- 浏览: 158758 次
- 性别:
- 来自: 奥克兰
文章分类
最新评论
-
u012625419:
...
CXF之用spring配置服务端和客户端实例(转) -
bambooshangye:
CXF之用spring配置服务端和客户端实例(转) -
最佳蜗牛:
写的很好,谢谢!
tomcat下的server.xml文件和context.xml (转) -
mohaowen1989:
亲 有中文版的么?在grails基础上的spring-secu ...
Simplified Spring Security with Grails(转) -
douhongyang:
挺好,,思路很清晰,
spring security详解教程 (转)
转自 http://blog.csdn.net/kunshan_shenbin/article/details/3813000
我们使用Apache WSS4J这个WS-Security的开源实现,相关内容请参阅:
WSS4J支持如下几种模式:
XML Security
XML Signature
XML Encryption
Tokens
Username Tokens
Timestamps
SAML Tokens
这里将使用Timestamps+Encryption+Signature组合。
首先需要生成服务端及客户端密钥文件:
generateKeyPair.bat
- rem @echo off
- echo alias %1
- echo keypass %2
- echo keystoreName %3
- echo KeyStorePass %4
- echo keyName %5
- echo keyName %5
- keytool -genkey -alias %1 -keypass %2 -keystore %3 -storepass %4 -dname "cn=%1" -keyalg RSA
- keytool -selfcert -alias %1 -keystore %3 -storepass %4 -keypass %2
- keytool -export -alias %1 -file %5 -keystore %3 -storepass %4
generateServerKey.bat
- call generateKeyPair.bat apmserver apmserverpass serverStore.jks keystorePass serverKey.rsa
- call generateKeyPair.bat apmclient apmclientpass clientStore.jks keystorePass clientKey.rsa
- keytool -import -alias apmserver -file serverKey.rsa -keystore clientStore.jks -storepass keystorePass -noprompt
- keytool -import -alias apmclient -file clientKey.rsa -keystore serverStore.jks -storepass keystorePass -noprompt
执行generateServerKey.bat批处理,生成clientStore.jks及serverStore.jks文件。
生成的密钥文件中包含的信息:
服务端 账户:apmserver / apmserverpass
客户端 账户:apmclient / apmclientpass
如下图所示建立工程:
所使用到的Jar包一览
PasswordHandler.java
- package com.cecltd.security;
- import java.io.IOException;
- import java.util.HashMap;
- import java.util.Map;
- import javax.security.auth.callback.Callback;
- import javax.security.auth.callback.CallbackHandler;
- import javax.security.auth.callback.UnsupportedCallbackException;
- import org.apache.ws.security.WSPasswordCallback;
- public class PasswordHandler implements CallbackHandler {
- private Map<String, String> passwords = new HashMap<String, String>();
- public PasswordHandler() {
- passwords.put("apmserver", "apmserverpass");
- passwords.put("apmclient", "apmclientpass");
- }
- public void handle(Callback[] callbacks) throws IOException,
- UnsupportedCallbackException {
- WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
- String id = pc.getIdentifer();
- pc.setPassword((String) passwords.get(id));
- }
- }
SayHiSrvcImpl.java
- package com.cecltd.service.impl;
- import com.cecltd.service.SayHiSrvc;
- public class SayHiSrvcImpl implements SayHiSrvc {
- public String sayHi(String username) {
- return "Hi, " + username + "!";
- }
- }
SayHiSrvc.java
- package com.cecltd.service;
- import javax.jws.WebService;
- @WebService
- public interface SayHiSrvc {
- public String sayHi(String username);
- }
server_insecurity_enc.properties
- orgorg.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
- org.apache.ws.security.crypto.merlin.keystore.type=jks
- org.apache.ws.security.crypto.merlin.keystore.password=keystorePass
- org.apache.ws.security.crypto.merlin.alias.password=apmserverpass
- org.apache.ws.security.crypto.merlin.keystore.alias=apmserver
- org.apache.ws.security.crypto.merlin.file=serverStore.jks
server_insecurity_sign.properties
- org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
- org.apache.ws.security.crypto.merlin.keystore.type=jks
