`
agile_boy
  • 浏览: 558150 次
  • 性别: Icon_minigender_1
  • 来自: 上海
社区版块
存档分类
最新评论

[转载]Adventures in Grails – WS-Security Part 1

阅读更多

转载是因为此文网站被墙了。

 

The next step in rewriting the application was to secure the web services with WS-Security. In this post I get a grails version of the xfire wss example of User Token Authentication up and running. To do this I use (of course) the grails xfire plugin.

After creating a grails project and installing the xfire plugin, the first thing to do is to configure the inHandlers:

to do this add the following to the doWithSpring closure in XfireGrailsPlugin.groovy

 

"xfire.passHandler"(org.codehaus.xfire.demo.PasswordHandler) { bean ->
        }

"xfire.DOMhandler"(org.codehaus.xfire.util.dom.DOMInHandler) { bean ->
        }

"xfire.WSS4JHandler"(org.codehaus.xfire.security.wss4j.WSS4JInHandler) {
    properties = ["passwordCallbackRef":ref("xfire.passHandler"),
                  "action":"UsernameToken"]
        }
"xfire.ValidateUserTokenHandler"(org.codehaus.xfire.demo.ValidateUserTokenHandler) {
        }

 ValidateUserTokenHandler and PasswordHandler are part of the example code distributed with xfire. I just copied them into the correct package in src/java/ in this simple grails app. And then add the inHandlers to the org.grails.xfire.ServiceBean

 

inHandlers = [ref("xfire.DOMhandler"),
              ref("xfire.WSS4JHandler"),
              ref("xfire.ValidateUserTokenHandler")]
 
See the complete listing for doWithSpring at the end of this post. Now any service you expose with xfire will require (and print) a username and password in a WSS UsernameToken header. The simple service I used to test this is:
class TestService {

    static expose=['xfire']

    boolean transactional = true

    String serviceMethod() {
       return "You did it!!!"
    }
}
 I use soapUI to test, here is the request it generated:
1 foo
2 bar
3 2008-03-01T19:49:03.627Z

This is obviously not a perfect solution. You may not want to secure all the web services in your project or at least not all in the same way. After I finish with this project I will have a more general solution to contribute to the grails xfire plugin.But first, I need to do something with the user credentials I am now receiving. Next up, integrating with acegi through the grails acegi plugin

 

Full doWithSpring listing:

def doWithSpring = {

        "xfire.serviceRegistry"(org.codehaus.xfire.service.DefaultServiceRegistry) { bean->
            bean.getBeanDefinition().setSingleton(true)
        }

        "xfire.transportManager"(org.codehaus.xfire.transport.DefaultTransportManager){ bean->
            bean.getBeanDefinition().setSingleton(true)
            bean.getBeanDefinition().setInitMethodName("initialize")
            bean.getBeanDefinition().setDestroyMethodName("dispose")
        }

        "xfire"(org.codehaus.xfire.DefaultXFire,
                 ref("xfire.serviceRegistry"),
                 ref("xfire.transportManager")) { bean ->
            bean.getBeanDefinition().setSingleton(true)
        }

        "xfire.typeMappingRegistry"(org.codehaus.xfire.aegis.type.DefaultTypeMappingRegistry){ bean ->
            bean.getBeanDefinition().setSingleton(true)
            bean.getBeanDefinition().setInitMethodName("createDefaultMappings");
        }

        "xfire.aegisBindingProvider"(org.codehaus.xfire.aegis.AegisBindingProvider,
            ref("xfire.typeMappingRegistry")) { bean ->
            bean.getBeanDefinition().setSingleton(true)
        }

        "xfire.serviceFactory"(org.codehaus.xfire.service.binding.ObjectServiceFactory,
            ref("xfire.transportManager"), ref("xfire.aegisBindingProvider")) { bean ->
            bean.getBeanDefinition().setSingleton(true)
        }

        "xfire.servletController"(org.codehaus.xfire.transport.http.XFireServletController,
            ref("xfire")) { bean ->
            bean.getBeanDefinition().setSingleton(true)
        }

        "grails.xfire"(org.grails.xfire.ServiceFactoryBean, "grails.xfire") { bean ->
            bean.getBeanDefinition().setInitMethodName("initialize")
            transportManager = ref("xfire.transportManager")
            grailsApplication = ref("grailsApplication", true)
        }

        "xfire.passHandler"(org.codehaus.xfire.demo.PasswordHandler) { bean ->
        }

        "xfire.DOMhandler"(org.codehaus.xfire.util.dom.DOMInHandler) { bean ->
        }

        "xfire.WSS4JHandler"(org.codehaus.xfire.security.wss4j.WSS4JInHandler) {
            properties = ["passwordCallbackRef":ref("xfire.passHandler"),
                          "action":"UsernameToken Timestamp"]
        }

        "xfire.ValidateUserTokenHandler"(org.codehaus.xfire.demo.ValidateUserTokenHandler) {}

        if(application.serviceClasses) {
            application.serviceClasses.each { service ->
                def serviceClass = service.getClazz()
                def exposeList = GrailsClassUtils.getStaticPropertyValue(serviceClass, 'expose')
                if(exposeList!=null && exposeList.contains('xfire')) {
                    def sName = service.propertyName.replaceFirst("Service","XFire")
                    //
                    "${sName}"(org.grails.xfire.ServiceBean){
                        //
                        xfire = ref("xfire")
                        //
                        serviceBean = ref("${service.propertyName}")
                        //
                        serviceClass = service.getClazz()
                        //
                        serviceFactory = ref("grails.xfire")

                        inHandlers = [ref("xfire.DOMhandler"),
                                ref("xfire.WSS4JHandler"),
                                ref("xfire.ValidateUserTokenHandler")]
                    }
                }
            }
        }
    }
 
分享到:
评论
3 楼 oksonic 2010-07-19  
今天在研究,但是到第二步就发现无法进行下去了。
inHandlers = [ref("xfire.DOMhandler"),
              ref("xfire.WSS4JHandler"),
              ref("xfire.ValidateUserTokenHandler")]
这段代码不知道加到哪里去。
2 楼 agile_boy 2010-06-13  
恐怕要等到晚上了,现在我也上不了,呵呵
1 楼 oksonic 2010-06-13  
非常感谢,希望再把第二篇也发一下可以吗?

