`
longgangbai
  • 浏览: 7338938 次
  • 性别: Icon_minigender_1
  • 来自: 上海
社区版块
存档分类
最新评论

Mule ESB 学习笔记(16)CXF SOAP基于SAML的验证的配置

阅读更多

mule的配置

<mule xmlns:core="http://www.mulesoft.org/schema/mule/core" xmlns="http://www.mulesoft.org/schema/mule/core"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:spring="http://www.springframework.org/schema/beans"
    xmlns:cxf="http://www.mulesoft.org/schema/mule/cxf"
    xmlns:doc="http://www.mulesoft.org/schema/mule/documentation"
    xmlns:http="http://www.mulesoft.org/schema/mule/http"
    xsi:schemaLocation="
http://www.mulesoft.org/schema/mule/http http://www.mulesoft.org/schema/mule/http/current/mule-http.xsd 
http://www.mulesoft.org/schema/mule/cxf http://www.mulesoft.org/schema/mule/cxf/current/mule-cxf.xsd 
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-current.xsd 
http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/current/mule.xsd " version="EE-3.3.0">
    <spring:beans>
        <spring:bean id="Bean" name="samlCustomValidator" class="com.mulesoft.mule.soap.security.SAMLCustomValidator"/>
    </spring:beans>

    
    <flow name="SamlTokenServiceFlow" doc:name="SamlTokenServiceFlow">
        <http:inbound-endpoint address="http://localhost:63084/services/saml" exchange-pattern="request-response" doc:name="HTTP Inbound Endpoint"/>
        <cxf:jaxws-service serviceClass="com.mulesoft.mule.soap.security.Greeter" doc:name="Secure SAMLToken service">
            <cxf:ws-security>
                <cxf:ws-config>
                    <cxf:property key="action" value="SAMLTokenUnsigned Timestamp"/>
                </cxf:ws-config>
                <cxf:ws-custom-validator>
                    <cxf:saml2-token-validator ref="samlCustomValidator"/>
                </cxf:ws-custom-validator>
            </cxf:ws-security>
        </cxf:jaxws-service>
        <component class="com.mulesoft.mule.soap.security.GreeterService" doc:name="Greeter Service"/>
    </flow>

    <flow name="SignedSamlTokenServiceFlow" doc:name="SignedSamlTokenServiceFlow">
        <http:inbound-endpoint address="http://localhost:63084/services/signedsaml" exchange-pattern="request-response" doc:name="HTTP Inbound Endpoint"/>
        <cxf:jaxws-service serviceClass="com.mulesoft.mule.soap.security.Greeter" doc:name="Secure SAMLToken Signed service">
            <cxf:ws-security>
                <cxf:ws-config>
                    <cxf:property key="action" value="SAMLTokenUnsigned Signature"/>
                    <cxf:property key="signaturePropFile" value="wssecurity.properties" />
                </cxf:ws-config>
                <cxf:ws-custom-validator>
                    <cxf:saml2-token-validator ref="samlCustomValidator"/>
                </cxf:ws-custom-validator>
            </cxf:ws-security>
        </cxf:jaxws-service>
        <component class="com.mulesoft.mule.soap.security.GreeterService" doc:name="Greeter Service"/>
    </flow>
</mule>

 

 

package com.mulesoft.mule.soap.security;

import java.io.IOException;
import java.util.Collections;

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;

import org.apache.ws.security.saml.ext.SAMLCallback;
import org.apache.ws.security.saml.ext.bean.AuthenticationStatementBean;
import org.apache.ws.security.saml.ext.bean.SubjectBean;
import org.apache.ws.security.saml.ext.builder.SAML2Constants;
import org.opensaml.common.SAMLVersion;

/**
 *  Callback handler that populates a SAML 2.0 assertion based on the SAML properties file
 */
public class SAMLCallbackHandler implements CallbackHandler {

    private String subjectName;
    private String subjectQualifier;
    private String confirmationMethod;

    public SAMLCallbackHandler()
    {
        subjectName = "AllowGreetingServices";
        subjectQualifier = "www.example.com";
        confirmationMethod = SAML2Constants.CONF_SENDER_VOUCHES;
    }

    public void handle(Callback[] callbacks)
            throws IOException, UnsupportedCallbackException
    {
        for (int i = 0; i < callbacks.length; i++) {
            if (callbacks[i] instanceof SAMLCallback) {
                SAMLCallback callback = (SAMLCallback) callbacks[i];
                callback.setSamlVersion(SAMLVersion.VERSION_20);
                SubjectBean subjectBean =
                        new SubjectBean(
                                subjectName, subjectQualifier, confirmationMethod
                        );
                callback.setSubject(subjectBean);
                createAndSetStatement(null, callback);
            } else {
                throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
            }
        }
    }

    private void createAndSetStatement(SubjectBean subjectBean, SAMLCallback callback) {
        AuthenticationStatementBean authBean = new AuthenticationStatementBean();
        if (subjectBean != null) {
            authBean.setSubject(subjectBean);
        }
        authBean.setAuthenticationMethod("Password");
        callback.setAuthenticationStatementData(Collections.singletonList(authBean));
    }