- org.apache.ws.security.crypto.merlin.keystore.password=keystorePass
- #org.apache.ws.security.crypto.merlin.alias.password=apmserverpass
- org.apache.ws.security.crypto.merlin.keystore.alias=apmserver
- org.apache.ws.security.crypto.merlin.file=serverStore.jks
server_outsecurity_enc.properties
- orgorg.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
- org.apache.ws.security.crypto.merlin.keystore.type=jks
- org.apache.ws.security.crypto.merlin.keystore.password=keystorePass
- #org.apache.ws.security.crypto.merlin.alias.password=apmserverpass
- #org.apache.ws.security.crypto.merlin.keystore.alias=apmserver
- org.apache.ws.security.crypto.merlin.file=serverStore.jks
SayHiServiceTest.java
- package com.service.test;
- import static org.junit.Assert.*;
- import org.junit.BeforeClass;
- import org.junit.Test;
- import org.springframework.context.ApplicationContext;
- import org.springframework.context.support.ClassPathXmlApplicationContext;
- import com.cecltd.service.SayHiSrvc;
- public class SayHiServiceTest {
- private static SayHiSrvc sayHiSrvc;
- @BeforeClass
- public static void setUp() {
- ApplicationContext context = new ClassPathXmlApplicationContext(new String[] { "applicationContext.xml" });
- sayHiSrvc = (SayHiSrvc)context.getBean("SayHiSrvc");
- }
- @Test
- public void testSayHi() {
- assertEquals("Hi, ShenBin!", sayHiSrvc.sayHi("ShenBin"));
- }
- }
applicationContext.xml
- <beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:jaxws="http://cxf.apache.org/jaxws"
- xsi:schemaLocation="
- http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">
- <bean id="SayHiSrvc" class="com.cecltd.service.SayHiSrvc" factory-bean="SayHiSrvcFactory" factory-method="create"/>
- <bean id="SayHiSrvcFactory" class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean">
- <property name="serviceClass" value="com.cecltd.service.SayHiSrvc" />
- <property name="address" value="${host.url}/SayHiSrvc" />
- <property name="outInterceptors">
- <list>
- <bean class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />
- <ref bean="wss4jOutConfiguration" />
- </list>
- </property>
- <property name="inInterceptors">
- <list>
- <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
- <ref bean="wss4jInConfiguration" />
- </list>
- </property>
- </bean>
- <bean id="propertyConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
- <property name="locations">
- <list>
- <value>serverhost.properties</value>
- </list>
- </property>
- </bean>
- <bean id="wss4jOutConfiguration" class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
- <property name="properties">
- <map>
- <entry key="action" value="Timestamp Encrypt Signature" />
- <entry key="user" value="apmclient" />
- <entry key="encryptionUser" value="apmserver" />
- <entry key="signaturePropFile" value="outsecurity_sign.properties" />
- <entry key="signatureKeyIdentifier" value="IssuerSerial" />
- <entry key="encryptionPropFile" value="outsecurity_enc.properties" />
- <entry>
- <key>
- <value>passwordCallbackRef</value>
- </key>
- <ref bean="passwordCallback" />
- </entry>
- </map>
- </property>
- </bean>
- <bean id="wss4jInConfiguration" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
- <property name="properties">
- <map>
- <entry key="action" value="Timestamp Encrypt Signature" />
- <entry key="user" value="apmclient" />
- <entry key="decryptionPropFile" value="insecurity_enc.properties" />
