`

CXF全接触 --- WS-Security的实现 (转)

 
阅读更多

 

转自 http://blog.csdn.net/kunshan_shenbin/article/details/3813000

 

我们使用Apache WSS4J这个WS-Security的开源实现,相关内容请参阅:

 

http://ws.apache.org/wss4j/

WSS4J支持如下几种模式:

XML Security

    XML Signature

    XML Encryption

Tokens

    Username Tokens

    Timestamps

    SAML Tokens

这里将使用Timestamps+Encryption+Signature组合。

 

首先需要生成服务端及客户端密钥文件:

generateKeyPair.bat

 

  1. rem @echo off  
  2. echo alias %1  
  3. echo keypass %2  
  4. echo keystoreName %3  
  5. echo KeyStorePass %4  
  6. echo keyName %5  
  7.   
  8. echo keyName %5  
  9. keytool -genkey -alias %1 -keypass %2 -keystore %3 -storepass %4  -dname "cn=%1" -keyalg RSA  
  10. keytool -selfcert -alias %1 -keystore %3 -storepass %4 -keypass %2  
  11. keytool -export -alias %1 -file %5 -keystore %3 -storepass %4  

 

generateServerKey.bat

 

  1. call generateKeyPair.bat apmserver apmserverpass serverStore.jks keystorePass serverKey.rsa  
  2. call generateKeyPair.bat apmclient apmclientpass clientStore.jks keystorePass clientKey.rsa  
  3. keytool -import -alias apmserver -file serverKey.rsa -keystore clientStore.jks -storepass keystorePass -noprompt  
  4. keytool -import -alias apmclient -file clientKey.rsa -keystore serverStore.jks -storepass keystorePass -noprompt  

 

 执行generateServerKey.bat批处理,生成clientStore.jks及serverStore.jks文件。

生成的密钥文件中包含的信息:

服务端 账户:apmserver / apmserverpass

客户端 账户:apmclient / apmclientpass

 

如下图所示建立工程:

工程视图

 所使用到的Jar包一览

jar包一览

 PasswordHandler.java

 

  1. package com.cecltd.security;  
  2.   
  3. import java.io.IOException;  
  4. import java.util.HashMap;  
  5. import java.util.Map;  
  6.   
  7. import javax.security.auth.callback.Callback;  
  8. import javax.security.auth.callback.CallbackHandler;  
  9. import javax.security.auth.callback.UnsupportedCallbackException;  
  10.   
  11. import org.apache.ws.security.WSPasswordCallback;  
  12.   
  13. public class PasswordHandler implements CallbackHandler {  
  14.   
  15.     private Map<String, String> passwords = new HashMap<String, String>();  
  16.   
  17.     public PasswordHandler() {  
  18.         passwords.put("apmserver""apmserverpass");  
  19.         passwords.put("apmclient""apmclientpass");  
  20.     }  
  21.   
  22.     public void handle(Callback[] callbacks) throws IOException,  
  23.             UnsupportedCallbackException {  
  24.         WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];  
  25.         String id = pc.getIdentifer();  
  26.         pc.setPassword((String) passwords.get(id));  
  27.     }  
  28. }  

 

SayHiSrvcImpl.java

 

  1. package com.cecltd.service.impl;  
  2.   
  3. import com.cecltd.service.SayHiSrvc;  
  4.   
  5. public class SayHiSrvcImpl implements SayHiSrvc {  
  6.   
  7.     public String sayHi(String username) {  
  8.           
  9.         return "Hi, " + username + "!";  
  10.     }  
  11. }  

 

SayHiSrvc.java

 

  1. package com.cecltd.service;  
  2.   
  3. import javax.jws.WebService;  
  4.   
  5. @WebService  
  6. public interface SayHiSrvc {  
  7.   
  8.     public String sayHi(String username);  
  9. }  

 

server_insecurity_enc.properties

 

  1. orgorg.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin  
  2. org.apache.ws.security.crypto.merlin.keystore.type=jks  
  3. org.apache.ws.security.crypto.merlin.keystore.password=keystorePass  
  4. org.apache.ws.security.crypto.merlin.alias.password=apmserverpass  
  5. org.apache.ws.security.crypto.merlin.keystore.alias=apmserver  
  6. org.apache.ws.security.crypto.merlin.file=serverStore.jks  

 

server_insecurity_sign.properties

 

  1. org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin  
  2. org.apache.ws.security.crypto.merlin.keystore.type=jks  
  3. org.apache.ws.security.crypto.merlin.keystore.password=keystorePass  
  4. #org.apache.ws.security.crypto.merlin.alias.password=apmserverpass  
  5. org.apache.ws.security.crypto.merlin.keystore.alias=apmserver  
  6. org.apache.ws.security.crypto.merlin.file=serverStore.jks  

