="true" xmlns="" />
<filterExtent xsi:nil="true" xmlns="" />
<filterType xsi:nil="true" xmlns="" />
<resultSetRange xsi:nil="true" xmlns="" />
<searchType xsi:nil="true" xmlns="" />
</placeFinderOptions>
<token />
</findPlace>
</soap:Body>
</soap:Envelope>

    Troubleshoot any exceptions.

    The most common reason for exceptions is improperly set CLASSPATH variables. See Step 5 for the CLASSPATH variable settings related to WSS4J.
    See the Apache Wiki site for more troubleshooting information.

分享到:
评论

相关推荐

    纯java调用ws-security+CXF实现的webservice安全接口

    本文将深入探讨如何使用CXF框架结合ws-security标准来实现对Java客户端调用Web服务的安全接口。CXF是一个开源的服务框架,它允许开发人员创建和消费各种Web服务,而ws-security(Web Services Security)则是用于...

    ws-security 和wss4j的jar包

    而Apache WSS4J(Web Services Secure Utilities for Java)则是Apache软件基金会开发的一个实现WS-Security标准的开源库,它为Java开发者提供了处理和验证Web服务消息安全性的工具。 首先,我们来看一下标题提到的...

    ws-security 和 wss4j的jar包

    `ws-security`是Java EE环境中一个抽象的概念,它代表了实现WS-Security规范的一系列接口和类。这些接口和类定义了如何在SOAP消息中添加和验证安全令牌,如数字签名、加密内容以及身份验证信息。通过`ws-security`,...

    ws-security jar

    在Java中,通常使用Apache CXF、Axis2等Web服务框架,它们内置了对WS-Security的支持。 使用"ws-security jar"时,开发者可以配置Web服务客户端和服务器端的策略,设置签名和加密算法,指定认证方式,以及处理证书...

    axis2+rampart实现ws-security

    【标题】:"axis2+rampart实现ws-security" 在WS-Security(Web Services Security)标准中,axis2和rampart是两个关键组件,用于在Web服务中实现安全功能。Axis2是Apache的一个开放源码Web服务引擎,它提供了一个...

    Web 服务规范_第 4 部分:WS-Security源码

    在实际开发中,WS-Security的实现通常依赖于库,如Apache CXF、Axis2或Spring-WS,它们提供了API来简化WS-Security的集成。开发者可以通过这些库轻松地在SOAP消息中添加和验证安全元素。 为了实现WS-Security,...

    了解 Web 服务规范_第 4 部分:WS-Security.

    ### 了解 Web 服务规范_第 4 部分:WS-Security #### 概述 在深入了解WS-Security之前,我们先回顾一下DailyMoon报社的员工如何探索使用Web服务这一新工作方式。该报社的Classifieds Department决定允许外部用户...

    apache-ws-axis.jar.zip

    标签:apache-ws-axis.jar.zip,apache,ws,axis,jar.zip包下载,依赖包

    html5-3d-mult-axis-images

    axis-imageshtml5-3d-mult-axis-imageshtml5-3d-mult-axis-imageshtml5-3d-mult-axis-images

    axis2.eclipse.codengen.plugin-SNAPSHOT-axis2-eclipse-codege-plugin.zip

    标题中的"axis2.eclipse.codengen.plugin-SNAPSHOT-axis2-eclipse-codegen-plugin.zip"指出这是一个Axis2的Eclipse插件,主要用于代码生成工具。在 Axis2 的开发环境中,此插件扮演着至关重要的角色,它能帮助开发者...

    axis2-eclipse-codegen-plugin-1.6.2和axis2-eclipse-service-plugin-1.6.2

    标题中的"axis2-eclipse-codegen-plugin-1.6.2和axis2-eclipse-service-plugin-1.6.2"指的是两个与Apache Axis2相关的Eclipse插件:Axis2代码生成插件和Axis2服务插件,它们是版本1.6.2的。Apache Axis2是一个流行的...

    axis2-eclipse-service-archiver-wizard和axis2-eclipse-codegen-wizard

    共四个文件,都是最先版的,希望可以帮助大家。axis2-eclipse-service-archiver-wizard和axis2-eclipse-codegen-wizard和axis2-1.6.1-bin和axis2-1.6.1-war

    axis2-1.5.1-bin.zip axis2-1.5.1-war.zip axis2部署使用

    Apache Axis2是著名的开源Web服务框架,用于构建和部署高效且灵活的Web服务。这个框架是基于Axis1的升级版,提供了许多改进和新特性,包括更好的性能、模块化架构和增强的MIME支持。标题提到的“axis2-1.5.1-bin.zip...

    java-webservice-axis-例子

    Axis支持多种安全模型,包括基本认证、HTTPS、WS-Security等。这些机制可以保护Web服务免受未经授权的访问和攻击。 7. **版本控制和兼容性**:虽然例子中使用的是Axis1.4,但随着技术的发展,后续有Axis2等更新版本...

    wsdaix-1.1-axis-1.4-bin

    标题“wsdaix-1.1-axis-1.4-bin”揭示了这是一个关于WS-DAI(Web Services Distributed Access Interface)的软件包,版本为1.1,与Apache Axis 1.4集成。Apache Axis是Java平台上的一个开源SOAP(简单对象访问协议...

    xalanjava源码-axis-axis2-java-rampart:ApacheAxis2-Java城墙

    【标题】"xalanjava源码-axis-axis2-java-rampart:ApacheAxis2-Java城墙" 这个标题提及了几个关键的IT概念,主要是与Java相关的开源项目和库。首先,"xalanjava源码"指的是Xalan-Java,这是一个开源的Java XML转换...

    WebService------AXIS

    4. **丰富的支持库**:AXIS提供了对多种协议和标准的支持,如SOAP、HTTP、HTTPS、MTOM(Message Transmission Optimization Mechanism)、WS-Security等。 5. **可扩展性**:AXIS允许开发者通过插件系统添加自定义...

    axis2-1.6.2-war+axis2-1.6.1-war+axis2-1.6.2-bin

    标题中的"axis2-1.6.2-war+axis2-1.6.1-war+axis2-1.6.2-bin"表明这是一个包含不同版本的Apache Axis2服务框架的集合。Axis2是Apache软件基金会开发的一个Web服务引擎,它主要用于创建和部署Web服务以及处理SOAP消息...

    axis2-1.6.1

    支持开发 Axis2 的动力是探寻模块化更强、灵活性更高和更有效的体系结构,这种体系结构可以很容易地插入到其他相关 Web 服务标准和协议(如 WS-Security、WS-ReliableMessaging 等)的实现中。 Apache Axis2 是Axis...

    axis2-1.5.4-bin&axis2-1.5.4-war

    8. **安全性**:Axis2支持WS-Security规范,可以实现服务的安全性,包括加密、签名、消息完整性检查等功能。此外,还可以通过模块扩展实现身份验证、授权等安全机制。 9. **与其他技术的集成**:Axis2可以与各种...

Global site tag (gtag.js) - Google Analytics