}

 

 

import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.saml.ext.AssertionWrapper;
import org.apache.ws.security.saml.ext.OpenSAMLUtil;
import org.apache.ws.security.validate.Credential;
import org.apache.ws.security.validate.SamlAssertionValidator;

public class SAMLCustomValidator extends SamlAssertionValidator
{
    @Override
    public Credential validate(Credential credential, RequestData data) throws WSSecurityException
    {
        Credential returnedCredential = super.validate(credential, data);
        //
        // Do some custom validation on the assertion
        //
        AssertionWrapper assertion = credential.getAssertion();
        if (!"self".equals(assertion.getIssuerString()))
        {
            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
        }

        if (assertion.getSaml2() == null)
        {
            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
        }

        String confirmationMethod = assertion.getConfirmationMethods().get(0);
        if (confirmationMethod == null)
        {
            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
        }
        if (!OpenSAMLUtil.isMethodSenderVouches(confirmationMethod))
        {
            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
        }

        if(!"AllowGreetingServices".equals(assertion.getSaml2().getSubject().getNameID().getValue()))
        {
            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
        }

        return returnedCredential;
    }



}

 

 

服务端:

import org.mule.api.MuleContext;
import org.mule.api.MuleException;
import org.mule.api.context.MuleContextFactory;
import org.mule.config.spring.SpringXmlConfigurationBuilder;
import org.mule.context.DefaultMuleContextFactory;

public class MuleServerApp {
  public static void main(String[] args) throws MuleException {
	  String configFile = "mule-config.xml";
      System.setProperty("mule.verbose.exceptions","true");
      String[] configFileArr = new String[] {configFile };
      MuleContextFactory muleContextFactory = new DefaultMuleContextFactory();
      MuleContext muleContext = muleContextFactory
              .createMuleContext(new SpringXmlConfigurationBuilder(configFileArr));
      muleContext.start();
  }
}

 

客户端测试:

public class MuleSecureClient
{
    public static void main(String[] args) throws Exception
    {
        Greeter service = createService("http://localhost:63084/services/saml?wsdl",
            getSamlTokenProps("SAMLTokenUnsigned Timestamp", "saml.properties"));
        System.out.println(service.greet("Mule"));
        
        
        service = createService("http://localhost:63084/services/signedsaml?wsdl",
                                        getSignedSamlTokenProps("SAMLTokenSigned", "saml.properties"));
        System.out.println(service.greet("Mule"));
    }    

    protected static Map<String, Object> getSamlTokenProps(String action, String propertiesFile)
    {
        Map<String, Object> wss4jProps = new HashMap<String, Object>();
        wss4jProps.put("action", action);
        wss4jProps.put("samlPropFile", propertiesFile);
        SAMLCallbackHandler samlCallbackHandler = new SAMLCallbackHandler();
        wss4jProps.put(WSHandlerConstants.SAML_CALLBACK_REF, samlCallbackHandler);
        return wss4jProps;
    }

    protected static Map<String, Object> getSignedSamlTokenProps(String action, String propertiesFile)
    {
        Map<String, Object> wss4jProps = new HashMap<String, Object>();
        wss4jProps.put("action", action);
        wss4jProps.put("samlPropFile", propertiesFile);
        wss4jProps.put("signatureKeyIdentifier", "DirectReference");
        wss4jProps.put("user", "joe");
        wss4jProps.put("passwordCallbackClass", PasswordCallback.class.getName());
        wss4jProps.put(WSHandlerConstants.SAML_CALLBACK_REF, new SAMLCallbackHandler());
        return wss4jProps;
    }
    
    public static Greeter createService(String url, Map<String, Object> wss4jProps)
    {
        URL wsdlDocumentLocation;
        try
        {
            wsdlDocumentLocation = new URL(url);
        }
        catch (MalformedURLException e)
        {
            throw new RuntimeException("Invalid test definition", e);
        }
        QName serviceName = new QName("http://security.soap.mule.mulesoft.com/", "GreeterService");

        Service dynService = Service.create(wsdlDocumentLocation, serviceName);
        Greeter service = dynService.getPort(Greeter.class);
        Client client = ClientProxy.getClient(service);

        if (wss4jProps != null)
        {
            client.getOutInterceptors().add(new WSS4JOutInterceptor(wss4jProps));
        }

        return service;
    }
    
}


 

分享到:
评论

相关推荐

    mule -esb 源码

    `mule-spring-configuration.dtd`和`mule-configuration.dtd`是Mule ESB的XML配置文件的DTD(文档类型定义),它们规定了XML配置文件的结构和元素。Spring是Mule ESB的核心组件之一,负责管理对象的生命周期和依赖...

    ESB原理及Mule ESB实践

    ### ESB原理及Mule ESB实践 #### ESB(Enterprise Service Bus)原理概述 **ESB**(企业服务总线)是SOA(面向服务架构)架构中的关键组件之一,用于实现服务间的智能集成与管理。其核心作用在于简化不同系统间的...