相关推荐

    adventures-in-ml-code, 这个存储库保存了站点http的所有代码.zip

    adventures-in-ml-code, 这个存储库保存了站点http的所有代码 adventures-in-ml-code这个存储库保存了站点 http://www.adventuresinmachinelearning.com的所有代码。这是 neural_network_tutorial.py 开发的代码,它

    Borgaonkar-New-Adventures-In-Spying-3G-And-4G-Users-Locate-Track

    Borgaonkar-New-Adventures-In-Spying-3G-And-4G-Users-Locate-Track-And-Monitor

    藏经阁-Adventures-In-Attacking-Wind-Farm-Control-Networks.pdf

    《藏经阁-Adventures-In-Attacking-Wind-Farm-Control-Networks.pdf》这篇文档探讨的主题聚焦在风力发电场控制网络的安全性上,由杰森·斯塔格斯博士,一位专注于控制系统和网络安全的研究员所撰写。他在文中提到了...

    Borgaonkar-New-Adventures-In-Spying-3G-And-4G-Users-Locate

    在信息技术领域,随着移动通信技术的不断进步,3G和4G网络用户的安全问题受到了广泛关注。Borgaonkar等研究者在他们的作品中详细探讨了针对3G和4G用户的隐私攻击手段,特别是如何定位、追踪和监控用户。...

    Motion Mountain-the adventure of physics – vol-I part1

    This book is written for anybody who is ...about how people, animals, things, images and empty space move leads to many adventures. This volume presents the best of them in the domain of everyday motion.

    藏经阁-The-Adventures-Of-Av-And-The-Leaky-Sandbox.pdf

    《藏经阁-The-Adventures-Of-Av-And-The-Leaky-Sandbox.pdf》这份文档探讨了安全领域的一个重要话题:云杀毒软件(AV)如何可能削弱企业端点的安全性。文章由Itzik Kotler和Amit Klein两位安全研究专家撰写,他们...

    九上牛津版-Unit7-The-Adventures-of-Tom-Sawyer同步练习及答案.doc

    《九上牛津版》英语教材作为一套广泛使用的学习材料,其Unit 7-The Adventures of Tom Sawyer的同步练习及答案,不仅让学生们在学习的过程中得到巩固和提高,也激发了他们对于英语语言和文学的兴趣。 本同步练习...

    Adventures in Stochastic Processes

    Sidney的经典教材Adventures in Stochastic Processes,适合有很强数学或概率基础的人学习

    Adventures In Stochastic Processes

    TextBook : Adventures Stochastic Processes by Resnick

    Extreme Programming Adventures in C#

    《Extreme Programming Adventures in C#》一书由Ron Jeffries撰写,是C#设计模式领域的一部佳作,对于深入理解极限编程(Extreme Programming,简称XP)具有重要价值。该书通过一系列的故事和实践,展示了如何在...

    Adventures-Of-Hunter-Game

    1. **项目结构**:根据"Adventures-Of-Hunter-Game-main"的文件名,我们可以推测项目的主目录可能包含了源代码、资源文件(如图像、音频)和其他配置文件。 2. **初始化引擎**:在 JavaScript 中,首先需要创建一个...

    Adventures in Minecraft英文版

    《Adventures in Minecraft》是一本由Martin O'Hanlon和David Whale共同撰写的书籍,首次出版于2015年,由John Wiley and Sons出版社发行。本书旨在帮助读者通过实践性的项目探索和学习Minecraft中的编程和技术应用...

    Adventures in Stochastic Processes (Sidney Resnick)

    不过,根据标题和描述,我们可以生成一些与《Adventures in Stochastic Processes》这本书相关的知识点。 《Adventures in Stochastic Processes》是由Sidney Resnick所著的一本关于随机过程的书籍。随机过程是...

    RSA 2018PPT汇总(108份).zip

    adventures-in-managing-short-lived-systems.pdf', 'cxo-f02_securing-innovation-shifting-the-conversation-from-fear-to-possibility.pdf', 'cxo-f03-business-executive-fundamentals-how-to-beat-the-mbas-at-...

    Adventures-Tours-and-Vacations

    本项目“Adventures-Tours-and-Vacations”显然关注的是构建一个专注于冒险旅行的网站,旨在吸引那些寻求刺激、热爱探索的旅行者。这个项目可能涉及的内容广泛,包括界面设计、用户体验(UX)、响应式布局、以及与...

    The Hardware Hacker Adventures in Making and Breaking Hardware azw3

    The Hardware Hacker Adventures in Making and Breaking Hardware 英文azw3 本资源转载自网络,如有侵权,请联系上传者或csdn删除 本资源转载自网络,如有侵权,请联系上传者或csdn删除

    adventures in stochastic process

    经典英文数学教材 数学专业研究生用书 南开大学数学院 随机过程课程教材之一

Global site tag (gtag.js) - Google Analytics