 

server_outsecurity_enc.properties

 

  1. orgorg.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin  
  2. org.apache.ws.security.crypto.merlin.keystore.type=jks  
  3. org.apache.ws.security.crypto.merlin.keystore.password=keystorePass  
  4. #org.apache.ws.security.crypto.merlin.alias.password=apmserverpass  
  5. #org.apache.ws.security.crypto.merlin.keystore.alias=apmserver  
  6. org.apache.ws.security.crypto.merlin.file=serverStore.jks  

 

SayHiServiceTest.java

 

  1. package com.service.test;  
  2.   
  3. import static org.junit.Assert.*;  
  4. import org.junit.BeforeClass;  
  5. import org.junit.Test;  
  6. import org.springframework.context.ApplicationContext;  
  7. import org.springframework.context.support.ClassPathXmlApplicationContext;  
  8.   
  9. import com.cecltd.service.SayHiSrvc;  
  10.   
  11. public class SayHiServiceTest {  
  12.   
  13.     private static SayHiSrvc sayHiSrvc;  
  14.       
  15.     @BeforeClass  
  16.     public static void setUp() {  
  17.           
  18.         ApplicationContext context = new ClassPathXmlApplicationContext(new String[] { "applicationContext.xml" });  
  19.         sayHiSrvc = (SayHiSrvc)context.getBean("SayHiSrvc");  
  20.     }  
  21.       
  22.     @Test  
  23.     public void testSayHi() {  
  24.       
  25.         assertEquals("Hi, ShenBin!", sayHiSrvc.sayHi("ShenBin"));  
  26.     }  
  27. }  

 

applicationContext.xml

 

  1. <beans xmlns="http://www.springframework.org/schema/beans"  
  2.     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
  3.     xmlns:jaxws="http://cxf.apache.org/jaxws"  
  4.     xsi:schemaLocation="  
  5.     http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd  
  6.     http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">  
  7.   
  8.     <bean id="SayHiSrvc" class="com.cecltd.service.SayHiSrvc" factory-bean="SayHiSrvcFactory" factory-method="create"/>  
  9.   
  10.     <bean id="SayHiSrvcFactory" class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean">  
  11.         <property name="serviceClass" value="com.cecltd.service.SayHiSrvc" />  
  12.         <property name="address" value="${host.url}/SayHiSrvc" />  
  13.         <property name="outInterceptors">  
  14.             <list>  
  15.                 <bean class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />  
  16.                 <ref bean="wss4jOutConfiguration" />  
  17.             </list>  
  18.         </property>  
  19.         <property name="inInterceptors">  
  20.             <list>  
  21.                 <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />  
  22.                 <ref bean="wss4jInConfiguration" />  
  23.             </list>  
  24.         </property>  
  25.     </bean>  
  26.       
  27.     <bean id="propertyConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">  
  28.         <property name="locations">  
  29.             <list>  
  30.                 <value>serverhost.properties</value>  
  31.             </list>  
  32.         </property>  
  33.     </bean>  
  34.       
  35.     <bean id="wss4jOutConfiguration" class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">  
  36.         <property name="properties">  
  37.             <map>  
  38.                 <entry key="action" value="Timestamp Encrypt Signature" />  
  39.                 <entry key="user" value="apmclient" />  
  40.                 <entry key="encryptionUser" value="apmserver" />  
  41.                 <entry key="signaturePropFile" value="outsecurity_sign.properties" />  
  42.                 <entry key="signatureKeyIdentifier" value="IssuerSerial" />  
  43.                 <entry key="encryptionPropFile" value="outsecurity_enc.properties" />  
  44.                 <entry>  
  45.                     <key>  
  46.                         <value>passwordCallbackRef</value>  
  47.                     </key>  
  48.                     <ref bean="passwordCallback" />  
  49.                 </entry>  
  50.             </map>  
  51.         </property>  
  52.     </bean>  
  53.       
  54.     <bean id="wss4jInConfiguration" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">  
  55.         <property name="properties">  
  56.             <map>  
  57.                 <entry key="action" value="Timestamp Encrypt Signature" />  
  58.                 <entry key="user" value="apmclient" />  
  59.                 <entry key="decryptionPropFile" value="insecurity_enc.properties" />  
  60.                 <entry key="enableSignatureConfirmation" value="true" />  
  61.                 <entry key="signaturePropFile" value="outsecurity_sign.properties" />  
  62.                 <entry key="signatureKeyIdentifier" value="IssuerSerial" />  
  63.                 <entry>  
  64.                     <key>  
  65.                         <value>passwordCallbackRef</value>  
  66.                     </key>  
  67.                     <ref bean="passwordCallback" />  
  68.                 </entry>  
  69.             </map>  
  70.         </property>  
  71.     </bean>  
  72.       
  73.     <bean id="passwordCallback" class="com.cecltd.security.PasswordHandler"/>  
  74.   
  75. </beans>  

