web Service实践——Xfire的ws-security用户名和密码安全验证

shuai1234

浏览: 972204 次
性别:
来自: 山西

最近访客更多访客>>

tangang

shnsvyu

zhoukunhy

__点__

博主相关

博客

微博

相册

留言

关于我

文章分类

社区版块

存档分类

博客分类：

java

一、参照《Web Service实践之——XFire实例》（本空间的文章）建立一个Xfire的应用；

二、引入的jar包：

xfire-1.2.6的所有jar包（包括xfire-all-1.2.6.jar），下载地址：http://xfire.codehaus.org/Download

wss4j-1.5.8.jar：下载地址：http://ws.apache.org/wss4j/

三、服务器端

1、PasswordHandler类，继承自avax.security.auth.callback.CallbackHandler

package com.channelsoft.hr.wssecurity;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;

import org.apache.ws.security.WSPasswordCallback;

public class PasswordHandler implements CallbackHandler {
@SuppressWarnings("unchecked")
private Map passwords = new HashMap();

    @SuppressWarnings("unchecked")
public PasswordHandler() {
        passwords.put("server", "serverpass");//服务器端记录的用户名和密码，可以有多个
    }

    public void handle(Callback[] callbacks) throws IOException,//回调接口方法
            UnsupportedCallbackException {
        System.out.println("Handling Password!");
        WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];//获取回调对象
        String id = pc.getIdentifer();//获取用户名
        System.out.println("id:"+id+" ,password:"+(String) passwords.get(id));

String validPw = (String)password.get(id);②-3:获取用户对应的正确密码

②-4:如果是明文密码直接进行判断

if(WSConstants.PASSWORD_TEXT.equals(callback.getPasswordType())){

String pw = callback.getPassword();

if(pw == null || !pw.equalsIgnoreCase(validPw)){

throw new WSSecurityException("password not match");

}

}else{
pc.setPassword((String) passwords.get(id));//如果是密码摘要，向回调设置正确的密码（明文密码）
}
}

2、service.xml

<beans xmlns="http://xfire.codehaus.org/config/1.0">
<service>
<name>hrwebservice</name>
<namespace>com.channelsoft.hr</namespace>
<serviceClass>com.channelsoft.hr.webservice.DepartmentAndPersonInfo</serviceClass>
<implementationClass>com.channelsoft.hr.webservice.impl.DepartmentAndPersonInfoImpl</implementationClass>
<inHandlers>
          <handler handlerClass="org.codehaus.xfire.util.dom.DOMInHandler" />
            <bean
                class="org.codehaus.xfire.security.wss4j.WSS4JInHandler" xmlns="">
                <property name="properties">
                    <props>
                       <prop key="action">UsernameToken</prop>//使用用户名与密码进行安全验证
                        <prop key="passwordCallbackClass">
                            com.channelsoft.hr.wssecurity.PasswordHandler//回调类
                        </prop>
                    </props>
                </property>
            </bean>
    </inHandlers>
</service>
</beans>

四、客户端

2、客户端调用

package hr;

import java.net.MalformedURLException;

import org.codehaus.xfire.client.Client;
import org.codehaus.xfire.client.XFireProxyFactory;
import org.codehaus.xfire.security.wss4j.WSS4JOutHandler;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.codehaus.xfire.service.Service;
import org.codehaus.xfire.service.binding.ObjectServiceFactory;
import org.codehaus.xfire.transport.http.CommonsHttpMessageSender;
import org.codehaus.xfire.util.dom.DOMOutHandler;

import com.channelsoft.hr.webservice.DepartmentAndPersonInfo;

public class getHRInfo
{
public static void main(String args[])
{
   String serviceURL = "http://localhost:8080/HRWebService/services/hrwebservice";
   // 创建service对象
   Service serviceModel = new ObjectServiceFactory().create(DepartmentAndPersonInfo.class);

   XFireProxyFactory serviceFactory = new XFireProxyFactory();

   try
   {
    // 获取服务对象
    DepartmentAndPersonInfo service = (DepartmentAndPersonInfo) serviceFactory.create(serviceModel, serviceURL);

    // 忽略http连接的超时时间,0为不设置超时时间，》=1为超时毫秒数
    Client client = Client.getInstance(service);
    client.setProperty(CommonsHttpMessageSender.HTTP_TIMEOUT, "0");
    //发送授权信息
//      client.addOutHandler(new ClientAuthenticationHandler("abcd","1234"));

//      //WS-Security
      WSS4JOutHandler wsOut = new WSS4JOutHandler();
      String actions =WSHandlerConstants.USERNAME_TOKEN;
         wsOut.setProperty(WSHandlerConstants.ACTION, actions);//动作
         wsOut.setProperty(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PASSWORD_DIGEST);//密码类型
         wsOut.setProperty(WSHandlerConstants.USER, "server");   //指定用户
         wsOut.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS, PasswordHandler.class.getName());//密码回调类

         client.addOutHandler(new DOMOutHandler());
         client.addOutHandler(wsOut);

    // 调用服务
    String hello = service.queryDepartmentInfo();
    String hello2 = service.queryPersonnelInfo("", "", "");
    System.out.println(hello);
    System.out.println(hello2);

   }
   catch (MalformedURLException e)
   {
    System.out.println("错误！！！");
    e.printStackTrace();
   }
}
}

分享到：

xfire 使用用户名/密码进行身份认证 | Web Service实践之——开始XFire

2011-12-02 18:16
浏览 1086
评论(0)
分类:编程语言
查看更多

发表评论

您还没有登录,请您登录后再发表评论

最近访客更多访客>>

博主相关

文章分类

社区版块

存档分类

最新评论