Web Service修炼之五WS-Security

1.服务器实现 

   将serverStore.jks拷贝到<工程目录>/src/META-INF/xfire的目录下

1、insecurity.properties文件，放在META-INF/xfire/下

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks   //密钥库类型
org.apache.ws.security.crypto.merlin.keystore.password=scpass //serverStore.jks的访问密码
org.apache.ws.security.crypto.merlin.file=META-INF/xfire/serverStore.jks//密钥库文件所在位置

2、service.xml文件，放在META-INF/xfire/下

<?xml version="1.0" encoding="UTF-8"?>

<!-- START SNIPPET: services -->

<beans xmlns="http://xfire.codehaus.org/config/1.0"> 

 <service> 

    <name>SayHelloService</name>

    <namespace>http://com.test.wsses/SayHelloService

        </namespace>

    <serviceClass>com.test.wsses.SayHelloService

        </serviceClass>

    <implementationClass>com.test.wsses.SayHelloServiceImpl

        </implementationClass> 

<inHandlers> 

   <handler 

    handlerClass="org.codehaus.xfire.util.dom.DOMInHandler"/>

    <bean class="org.codehaus.xfire.security.

        wss4j.WSS4JInHandler" xmlns="">

                <property name="properties">

                    <props>

                        <prop key="action">Encrypt Signature</prop> 

 <!-- 组合动作用空格分隔(报文加密和数字签名);在XFire中，动作的执行顺序和动作的编写顺序一致，如“Encrypt Signature”表示先解密再验证数字签名（对于InHandler） -->

<!-- 验证签名须使用client数字证书，属性文件需要提供访问密钥库client数字证书的配置 --> 

 

                        <prop key="signaturePropFile">

                            META-INF/xfire/insecurity.properties

                        </prop>

 <!-- 解密须使用server的私钥，属性文件必须提供访问密钥库中私钥的相关配置 -->

                        <prop key="decryptionPropFile">

                            META-INF/xfire/insecurity.properties

                        </prop>

             //指定一个密码回调实现类

                        <prop key="passwordCallbackClass">

                            com.test.wsses.PasswordHandler

                        </prop>

                    </props>

                </property>

            </bean>

    </inHandlers>

 </service> 

</beans>  

<!-- END SNIPPET: services -->

3、PasswordHandler类

package com.test.wsses;

import java.io.IOException;

import java.util.HashMap;

import java.util.Map;

import javax.security.auth.callback.Callback;

import javax.security.auth.callback.CallbackHandler;

import javax.security.auth.callback.UnsupportedCallbackException;

import org.apache.ws.security.WSPasswordCallback;

public class PasswordHandler implements CallbackHandler {

    @SuppressWarnings("unchecked")

    private Map passwords = new HashMap();

 

    @SuppressWarnings("unchecked")

    public PasswordHandler() {

        passwords.put("server", "serverpass");

        passwords.put("client", "clientpass");

    }

 

    public void handle(Callback[] callbacks) throws IOException,

            UnsupportedCallbackException {

        System.out.println("Handling Password!");

        WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];

        String id = pc.getIdentifer();

        System.out.println("id:"+id+" ,password:"+(String) passwords.get(id));

        pc.setPassword((String) passwords.get(id));

    }

}

2.客户端实现

1、PasswordHandler类

package com.test.wsses;

import java.io.IOException;

import java.util.HashMap;

import java.util.Map;

import javax.security.auth.callback.Callback;

import javax.security.auth.callback.CallbackHandler;

import javax.security.auth.callback.UnsupportedCallbackException;

import org.apache.ws.security.WSPasswordCallback;

public class PasswordHandler implements CallbackHandler {

    @SuppressWarnings("unchecked")

    private Map passwords = new HashMap();

 

    @SuppressWarnings("unchecked")

    public PasswordHandler() {

        passwords.put("server", "serverpass");

        passwords.put("client", "clientpass");

    }

    public void handle(Callback[] callbacks) throws IOException,

            UnsupportedCallbackException {

        System.out.println("Handling Password!");

        WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];

        String id = pc.getIdentifer();

        System.out.println("id:"+id+" ,password:"+(String) passwords.get(id));

        pc.setPassword((String) passwords.get(id));

    }

}

2、outsecurity.properties文件，位于<工程目录>/src/下。 

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks   //密钥库类型
org.apache.ws.security.crypto.merlin.keystore.password=scpass //clientStore.jks的访问密码
org.apache.ws.security.crypto.merlin.file=clientStore.jks  //密钥库文件所在位置

  将clientStore.jks拷贝到<工程目录>/src目录下。

3、客户端访问类

package com.test.wsses.client;

import java.net.MalformedURLException;

import org.apache.ws.security.WSConstants;

import org.apache.ws.security.handler.WSHandlerConstants;

import org.codehaus.xfire.client.Client;

import org.codehaus.xfire.client.XFireProxyFactory;

import org.codehaus.xfire.security.wss4j.WSS4JOutHandler;

import org.codehaus.xfire.service.Service;

import org.codehaus.xfire.service.binding.ObjectServiceFactory;

import org.codehaus.xfire.transport.http.CommonsHttpMessageSender;

import org.codehaus.xfire.util.dom.DOMOutHandler;

import com.test.wsses.PasswordHandler;

public class SayHelloClient {

public static void main(String args[]){ 

   String serviceURL = "http://localhost:8080/wsses/services/SayHelloService";

   //创建service对象

   Service serviceModel = new ObjectServiceFactory().create(SayHelloService.class);

   XFireProxyFactory serviceFactory = new XFireProxyFactory();

   try{

    //获取服务对象

SayHelloService service = (SayHelloService) serviceFactory.create(serviceModel, serviceURL);

   

    //忽略http连接的超时时间,0为不设置超时时间，》=1为超时毫秒数

    Client client = Client.getInstance(service);

    client.setProperty(CommonsHttpMessageSender.HTTP_TIMEOUT, "0");

     //WS-Security

      WSS4JOutHandler wsOut = new WSS4JOutHandler(); 

      String actions =WSHandlerConstants.ENCRYPT + " " + WSHandlerConstants.SIGNATURE; //组合动作用空格分隔     

         wsOut.setProperty(WSHandlerConstants.ACTION, actions);

         //加密属性设置:使用server数字证书进行加密

         wsOut.setProperty(WSHandlerConstants.ENCRYPTION_USER, "server"); 

         wsOut.setProperty(WSHandlerConstants.ENC_PROP_FILE, "outsecurity.properties");

         

         //签名属性设置：使用client私钥进行签名

         wsOut.setProperty(WSHandlerConstants.USER, "client"); 

         wsOut.setProperty(WSHandlerConstants.SIG_PROP_FILE, "outsecurity.properties");

         wsOut.setProperty(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PASSWORD_DIGEST);

             

         wsOut.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS, PasswordHandler.class.getName());

         wsOut.setProperty(WSHandlerConstants.SIG_KEY_ID, "IssuerSerial");

         client.addOutHandler(new DOMOutHandler());

         client.addOutHandler(wsOut);

  

 //调用服务

 String helloMsg = service.sayHello("dabing");

 System.out.println(helloMsg);

 helloMsg = service.sayHello(null);

 System.out.println(helloMsg);

   } catch (MalformedURLException e){ 

    e.printStackTrace();

   }

}

}

 

运行结果如下：

Handling Password!

id:client ,password:clientpass

dabing,早上好,还没有去工作吗 ?

Handling Password!

id:client ,password:clientpass

你叫什么名字呢？

<!--EndFragment-->