CXF全接触 --- WS-Security的实现 (转)

calvinlyc

浏览: 159539 次
性别:
来自: 奥克兰

最近访客更多访客>>

javalinjx

yuanyuan7891

cgh19900205

lovehouye

博主相关

博客

微博

相册

留言

关于我

文章分类

社区版块

存档分类

博客分类：

Web service

我们使用Apache WSS4J这个WS-Security的开源实现，相关内容请参阅：

http://ws.apache.org/wss4j/

WSS4J支持如下几种模式：

XML Security

XML Signature

XML Encryption

Tokens

Username Tokens

Timestamps

SAML Tokens

这里将使用Timestamps+Encryption+Signature组合。

首先需要生成服务端及客户端密钥文件：

generateKeyPair.bat

view plain
rem @echo off  
echo alias %1  
echo keypass %2  
echo keystoreName %3  
echo KeyStorePass %4  
echo keyName %5  
  
echo keyName %5  
keytool -genkey -alias %1 -keypass %2 -keystore %3 -storepass %4  -dname "cn=%1" -keyalg RSA  
keytool -selfcert -alias %1 -keystore %3 -storepass %4 -keypass %2  
keytool -export -alias %1 -file %5 -keystore %3 -storepass %4  

generateServerKey.bat

view plain
call generateKeyPair.bat apmserver apmserverpass serverStore.jks keystorePass serverKey.rsa  
call generateKeyPair.bat apmclient apmclientpass clientStore.jks keystorePass clientKey.rsa  
keytool -import -alias apmserver -file serverKey.rsa -keystore clientStore.jks -storepass keystorePass -noprompt  
keytool -import -alias apmclient -file clientKey.rsa -keystore serverStore.jks -storepass keystorePass -noprompt  

执行generateServerKey.bat批处理，生成clientStore.jks及serverStore.jks文件。

生成的密钥文件中包含的信息：

服务端账户：apmserver / apmserverpass

客户端账户：apmclient / apmclientpass

如下图所示建立工程：

工程视图

所使用到的Jar包一览

jar包一览

PasswordHandler.java

view plain
package com.cecltd.security;  
  
import java.io.IOException;  
import java.util.HashMap;  
import java.util.Map;  
  
import javax.security.auth.callback.Callback;  
import javax.security.auth.callback.CallbackHandler;  
import javax.security.auth.callback.UnsupportedCallbackException;  
  
import org.apache.ws.security.WSPasswordCallback;  
  
public class PasswordHandler implements CallbackHandler {  
  
    private Map<String, String> passwords = new HashMap<String, String>();  
  
    public PasswordHandler() {  
        passwords.put("apmserver", "apmserverpass");  
        passwords.put("apmclient", "apmclientpass");  
    }  
  
    public void handle(Callback[] callbacks) throws IOException,  
            UnsupportedCallbackException {  
        WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];  
        String id = pc.getIdentifer();  
        pc.setPassword((String) passwords.get(id));  
    }  
}  

SayHiSrvcImpl.java

view plain
package com.cecltd.service.impl;  
  
import com.cecltd.service.SayHiSrvc;  
  
public class SayHiSrvcImpl implements SayHiSrvc {  
  
    public String sayHi(String username) {  
          
        return "Hi, " + username + "!";  
    }  
}  

SayHiSrvc.java

view plain
package com.cecltd.service;  
  
import javax.jws.WebService;  
  
@WebService  
public interface SayHiSrvc {  
  
    public String sayHi(String username);  
}  

server_insecurity_enc.properties

view plain
orgorg.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin  
org.apache.ws.security.crypto.merlin.keystore.type=jks  
org.apache.ws.security.crypto.merlin.keystore.password=keystorePass  
org.apache.ws.security.crypto.merlin.alias.password=apmserverpass  
org.apache.ws.security.crypto.merlin.keystore.alias=apmserver  
org.apache.ws.security.crypto.merlin.file=serverStore.jks  

server_insecurity_sign.properties

view plain
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin  
org.apache.ws.security.crypto.merlin.keystore.type=jks  
org.apache.ws.security.crypto.merlin.keystore.password=keystorePass  
#org.apache.ws.security.crypto.merlin.alias.password=apmserverpass  
org.apache.ws.security.crypto.merlin.keystore.alias=apmserver  
org.apache.ws.security.crypto.merlin.file=serverStore.jks  

server_outsecurity_enc.properties

view plain
orgorg.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin  
org.apache.ws.security.crypto.merlin.keystore.type=jks  
org.apache.ws.security.crypto.merlin.keystore.password=keystorePass  
#org.apache.ws.security.crypto.merlin.alias.password=apmserverpass  
#org.apache.ws.security.crypto.merlin.keystore.alias=apmserver  
org.apache.ws.security.crypto.merlin.file=serverStore.jks  