 

insecurity_enc.properties

 

  1. orgorg.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin  
  2. org.apache.ws.security.crypto.merlin.keystore.type=jks  
  3. org.apache.ws.security.crypto.merlin.keystore.password=keystorePass  
  4. org.apache.ws.security.crypto.merlin.alias.password=apmclientpass  
  5. org.apache.ws.security.crypto.merlin.keystore.alias=apmclient  
  6. org.apache.ws.security.crypto.merlin.file=clientStore.jks  

 

outsecurity_enc.properties

 

  1. org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin  
  2. org.apache.ws.security.crypto.merlin.keystore.type=jks  
  3. org.apache.ws.security.crypto.merlin.keystore.password=keystorePass  
  4. org.apache.ws.security.crypto.merlin.alias.password=apmclientpass  
  5. org.apache.ws.security.crypto.merlin.keystore.alias=apmclient  
  6. org.apache.ws.security.crypto.merlin.file=clientStore.jks  

 

outsecurity_sign.properties

 

  1. org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin  
  2. org.apache.ws.security.crypto.merlin.keystore.type=jks  
  3. org.apache.ws.security.crypto.merlin.keystore.password=keystorePass  
  4. org.apache.ws.security.crypto.merlin.alias.password=apmclientpass  
  5. org.apache.ws.security.crypto.merlin.keystore.alias=apmclient  
  6. org.apache.ws.security.crypto.merlin.file=clientStore.jks  

 

serverhost.properties

 

  1. host.url=http://127.0.0.1:8080/J6CxfSrvc/services  

 

cxf-config.xml

 

  1. <beans xmlns="http://www.springframework.org/schema/beans"   
  2.     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"   
  3.     xmlns:jaxws="http://cxf.apache.org/jaxws"   
  4.     xsi:schemaLocation="   
  5.     http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd   
  6.     http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">   
  7.   
  8.     <import resource="classpath:META-INF/cxf/cxf.xml" />   
  9.     <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />   
  10.     <import resource="classpath:META-INF/cxf/cxf-servlet.xml" />   
  11.   
  12.     <jaxws:endpoint id="SayHiSrvc" implementor="com.cecltd.service.impl.SayHiSrvcImpl" address="/SayHiSrvc">   
  13.         <jaxws:inInterceptors>  
  14.             <bean class="org.apache.cxf.interceptor.LoggingInInterceptor"/>   
  15.             <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"/>  
  16.             <ref bean="wss4jInConfiguration"/>  
  17.         </jaxws:inInterceptors>  
  18.         <jaxws:outInterceptors>  
  19.             <bean class="org.apache.cxf.interceptor.LoggingOutInterceptor"/>  
  20.             <bean class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor"/>  
  21.             <ref bean="wss4jOutConfiguration"/>  
  22.         </jaxws:outInterceptors>  
  23.     </jaxws:endpoint>   
  24.   
  25.         <bean id="wss4jInConfiguration" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">  
  26.         <property name="properties">  
  27.             <map>  
  28.                 <entry key="action" value="Timestamp Encrypt Signature"/>  
  29.                 <entry key="decryptionPropFile" value="server_insecurity_enc.properties"/>  
  30.                 <entry key="signaturePropFile" value="server_insecurity_sign.properties"/>  
  31.                 <entry>  
  32.                     <key>  
  33.                         <value>passwordCallbackRef</value>  
  34.                     </key>  
  35.                     <ref bean="passwordCallback"/>  
  36.                 </entry>  
  37.             </map>  
  38.         </property>  
  39.     </bean>  
  40.       
  41.     <bean id="wss4jOutConfiguration" class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">  
  42.         <property name="properties">  
  43.             <map>  
  44.                 <entry key="action" value="Timestamp Encrypt Signature"/>  
  45.                 <entry key="user" value="apmserver" />  
  46.                 <entry key="encryptionUser" value="apmclient" />  
  47.                 <entry key="encryptionPropFile" value="server_outsecurity_enc.properties"/>  
  48.                 <entry key="signaturePropFile" value="server_insecurity_sign.properties"/>  
  49.                 <entry>  
  50.                     <key>  
  51.                         <value>passwordCallbackRef</value>  
  52.                     </key>  
  53.                     <ref bean="passwordCallback"/>  
  54.                 </entry>  
  55.             </map>  
  56.         </property>  
  57.     </bean>  
  58.        
  59.     <bean id="passwordCallback" class="com.cecltd.security.PasswordHandler"/>   
  60.        
  61. </beans>  

