Apache CXF实战之四发布使用SSL的Web Service -

wake.up

浏览: 13810 次

最近访客更多访客>>

acoolper

u013305830

wantdraw

shou丶掌印

博主相关

博客

微博

相册

留言

关于我

文章分类

社区版块

存档分类

Apache CXF实战之四发布使用SSL的Web Service

博客分类：

service apache web ssl

在使用Web Service的时候，在很多情况下会要求我们发布ssl的web service，此时如果web service是作为一个war包部署在tomcat之类的web容器中的时候，我们可以通过修改tomcat的配置来比较容易的部署发布成ssl的 web service的，当对于独立运行的程序来书，此时发布web service是需要一些操作的，下面看看在CXF中怎样发布并调用SSL的Web Service。

1. 首先是一个pojo的实体类

[java] view plain copy print ?

package com.googlecode.garbagecan.cxfstudy.ssl;
public class User {
private String id;
private String name;
private String password;
public String getId() {
return id;
}
public void setId(String id) {
this.id = id;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}

2. 下面是Web Service的接口和实现类，这两个类和前面文章中介绍的没什么区别

[java] view plain copy print ?

package com.googlecode.garbagecan.cxfstudy.ssl;
import java.util.List;
import javax.jws.WebMethod;
import javax.jws.WebResult;
import javax.jws.WebService;
@WebService
public interface UserService {
@WebMethod
@WebResult List<User> list();
}
package com.googlecode.garbagecan.cxfstudy.ssl;
import java.util.ArrayList;
import java.util.List;
public class UserServiceImpl implements UserService {
public List<User> list() {
List<User> users = new ArrayList<User>();
for (int i = 0; i < 10; i++) {
User user = new User();
user.setId("" + i);
user.setName("user_" + i);
user.setPassword("password_" + i);
users.add(user);
}
return users;
}
}

3. 下面看看Server端代码

[java] view plain copy print ?

package com.googlecode.garbagecan.cxfstudy.ssl;
import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.cxf.configuration.jsse.TLSServerParameters;
import org.apache.cxf.configuration.security.ClientAuthentication;
import org.apache.cxf.configuration.security.FiltersType;
import org.apache.cxf.endpoint.Server;
import org.apache.cxf.jaxws.JaxWsServerFactoryBean;
import org.apache.cxf.transport.http_jetty.JettyHTTPServerEngineFactory;
public class MyServer {
private static final int port = 12345;
private static final String address = "https://0.0.0.0:"+port+"/ws/ssl/userService";
public static void main(String[] args) throws Exception {
System.out.println("Starting Server");
configureSSLOnTheServer();
JaxWsServerFactoryBean factoryBean = new JaxWsServerFactoryBean();
factoryBean.setServiceClass(UserServiceImpl.class);
factoryBean.setAddress(address);
Server server = factoryBean.create();
String endpoint = server.getEndpoint().getEndpointInfo().getAddress();
System.out.println("Server started at " + endpoint);
}
public static void configureSSLOnTheServer() {
File file = new File(MyServer.class.getResource("/com/googlecode/garbagecan/cxfstudy/ssl/test.jks").getFile());
try {
TLSServerParameters tlsParams = new TLSServerParameters();
KeyStore keyStore = KeyStore.getInstance("JKS");
String password = "mypassword";
String storePassword = "mypassword";
keyStore.load(new FileInputStream(file), storePassword.toCharArray());
KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyFactory.init(keyStore, password.toCharArray());
KeyManager[] keyManagers = keyFactory.getKeyManagers();
tlsParams.setKeyManagers(keyManagers);
keyStore.load(new FileInputStream(file), storePassword.toCharArray());
TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustFactory.init(keyStore);
TrustManager[] trustManagers = trustFactory.getTrustManagers();
tlsParams.setTrustManagers(trustManagers);
FiltersType filtersTypes = new FiltersType();
filtersTypes.getInclude().add(".*_EXPORT_.*");
filtersTypes.getInclude().add(".*_EXPORT1024_.*");
filtersTypes.getInclude().add(".*_WITH_DES_.*");
filtersTypes.getInclude().add(".*_WITH_NULL_.*");
filtersTypes.getExclude().add(".*_DH_anon_.*");
tlsParams.setCipherSuitesFilter(filtersTypes);
ClientAuthentication ca = new ClientAuthentication();
ca.setRequired(true);
ca.setWant(true);
tlsParams.setClientAuthentication(ca);
JettyHTTPServerEngineFactory factory = new JettyHTTPServerEngineFactory();
factory.setTLSServerParametersForPort(port, tlsParams);
} catch (Exception e) {
e.printStackTrace();
}
}
}