SayHiServiceTest.java

view plain
package com.service.test;  
  
import static org.junit.Assert.*;  
import org.junit.BeforeClass;  
import org.junit.Test;  
import org.springframework.context.ApplicationContext;  
import org.springframework.context.support.ClassPathXmlApplicationContext;  
  
import com.cecltd.service.SayHiSrvc;  
  
public class SayHiServiceTest {  
  
    private static SayHiSrvc sayHiSrvc;  
      
    @BeforeClass  
    public static void setUp() {  
          
        ApplicationContext context = new ClassPathXmlApplicationContext(new String[] { "applicationContext.xml" });  
        sayHiSrvc = (SayHiSrvc)context.getBean("SayHiSrvc");  
    }  
      
    @Test  
    public void testSayHi() {  
      
        assertEquals("Hi, ShenBin!", sayHiSrvc.sayHi("ShenBin"));  
    }  
}  

applicationContext.xml

view plain
<beans xmlns="http://www.springframework.org/schema/beans"  
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
    xmlns:jaxws="http://cxf.apache.org/jaxws"  
    xsi:schemaLocation="  
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd  
    http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">  
  
    <bean id="SayHiSrvc" class="com.cecltd.service.SayHiSrvc" factory-bean="SayHiSrvcFactory" factory-method="create"/>  
  
    <bean id="SayHiSrvcFactory" class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean">  
        <property name="serviceClass" value="com.cecltd.service.SayHiSrvc" />  
        <property name="address" value="${host.url}/SayHiSrvc" />  
        <property name="outInterceptors">  
            <list>  
                <bean class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />  
                <ref bean="wss4jOutConfiguration" />  
            </list>  
        </property>  
        <property name="inInterceptors">  
            <list>  
                <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />  
                <ref bean="wss4jInConfiguration" />  
            </list>  
        </property>  
    </bean>  
      
    <bean id="propertyConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">  
        <property name="locations">  
            <list>  
                <value>serverhost.properties</value>  
            </list>  
        </property>  
    </bean>  
      
    <bean id="wss4jOutConfiguration" class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">  
        <property name="properties">  
            <map>  
                <entry key="action" value="Timestamp Encrypt Signature" />  
                <entry key="user" value="apmclient" />  
                <entry key="encryptionUser" value="apmserver" />  
                <entry key="signaturePropFile" value="outsecurity_sign.properties" />  
                <entry key="signatureKeyIdentifier" value="IssuerSerial" />  
                <entry key="encryptionPropFile" value="outsecurity_enc.properties" />  
                <entry>  
                    <key>  
                        <value>passwordCallbackRef</value>  
                    </key>  
                    <ref bean="passwordCallback" />  
                </entry>  
            </map>  
        </property>  
    </bean>  
      
    <bean id="wss4jInConfiguration" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">  
        <property name="properties">  
            <map>  
                <entry key="action" value="Timestamp Encrypt Signature" />  
                <entry key="user" value="apmclient" />  
                <entry key="decryptionPropFile" value="insecurity_enc.properties" />  
                <entry key="enableSignatureConfirmation" value="true" />  
                <entry key="signaturePropFile" value="outsecurity_sign.properties" />  
                <entry key="signatureKeyIdentifier" value="IssuerSerial" />  
                <entry>  
                    <key>  
                        <value>passwordCallbackRef</value>  
                    </key>  
                    <ref bean="passwordCallback" />  
                </entry>  
            </map>  
        </property>  
    </bean>  
      
    <bean id="passwordCallback" class="com.cecltd.security.PasswordHandler"/>  
  
</beans>  

insecurity_enc.properties

view plain
orgorg.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin  
org.apache.ws.security.crypto.merlin.keystore.type=jks  
org.apache.ws.security.crypto.merlin.keystore.password=keystorePass  
org.apache.ws.security.crypto.merlin.alias.password=apmclientpass  
org.apache.ws.security.crypto.merlin.keystore.alias=apmclient  
org.apache.ws.security.crypto.merlin.file=clientStore.jks  