- <entry key="enableSignatureConfirmation" value="true" />
- <entry key="signaturePropFile" value="outsecurity_sign.properties" />
- <entry key="signatureKeyIdentifier" value="IssuerSerial" />
- <entry>
- <key>
- <value>passwordCallbackRef</value>
- </key>
- <ref bean="passwordCallback" />
- </entry>
- </map>
- </property>
- </bean>
- <bean id="passwordCallback" class="com.cecltd.security.PasswordHandler"/>
- </beans>
insecurity_enc.properties
- orgorg.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
- org.apache.ws.security.crypto.merlin.keystore.type=jks
- org.apache.ws.security.crypto.merlin.keystore.password=keystorePass
- org.apache.ws.security.crypto.merlin.alias.password=apmclientpass
- org.apache.ws.security.crypto.merlin.keystore.alias=apmclient
- org.apache.ws.security.crypto.merlin.file=clientStore.jks
outsecurity_enc.properties
- org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
- org.apache.ws.security.crypto.merlin.keystore.type=jks
- org.apache.ws.security.crypto.merlin.keystore.password=keystorePass
- org.apache.ws.security.crypto.merlin.alias.password=apmclientpass
- org.apache.ws.security.crypto.merlin.keystore.alias=apmclient
- org.apache.ws.security.crypto.merlin.file=clientStore.jks
outsecurity_sign.properties
- org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
- org.apache.ws.security.crypto.merlin.keystore.type=jks
- org.apache.ws.security.crypto.merlin.keystore.password=keystorePass
- org.apache.ws.security.crypto.merlin.alias.password=apmclientpass
- org.apache.ws.security.crypto.merlin.keystore.alias=apmclient
- org.apache.ws.security.crypto.merlin.file=clientStore.jks
serverhost.properties
- host.url=http://127.0.0.1:8080/J6CxfSrvc/services
cxf-config.xml
- <beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:jaxws="http://cxf.apache.org/jaxws"
- xsi:schemaLocation="
- http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">
- <import resource="classpath:META-INF/cxf/cxf.xml" />
- <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
- <import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
- <jaxws:endpoint id="SayHiSrvc" implementor="com.cecltd.service.impl.SayHiSrvcImpl" address="/SayHiSrvc">
- <jaxws:inInterceptors>
- <bean class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
- <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"/>
- <ref bean="wss4jInConfiguration"/>
- </jaxws:inInterceptors>
- <jaxws:outInterceptors>
- <bean class="org.apache.cxf.interceptor.LoggingOutInterceptor"/>
- <bean class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor"/>
- <ref bean="wss4jOutConfiguration"/>
- </jaxws:outInterceptors>
- </jaxws:endpoint>
- <bean id="wss4jInConfiguration" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
- <property name="properties">
- <map>
- <entry key="action" value="Timestamp Encrypt Signature"/>
- <entry key="decryptionPropFile" value="server_insecurity_enc.properties"/>
- <entry key="signaturePropFile" value="server_insecurity_sign.properties"/>
- <entry>
- <key>
- <value>passwordCallbackRef</value>
- </key>
- <ref bean="passwordCallback"/>
- </entry>
- </map>
- </property>
- </bean>
- <bean id="wss4jOutConfiguration" class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
- <property name="properties">
- <map>
- <entry key="action" value="Timestamp Encrypt Signature"/>
- <entry key="user" value="apmserver" />