4. 下面看看Client端代码

[java] view plain copy print ?

package com.googlecode.garbagecan.cxfstudy.ssl;
import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.cxf.configuration.jsse.TLSClientParameters;
import org.apache.cxf.configuration.security.FiltersType;
import org.apache.cxf.endpoint.Client;
import org.apache.cxf.frontend.ClientProxy;
import org.apache.cxf.jaxws.JaxWsProxyFactoryBean;
import org.apache.cxf.transport.http.HTTPConduit;
public class MyClient {
private static final String address = "https://localhost:12345/ws/ssl/userService";
public static void main(String[] args) throws Exception {
JaxWsProxyFactoryBean factoryBean = new JaxWsProxyFactoryBean();
factoryBean.setAddress(address);
factoryBean.setServiceClass(UserService.class);
Object obj = factoryBean.create();
UserService userService = (UserService) obj;
configureSSLOnTheClient(userService);
System.out.println(userService.list());
}
private static void configureSSLOnTheClient(Object obj) {
File file = new File(MyServer.class.getResource("/com/googlecode/garbagecan/cxfstudy/ssl/test.jks").getFile());
Client client = ClientProxy.getClient(obj);
HTTPConduit httpConduit = (HTTPConduit) client.getConduit();
try {
TLSClientParameters tlsParams = new TLSClientParameters();
tlsParams.setDisableCNCheck(true);
KeyStore keyStore = KeyStore.getInstance("JKS");
String password = "mypassword";
String storePassword = "mypassword";
keyStore.load(new FileInputStream(file), storePassword.toCharArray());
TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustFactory.init(keyStore);
TrustManager[] trustManagers = trustFactory.getTrustManagers();
tlsParams.setTrustManagers(trustManagers);
keyStore.load(new FileInputStream(file), storePassword.toCharArray());
KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyFactory.init(keyStore, password.toCharArray());
KeyManager[] keyManagers = keyFactory.getKeyManagers();
tlsParams.setKeyManagers(keyManagers);
FiltersType filtersTypes = new FiltersType();
filtersTypes.getInclude().add(".*_EXPORT_.*");
filtersTypes.getInclude().add(".*_EXPORT1024_.*");
filtersTypes.getInclude().add(".*_WITH_DES_.*");
filtersTypes.getInclude().add(".*_WITH_NULL_.*");
filtersTypes.getExclude().add(".*_DH_anon_.*");
tlsParams.setCipherSuitesFilter(filtersTypes);
httpConduit.setTlsClientParameters(tlsParams);
} catch (Exception e) {
e.printStackTrace();
}
}
}

5. 我们需要手动生成jks文件，并将其放在maven工程resources的/com/googlecode/garbagecan/cxfstudy/ssl/目录下，下面是手动生成时使用的命令

[plain] view plain copy print ?

keytool -genkey -alias test -keyalg RSA -keypass mypassword -storepass mypassword -dname "CN=, OU=, O=, L=, ST=, C=" -validity 3650 -keystore test.jks

6. 最后我们可以通过启动MyServer和MyClient来验证我们的测试。

分享到：

CAS单点登录(一)---CAS原理 | Apache CXF实战之三 Map类型绑定

2013-06-27 15:45
浏览 1727
评论(0)
分类:Web前端
查看更多

发表评论

您还没有登录,请您登录后再发表评论

最近访客更多访客>>

博主相关

文章分类

社区版块

存档分类

最新评论

Apache CXF实战之四发布使用SSL的Web Service

评论

发表评论

相关推荐

最近访客 更多访客>>

博主相关

文章分类

社区版块

存档分类

最新评论

Apache CXF实战之四 发布使用SSL的Web Service

评论

发表评论

相关推荐

Apache CXF实战之三 Map类型绑定

Apache CXF实战之二 集成Sping与Web容器

Apache CXF实战之一 Hello World Web Service

最近访客更多访客>>

Apache CXF实战之四发布使用SSL的Web Service

Apache CXF实战之二集成Sping与Web容器