 

web.xml

 

  1. <?xml version="1.0" encoding="UTF-8"?>  
  2. <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"  
  3.     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
  4.     xsi:schemaLocation="http://java.sun.com/xml/ns/javaee   
  5.     http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">  
  6.   
  7.      <context-param>   
  8.         <param-name>contextConfigLocation</param-name>   
  9.         <param-value>WEB-INF/cxf-config.xml</param-value>   
  10.     </context-param>   
  11.   
  12.     <listener>   
  13.         <listener-class>   
  14.             org.springframework.web.context.ContextLoaderListener   
  15.         </listener-class>   
  16.     </listener>   
  17.   
  18.     <servlet>  
  19.         <servlet-name>CXFServlet</servlet-name>  
  20.         <servlet-class>  
  21.             org.apache.cxf.transport.servlet.CXFServlet  
  22.         </servlet-class>  
  23.         <load-on-startup>1</load-on-startup>  
  24.     </servlet>  
  25.   
  26.     <servlet-mapping>  
  27.         <servlet-name>CXFServlet</servlet-name>  
  28.         <url-pattern>/services/*</url-pattern>  
  29.     </servlet-mapping>  
  30.   
  31. </web-app>  

 

 

分享到:
评论

相关推荐

    CXFWS-Security

    1)参考: ...2)CXFWS工程是基于WS-Security规范,实现X.509身份验证的,同时实现签名和加密 keytool 工具的使用参考 http://hi.baidu.com/qianshuifanchuan/blog/item/6291b8510009ad3c42a75b8e.html ...

    cxf-rt-rs-client-3.0.1-API文档-中文版.zip

    赠送jar包:cxf-rt-rs-client-3.0.1.jar; 赠送原API文档:cxf-rt-rs-client-3.0.1-javadoc.jar; 赠送源代码:cxf-rt-rs-client-3.0.1-sources.jar; 赠送Maven依赖信息文件:cxf-rt-rs-client-3.0.1.pom; 包含...

    纯java调用ws-security+CXF实现的webservice安全接口

    本文将深入探讨如何使用CXF框架结合ws-security标准来实现对Java客户端调用Web服务的安全接口。CXF是一个开源的服务框架,它允许开发人员创建和消费各种Web服务,而ws-security(Web Services Security)则是用于...

    cxf-rt-ws-addr-3.0.1-API文档-中文版.zip

    赠送jar包:cxf-rt-ws-addr-3.0.1.jar; 赠送原API文档:cxf-rt-ws-addr-3.0.1-javadoc.jar; 赠送源代码:cxf-rt-ws-addr-3.0.1-sources.jar; 赠送Maven依赖信息文件:cxf-rt-ws-addr-3.0.1.pom; 包含翻译后的API...

    cxf-rt-frontend-jaxrs-3.0.1-API文档-中文版.zip

    赠送jar包:cxf-rt-frontend-jaxrs-3.0.1.jar; 赠送原API文档:cxf-rt-frontend-jaxrs-3.0.1-javadoc.jar; 赠送源代码:cxf-rt-frontend-jaxrs-3.0.1-sources.jar; 赠送Maven依赖信息文件:cxf-rt-frontend-jaxrs...

    cxf-rt-transports-http-3.0.1-API文档-中文版.zip

    赠送jar包:cxf-rt-transports-http-3.0.1.jar; 赠送原API文档:cxf-rt-transports-http-3.0.1-javadoc.jar; 赠送源代码:cxf-rt-transports-http-3.0.1-sources.jar; 赠送Maven依赖信息文件:cxf-rt-transports-...

    cxf-core-3.0.1-API文档-中文版.zip

    赠送jar包:cxf-core-3.0.1.jar; 赠送原API文档:cxf-core-3.0.1-javadoc.jar; 赠送源代码:cxf-core-3.0.1-sources.jar; 赠送Maven依赖信息文件:cxf-core-3.0.1.pom; 包含翻译后的API文档:cxf-core-3.0.1-...