- <entry key="encryptionUser" value="apmclient" />
- <entry key="encryptionPropFile" value="server_outsecurity_enc.properties"/>
- <entry key="signaturePropFile" value="server_insecurity_sign.properties"/>
- <entry>
- <key>
- <value>passwordCallbackRef</value>
- </key>
- <ref bean="passwordCallback"/>
- </entry>
- </map>
- </property>
- </bean>
- <bean id="passwordCallback" class="com.cecltd.security.PasswordHandler"/>
- </beans>
web.xml
- <?xml version="1.0" encoding="UTF-8"?>
- <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
- http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
- <context-param>
- <param-name>contextConfigLocation</param-name>
- <param-value>WEB-INF/cxf-config.xml</param-value>
- </context-param>
- <listener>
- <listener-class>
- org.springframework.web.context.ContextLoaderListener
- </listener-class>
- </listener>
- <servlet>
- <servlet-name>CXFServlet</servlet-name>
- <servlet-class>
- org.apache.cxf.transport.servlet.CXFServlet
- </servlet-class>
- <load-on-startup>1</load-on-startup>
- </servlet>
- <servlet-mapping>
- <servlet-name>CXFServlet</servlet-name>
- <url-pattern>/services/*</url-pattern>
- </servlet-mapping>
- </web-app>
发表评论
-
Difference between RPC/Document, literal/encoded
2011-12-01 16:39 2327转自 http://www.ibm.com/dev ... -
Java web services: WS-Security with CXF (转)
2011-09-05 17:45 2185This article is refered from h ... -
SSL原理解密(转)
2011-07-26 06:47 1551RSA公钥加密在计算机产 ... -
UsernameToken 介绍(转)
2011-04-14 12:39 1780很好的一篇文章,转过 ... -
不同格式证书导入keystore方法(转)
2011-04-14 12:24 2482转自: http://hi.baidu.com/%D3%C ... -
CXF使用WSS4J实现WS-Security规范之使用用户名令牌(转)
2011-04-14 10:35 2192转自 http://blog.csdn.net/fhd001/ ... -
WSDL 规则解释(转)
2011-04-13 11:56 3424转自 http://www.blogjava.net/baoy ... -
深入浅出WS-Addressing(转)
2010-10-28 11:51 12371. 为什么需要 WS-Addressin ... -
WS-Addressing EndpointReference(转)
2010-10-28 11:18 1038WS-Addressing规范主要描述 ... -
WS-Addressing 问题的引出(转)
2010-10-28 11:15 825SOAP 协议定义了在 Web Services 之间传 ... -
WS-Addressing Message Addressing Properties (转)
2010-10-28 11:09 1796相对EndpointReference而言,个人认为在WS-A ... -
SOAP与CORBA,COM/DCOM的区别(转)
2010-09-23 17:49 1779CORBA(Common Object Request Br ... -
Java Web 服务: Axis2 中的 JAXB 和 JAX-WS(转)
2010-09-23 17:41 1300Apache Axis2 支持各种数据 ... -
Web Service简介 (转)
2010-09-23 17:25 7161.定义 由两部分组成 ... -
WSDL & SOAP & Web Service (转)
2010-09-23 17:24 918WSDL 是基于 XML 的用于描述 Web Services ...
相关推荐
1)参考: ...2)CXFWS工程是基于WS-Security规范,实现X.509身份验证的,同时实现签名和加密 keytool 工具的使用参考 http://hi.baidu.com/qianshuifanchuan/blog/item/6291b8510009ad3c42a75b8e.html ...
赠送jar包:cxf-rt-rs-client-3.0.1.jar; 赠送原API文档:cxf-rt-rs-client-3.0.1-javadoc.jar; 赠送源代码:cxf-rt-rs-client-3.0.1-sources.jar; 赠送Maven依赖信息文件:cxf-rt-rs-client-3.0.1.pom; 包含...
本文将深入探讨如何使用CXF框架结合ws-security标准来实现对Java客户端调用Web服务的安全接口。CXF是一个开源的服务框架,它允许开发人员创建和消费各种Web服务,而ws-security(Web Services Security)则是用于...
赠送jar包:cxf-rt-ws-addr-3.0.1.jar; 赠送原API文档:cxf-rt-ws-addr-3.0.1-javadoc.jar; 赠送源代码:cxf-rt-ws-addr-3.0.1-sources.jar; 赠送Maven依赖信息文件:cxf-rt-ws-addr-3.0.1.pom; 包含翻译后的API...
赠送jar包:cxf-rt-frontend-jaxrs-3.0.1.jar; 赠送原API文档:cxf-rt-frontend-jaxrs-3.0.1-javadoc.jar; 赠送源代码:cxf-rt-frontend-jaxrs-3.0.1-sources.jar; 赠送Maven依赖信息文件:cxf-rt-frontend-jaxrs...
赠送jar包:cxf-rt-transports-http-3.0.1.jar; 赠送原API文档:cxf-rt-transports-http-3.0.1-javadoc.jar; 赠送源代码:cxf-rt-transports-http-3.0.1-sources.jar; 赠送Maven依赖信息文件:cxf-rt-transports-...
