Web Service修炼之四WS-Security

1.服务器实现

   将serverStore.jks拷贝到<工程目录>/src/META-INF/xfire的目录下

 1、insecurity.properties文件，放在META-INF/xfire/下

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks   //密钥库类型
org.apache.ws.security.crypto.merlin.keystore.password=scpass //serverStore.jks的访问密码
org.apache.ws.security.crypto.merlin.file=META-INF/xfire/serverStore.jks//密钥库文件所在位置

2、service.xml文件，放在META-INF/xfire/下

<?xml version="1.0" encoding="UTF-8"?>

<!-- START SNIPPET: services -->

<beans xmlns="http://xfire.codehaus.org/config/1.0"> 

 <service> 

    <name>SayHelloService</name>

    <namespace>http://com.test.wsses/SayHelloService

        </namespace>

    <serviceClass>com.test.wsses.SayHelloService

        </serviceClass>

    <implementationClass>com.test.wsses.SayHelloServiceImpl

        </implementationClass> 

<inHandlers> 

   <handler 

    handlerClass="org.codehaus.xfire.util.dom.DOMInHandler"/>

    <bean class="org.codehaus.xfire.security.

        wss4j.WSS4JInHandler" xmlns="">

                <property name="properties">

                    <props>

                        <prop key="action">Encrypt</prop> 

           //Encrypt代表报文加密；Signature代表数字签名

           //验证数字签名需要访问保存着client数字证书的密钥库，

           / /通过属性文件提供相应的配置信息。

                        <prop key="signaturePropFile">

                            META-INF/xfire/insecurity.properties

                        </prop>

            //解密操作需要访问保存着server私钥的密钥库，

            //通过属性文件提供相应的配置信息

                        <prop key="decryptionPropFile">

                            META-INF/xfire/insecurity.properties

                        </prop>

             //指定一个密码回调实现类

                        <prop key="passwordCallbackClass">

                            com.test.wsses.PasswordHandler

                        </prop>

                    </props>

                </property>

            </bean>

    </inHandlers>

 </service> 

</beans>  

<!-- END SNIPPET: services -->

3、PasswordHandler类

package com.test.wsses;

import java.io.IOException;

import java.util.HashMap;

import java.util.Map;

import javax.security.auth.callback.Callback;

import javax.security.auth.callback.CallbackHandler;

import javax.security.auth.callback.UnsupportedCallbackException;

import org.apache.ws.security.WSPasswordCallback;

public class PasswordHandler implements CallbackHandler {

    @SuppressWarnings("unchecked")

    private Map passwords = new HashMap();

 

    @SuppressWarnings("unchecked")

    public PasswordHandler() {

        passwords.put("server", "serverpass");

        passwords.put("client", "clientpass");

    }

 

    public void handle(Callback[] callbacks) throws IOException,

            UnsupportedCallbackException {

        System.out.println("Handling Password!");

        WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];

        String id = pc.getIdentifer();

        System.out.println("id:"+id+" ,password:"+(String) passwords.get(id));

        pc.setPassword((String) passwords.get(id));

    }

}

2.客户端实现

1、PasswordHandler类

package com.test.wsses;

import java.io.IOException;

import java.util.HashMap;

import java.util.Map;

import javax.security.auth.callback.Callback;

import javax.security.auth.callback.CallbackHandler;

import javax.security.auth.callback.UnsupportedCallbackException;

import org.apache.ws.security.WSPasswordCallback;

public class PasswordHandler implements CallbackHandler {

    @SuppressWarnings("unchecked")

    private Map passwords = new HashMap();

 

    @SuppressWarnings("unchecked")

    public PasswordHandler() {

        passwords.put("server", "serverpass");

        passwords.put("client", "clientpass");

    }

    public void handle(Callback[] callbacks) throws IOException,

            UnsupportedCallbackException {

        System.out.println("Handling Password!");

        WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];

        String id = pc.getIdentifer();

        System.out.println("id:"+id+" ,password:"+(String) passwords.get(id));

        pc.setPassword((String) passwords.get(id));

    }

}

2、outsecurity.properties文件，位于<工程目录>/src/下。 

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks   //密钥库类型
org.apache.ws.security.crypto.merlin.keystore.password=scpass //clientStore.jks的访问密码
org.apache.ws.security.crypto.merlin.file=clientStore.jks  //密钥库文件所在位置

  将clientStore.jks拷贝到<工程目录>/src目录下。

3、客户端访问类

package com.test.wsses.client;

import java.net.MalformedURLException;

import org.apache.ws.security.WSConstants;

import org.apache.ws.security.handler.WSHandlerConstants;

import org.codehaus.xfire.client.Client;

import org.codehaus.xfire.client.XFireProxyFactory;

import org.codehaus.xfire.security.wss4j.WSS4JOutHandler;

import org.codehaus.xfire.service.Service;

import org.codehaus.xfire.service.binding.ObjectServiceFactory;

import org.codehaus.xfire.transport.http.CommonsHttpMessageSender;

import org.codehaus.xfire.util.dom.DOMOutHandler;

public class SayHelloClient {

public static void main(String args[]){ 

   String serviceURL = "http://localhost:8080/wsses/services/SayHelloService";

   //创建service对象

   Service serviceModel = new ObjectServiceFactory().create(SayHelloService.class);

   XFireProxyFactory serviceFactory = new XFireProxyFactory();

   try{

    //获取服务对象

SayHelloService service = (SayHelloService) serviceFactory.create(serviceModel, serviceURL);

   

    //忽略http连接的超时时间,0为不设置超时时间，》=1为超时毫秒数

    Client client = Client.getInstance(service);

    client.setProperty(CommonsHttpMessageSender.HTTP_TIMEOUT, "0");

 

      WSS4JOutHandler wsOut = new WSS4JOutHandler(); 

      String actions =WSHandlerConstants.ENCRYPT; //报文加密；WSHandlerConstants.SIGNATURE代表数字签名 

          wsOut.setProperty(WSHandlerConstants.ACTION, actions);

          wsOut.setProperty(WSHandlerConstants.ENC_PROP_FILE, "outsecurity.properties");//WSHandlerConstants.SIG_PROP_FILE代表数字签名

 

          wsOut.setProperty(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PASSWORD_DIGEST);//密码为加密

          wsOut.setProperty(WSHandlerConstants.USER, "client"); //用户名为密钥库中密钥对的别名，密码为私钥 的访问密钥(数字签名为client，报文加密为server)   

 

          wsOut.setProperty(WSHandlerConstants.ENCRYPTION_USER, "server");//报文加密为server

   

          //wsOut.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS, PasswordHandler.class.getName());

          //wsOut.setProperty(WSHandlerConstants.SIG_KEY_ID, "IssuerSerial");

          client.addOutHandler(new DOMOutHandler());

          client.addOutHandler(wsOut);

 

 //调用服务

 String helloMsg = service.sayHello("dabing");

 System.out.println(helloMsg);

 helloMsg = service.sayHello(null);

 System.out.println(helloMsg);

   } catch (MalformedURLException e){ 

    e.printStackTrace();

   }

}

}

 

运行结果如下：

dabing,早上好,还没有去工作吗 ?

        你叫什么名字呢？

<!--EndFragment-->