    cxf-rt-frontend-simple-3.0.1-API文档-中文版.zip

    赠送jar包:cxf-rt-frontend-simple-3.0.1.jar; 赠送原API文档:cxf-rt-frontend-simple-3.0.1-javadoc.jar; 赠送源代码:cxf-rt-frontend-simple-3.0.1-sources.jar; 赠送Maven依赖信息文件:cxf-rt-frontend-...

    cxf-rt-frontend-jaxws-3.0.1-API文档-中文版.zip

    赠送jar包:cxf-rt-frontend-jaxws-3.0.1.jar; 赠送原API文档:cxf-rt-frontend-jaxws-3.0.1-javadoc.jar; 赠送源代码:cxf-rt-frontend-jaxws-3.0.1-sources.jar; 赠送Maven依赖信息文件:cxf-rt-frontend-jaxws...

    cxfWebservice客户端全部jar包及极简调用方法.rar

    udp-3.0.11.jar,cxf-rt-wsdl-3.0.0.jar,cxf-rt-ws-security-3.0.0.jar,neethi-3.0.3.jar,slf4j-api-1.7.7.jar,stax2-api-3.1.4.jar,woodstox-core-asl-4.4.1.jar,wsdl4j-1.6.3.jar,wss4j-bindings-2.0.9.jar,xml...

    cxf-rt-bindings-soap-3.0.1-API文档-中文版.zip

    赠送jar包:cxf-rt-bindings-soap-3.0.1.jar; 赠送原API文档:cxf-rt-bindings-soap-3.0.1-javadoc.jar; 赠送源代码:cxf-rt-bindings-soap-3.0.1-sources.jar; 赠送Maven依赖信息文件:cxf-rt-bindings-soap-...

    apache-cxf-3.1.1跟3.1.6所有jar包

    - **cxf-rt-ws-security.jar**:包含WS-Security相关的类和接口。 此外,还有其他如`cxf-rt-bindings-soap.jar`、`cxf-rt-databinding-jaxb.jar`、`cxf-rt-rs-extension-providers.jar`等,它们分别对应于不同的...

    cxf ws-Security的实现

    cxf ws-Security的实现 WS-SecurityPolicy 安全配置指定在客户机和服务之间交换的消息所需的安全处理。在大多数情况下,Web 服务堆栈还需要更多信息,才能对消息交换应用安全措施。 里面有2个project,分别server ...

    cxf-rt-ws-policy-3.0.1-API文档-中文版.zip

    赠送jar包:cxf-rt-ws-policy-3.0.1.jar; 赠送原API文档:cxf-rt-ws-policy-3.0.1-javadoc.jar; 赠送源代码:cxf-rt-ws-policy-3.0.1-sources.jar; 赠送Maven依赖信息文件:cxf-rt-ws-policy-3.0.1.pom; 包含...

    CXF WS-Security WSS4J 例子

    2. **WSS4J**:作为CXF中实现WS-Security的库,WSS4J提供了丰富的API,允许开发者在发送和接收Web服务请求时添加安全头信息。这些头信息可以包含用户名令牌、X.509证书、SAML令牌等,以实现不同级别的身份验证和授权...

    cxf+ws-security-JAR

    【标题】"cxf+ws-security-JAR"指的是Apache CXF框架与WS-Security整合创建的JAR包,用于在Web服务(Web Service)中实现...这个JAR包很可能包含了一些预配置的CXF组件和相关的WS-Security实现,便于快速集成到项目中。

    cxf-rt-frontend-jaxws-3.0.16.jar 下载

    cxf-rt-frontend-jaxws-3.0.16.jar jar包下载3.0.16版本下载

    cxf.xml,cxf-servlet.xml,cxf-extension-soap.xml

    &lt;import resource="classpath:META-INF/cxf/cxf.xml"/&gt; &lt;import resource="classpath:META-INF/cxf/cxf-extension-soap.xml"/&gt; &lt;import resource="classpath:META-INF/cxf/cxf-servlet.xml"/&gt;

    apache-cxf-2.3.5-src.zip

    - **cxf-rt-ws-security**:Web服务安全相关的实现,包括WS-Security标准的支持。 通过对这些源码的学习和研究,开发者可以更深入地了解CXF的工作机制,提升自己的Web服务开发技能。同时,对于想要贡献CXF社区或者...

    apache-cxf-2.5.2

    6. **安全特性**:CXF支持WS-Security和其他安全标准,以确保Web服务的安全性。 7. **集成性**:CXF可以很好地与其他Java企业级框架集成,如Spring,允许灵活的配置和服务部署。 8. **测试工具**:CXF提供了诸如...

Global site tag (gtag.js) - Google Analytics