赠送jar包:cxf-core-3.0.1.jar; 赠送原API文档:cxf-core-3.0.1-javadoc.jar; 赠送源代码:cxf-core-3.0.1-sources.jar; 赠送Maven依赖信息文件:cxf-core-3.0.1.pom; 包含翻译后的API文档:cxf-core-3.0.1-...
赠送jar包:cxf-rt-frontend-simple-3.0.1.jar; 赠送原API文档:cxf-rt-frontend-simple-3.0.1-javadoc.jar; 赠送源代码:cxf-rt-frontend-simple-3.0.1-sources.jar; 赠送Maven依赖信息文件:cxf-rt-frontend-...
赠送jar包:cxf-rt-frontend-jaxws-3.0.1.jar; 赠送原API文档:cxf-rt-frontend-jaxws-3.0.1-javadoc.jar; 赠送源代码:cxf-rt-frontend-jaxws-3.0.1-sources.jar; 赠送Maven依赖信息文件:cxf-rt-frontend-jaxws...
udp-3.0.11.jar,cxf-rt-wsdl-3.0.0.jar,cxf-rt-ws-security-3.0.0.jar,neethi-3.0.3.jar,slf4j-api-1.7.7.jar,stax2-api-3.1.4.jar,woodstox-core-asl-4.4.1.jar,wsdl4j-1.6.3.jar,wss4j-bindings-2.0.9.jar,xml...
赠送jar包:cxf-rt-bindings-soap-3.0.1.jar; 赠送原API文档:cxf-rt-bindings-soap-3.0.1-javadoc.jar; 赠送源代码:cxf-rt-bindings-soap-3.0.1-sources.jar; 赠送Maven依赖信息文件:cxf-rt-bindings-soap-...
- **cxf-rt-ws-security.jar**:包含WS-Security相关的类和接口。 此外,还有其他如`cxf-rt-bindings-soap.jar`、`cxf-rt-databinding-jaxb.jar`、`cxf-rt-rs-extension-providers.jar`等,它们分别对应于不同的...
cxf ws-Security的实现 WS-SecurityPolicy 安全配置指定在客户机和服务之间交换的消息所需的安全处理。在大多数情况下,Web 服务堆栈还需要更多信息,才能对消息交换应用安全措施。 里面有2个project,分别server ...
赠送jar包:cxf-rt-ws-policy-3.0.1.jar; 赠送原API文档:cxf-rt-ws-policy-3.0.1-javadoc.jar; 赠送源代码:cxf-rt-ws-policy-3.0.1-sources.jar; 赠送Maven依赖信息文件:cxf-rt-ws-policy-3.0.1.pom; 包含...
2. **WSS4J**:作为CXF中实现WS-Security的库,WSS4J提供了丰富的API,允许开发者在发送和接收Web服务请求时添加安全头信息。这些头信息可以包含用户名令牌、X.509证书、SAML令牌等,以实现不同级别的身份验证和授权...
【标题】"cxf+ws-security-JAR"指的是Apache CXF框架与WS-Security整合创建的JAR包,用于在Web服务(Web Service)中实现...这个JAR包很可能包含了一些预配置的CXF组件和相关的WS-Security实现,便于快速集成到项目中。
cxf-rt-frontend-jaxws-3.0.16.jar jar包下载3.0.16版本下载
<import resource="classpath:META-INF/cxf/cxf.xml"/> <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml"/> <import resource="classpath:META-INF/cxf/cxf-servlet.xml"/>
- **cxf-rt-ws-security**:Web服务安全相关的实现,包括WS-Security标准的支持。 通过对这些源码的学习和研究,开发者可以更深入地了解CXF的工作机制,提升自己的Web服务开发技能。同时,对于想要贡献CXF社区或者...
6. **安全特性**:CXF支持WS-Security和其他安全标准,以确保Web服务的安全性。 7. **集成性**:CXF可以很好地与其他Java企业级框架集成,如Spring,允许灵活的配置和服务部署。 8. **测试工具**:CXF提供了诸如...