    Mule ESB手册-中文版

    根据提供的文件内容,以下是关于Mule ESB手册-中文版的知识点: 1. Mule ESB简介 ...通过这些知识点的学习,可以加深对Mule ESB的使用方法的理解,并通过实例加深对ESB概念的理解,对新手来说非常有帮助。

    Mule ESB 学习笔记(13)CSV数据文件到数据库

    在本篇“Mule ESB 学习笔记(13)CSV数据文件到数据库”中,我们将探讨如何使用Mule ESB(Enterprise Service Bus,企业服务总线)处理CSV(Comma Separated Values,逗号分隔值)数据,并将其有效地导入到数据库中...

    MULE ESB-4.1企业版运行环境

    MULE ESB(Mule Enterprise Service Bus)是Anypoint Platform的核心组件,它是一个强大的、全面集成的企业服务总线(ESB),专为构建、部署和管理API和集成解决方案而设计。MULE ESB-4.1是MuleSoft公司推出的企业版...

    MuleESB3.0中文教程

    - **与JBI容器的整合**:虽然Mule ESB不是基于JBI构建的,但它提供了JBI适配器,以便更好地与JBI容器协同工作。 #### 三、Mule ESB 3.0的关键特性 - **云连接(Cloud Connect)**:Mule 3引入了一种全新的特性——云...

    MuleEsb开源框架简介.pdf

    Mule ESB 是一个基于 Java 的轻量级企业服务总线和集成平台,允许开发人员快速便利地连接多个应用,并支持应用间的数据交换。Mule ESB 支持集成现有系统而无论其底层采用何种技术,如 JMS、Web Services、JDBC、...

    mule IDE (mule ESB)

    Mule ESB 是一个轻量级的基于java的企业服务总线和集成平台, 使得开发人员可以快速,简单的连接多个应用, 使得它们可以交换数据。 Mule ESB 容易集成现有异构系统,包括:JMS, Web Services, JDBC, HTTP, 等. ESB...

    MuleESB帮助文档

    1. **事件驱动架构**:Mule ESB基于事件驱动模型,能够实时响应系统中的变化,实现快速的数据传输和处理。 2. **无代码/低代码开发**:通过图形化的工作流设计工具Anypoint Studio,开发者可以直观地构建和部署集成...

    MuleESB_3.0_中文教程

    2. **Mule ESB架构**:Mule ESB基于事件驱动的架构,允许它快速响应系统中的变化。它由消息代理、连接器、数据转换器、流量控制和安全组件等组成。 3. **Mule Studio**:MuleSoft提供的集成开发环境(IDE),支持...

    mule esb cookbook 随书源码

    《Mule ESB Cookbook随书源码》是一个与Mule ESB相关的实践指南,它包含了大量实例代码,旨在帮助读者深入理解和应用Mule ESB这一开源企业服务总线(Enterprise Service Bus)。Mule ESB是业界广泛采用的ESB解决方案...

    mule esb 的简单介绍

    4. **Web服务支持**:Mule ESB能够处理基于Axis或Glue的Web服务,支持SOAP和其他Web服务标准,允许服务间的互操作性。 5. **灵活的部署结构**:Mule ESB提供了多种部署拓扑,包括Client/Server、P2P(对等)、ESB...

    mule esb开发手册

    《Mule ESB 开发手册》是一份详尽的指南,专为希望深入了解并掌握 Mule ESB(Enterprise Service Bus)技术的...通过深入学习和实践,开发者可以充分利用 Mule ESB 的强大功能,实现高效、可靠的企业级集成解决方案。

    mule esb 项目 例子 入门

    Mule ESB支持各种安全机制,如SSL/TLS加密、身份验证、授权等,以保护数据传输的安全。同时,通过合理的配置和设计,可以优化Mule应用的性能,如使用缓存、负载均衡、异步处理等策略。 总之,Mule ESB提供了一个...

    mule ESB 3 user guider

    总结来说,《Mule ESB 3用户指南》为用户提供了一个全面的、步骤详细的、实践导向的指导,从基础的配置、服务集成到开发、测试、文档编写和云服务集成,覆盖了使用Mule ESB进行企业级集成应用开发的各个阶段。

    MULE ESB官方例子研究

    【MULE ESB官方例子研究】是针对开源企业服务总线MULE的实践教程,旨在帮助用户理解MULE ESB的工作原理和使用方法。...这对于学习和掌握MULE ESB的使用至关重要,也有助于提高企业集成项目的实施效率和质量。

    MuleESB学习笔记

    MuleESB是一个基于Java的轻量级企业服务总线和集成平台,允许开发人员快速便利地连接多个应用,并支持应用间的数据交换。MuleESB支持集成现有系统而无论其底层采用何种技术,如JMS、WebServices、JDBC、HTTP以及其他...

    利用mule服务总线代理cxf服务

    本文将详细介绍如何利用Mule ESB(Enterprise Service Bus)作为代理来访问CXF发布的Web服务。 #### 建立CXF服务端 首先,我们需要构建一个CXF服务端来提供服务。下面是具体步骤: 1. **下载并安装CXF** 访问...

Global site tag (gtag.js) - Google Analytics