outsecurity_enc.properties

view plain
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin  
org.apache.ws.security.crypto.merlin.keystore.type=jks  
org.apache.ws.security.crypto.merlin.keystore.password=keystorePass  
org.apache.ws.security.crypto.merlin.alias.password=apmclientpass  
org.apache.ws.security.crypto.merlin.keystore.alias=apmclient  
org.apache.ws.security.crypto.merlin.file=clientStore.jks  

outsecurity_sign.properties

view plain
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin  
org.apache.ws.security.crypto.merlin.keystore.type=jks  
org.apache.ws.security.crypto.merlin.keystore.password=keystorePass  
org.apache.ws.security.crypto.merlin.alias.password=apmclientpass  
org.apache.ws.security.crypto.merlin.keystore.alias=apmclient  
org.apache.ws.security.crypto.merlin.file=clientStore.jks  

serverhost.properties

view plain
host.url=http://127.0.0.1:8080/J6CxfSrvc/services  

cxf-config.xml

view plain
<beans xmlns="http://www.springframework.org/schema/beans"   
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"   
    xmlns:jaxws="http://cxf.apache.org/jaxws"   
    xsi:schemaLocation="   
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd   
    http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">   
  
    <import resource="classpath:META-INF/cxf/cxf.xml" />   
    <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />   
    <import resource="classpath:META-INF/cxf/cxf-servlet.xml" />   
  
    <jaxws:endpoint id="SayHiSrvc" implementor="com.cecltd.service.impl.SayHiSrvcImpl" address="/SayHiSrvc">   
        <jaxws:inInterceptors>  
            <bean class="org.apache.cxf.interceptor.LoggingInInterceptor"/>   
            <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"/>  
            <ref bean="wss4jInConfiguration"/>  
        </jaxws:inInterceptors>  
        <jaxws:outInterceptors>  
            <bean class="org.apache.cxf.interceptor.LoggingOutInterceptor"/>  
            <bean class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor"/>  
            <ref bean="wss4jOutConfiguration"/>  
        </jaxws:outInterceptors>  
    </jaxws:endpoint>   
  
        <bean id="wss4jInConfiguration" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">  
        <property name="properties">  
            <map>  
                <entry key="action" value="Timestamp Encrypt Signature"/>  
                <entry key="decryptionPropFile" value="server_insecurity_enc.properties"/>  
                <entry key="signaturePropFile" value="server_insecurity_sign.properties"/>  
                <entry>  
                    <key>  
                        <value>passwordCallbackRef</value>  
                    </key>  
                    <ref bean="passwordCallback"/>  
                </entry>  
            </map>  
        </property>  
    </bean>  
      
    <bean id="wss4jOutConfiguration" class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">  
        <property name="properties">  
            <map>  
                <entry key="action" value="Timestamp Encrypt Signature"/>  
                <entry key="user" value="apmserver" />  
                <entry key="encryptionUser" value="apmclient" />  
                <entry key="encryptionPropFile" value="server_outsecurity_enc.properties"/>  
                <entry key="signaturePropFile" value="server_insecurity_sign.properties"/>  
                <entry>  
                    <key>  
                        <value>passwordCallbackRef</value>  
                    </key>  
                    <ref bean="passwordCallback"/>  
                </entry>  
            </map>  
        </property>  
    </bean>  
       
    <bean id="passwordCallback" class="com.cecltd.security.PasswordHandler"/>   
       
</beans>  

web.xml

view plain
<?xml version="1.0" encoding="UTF-8"?>  
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"  
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee   
    http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">  
  
     <context-param>   
        <param-name>contextConfigLocation</param-name>   
        <param-value>WEB-INF/cxf-config.xml</param-value>   
    </context-param>   
  
    <listener>   
        <listener-class>   
            org.springframework.web.context.ContextLoaderListener   
        </listener-class>   
    </listener>   
  
    <servlet>  
        <servlet-name>CXFServlet</servlet-name>  
        <servlet-class>  
            org.apache.cxf.transport.servlet.CXFServlet  
        </servlet-class>  
        <load-on-startup>1</load-on-startup>  
    </servlet>  
  
    <servlet-mapping>  
        <servlet-name>CXFServlet</servlet-name>  
        <url-pattern>/services/*</url-pattern>  
    </servlet-mapping>  
  
</web-app>  

分享到：

Java web services: WS-Security with CXF ... | NAT负载均衡技术 (转)

2011-09-05 17:36
浏览 2329
评论(0)
分类:互联网
查看更多

发表评论

您还没有登录,请您登录后再发表评论

最近访客更多访客>>

博主相关

文章分类

社区版块

存档分类

最新评论