- 浏览: 36376 次
- 性别:
- 来自: 深圳
最新评论
The firsts:Environment
1.Operating System Version :Fedora14
2.Eclipse Version:J2ee版3.5
3.jdk Version:jdk1.6
4.maven local repository:/var/javaproject/repo
5.tomcat Version:1.6
6.tomcat Port:9080
7.The Web service server and client use CXF can work already. refer to CXF用户认证
The second step:Create X509 certificate store
Window batch scriptt file
create a dos batch execute file name generateKeyPair.bat and input the following content
rem ************** generateKeyPair.bat ********** start
rem @echo off
echo alias %1
echo keypass %2
echo keystoreName %3
echo KeyStorePass %4
echo keyName %5
echo keyName %5
keytool -genkey -alias %1 -keypass %2 -keystore %3 -storepass %4 -dname "cn=%1" -keyalg RSA
keytool -selfcert -alias %1 -keystore %3 -storepass %4 -keypass %2
keytool -export -alias %1 -file %5 -keystore %3 -storepass %4
rem ************** generateKeyPair.bat ********** end
create a dos batch execute file name generateServerKey.bat and input the following content:
rem ************** generateServerKey.bat ********** start
call generateKeyPair.bat apmserver apmserverpass serverStore.jks keystorePass serverKey.rsa
call generateKeyPair.bat apmclient apmclientpass clientStore.jks keystorePass clientKey.rsa
keytool -import -alias apmserver -file serverKey.rsa -keystore clientStore.jks -storepass keystorePass -noprompt
keytool -import -alias apmclient -file clientKey.rsa -keystore serverStore.jks -storepass keystorePass -noprompt
rem ************** generateServerKey.bat ********** end
Linux shell scriptt :
create a Linux shell scriptt file name generateKeyPair.sh and input the following content:
# ******************* generateKeyPair.sh start ***********
#!/bin/bash
echo alias $1
echo keypass $2
echo keystoreName $3
echo KeyStorePass $4
echo keyName $5
echo keyName $5
keytool -genkey -alias $1 -keypass $2 -keystore $3 -storepass $4 -dname "cn=$1" -keyalg RSA
keytool -selfcert -alias $1 -keystore $3 -storepass $4 -keypass $2
keytool -export -alias $1 -file $5 -keystore $3 -storepass $4
# ******************* generateKeyPair.sh end ***********
create a Linux shell scriptt file name generateServerKey.sh then input the following content:
# ******************* generateServerKey.sh start ***********
#!/bin/bash
./generateKeyPair.sh apmserver apmserverpass serverStore.jks keystorePass serverKey.rsa
./generateKeyPair.sh apmclient apmclientpass clientStore.jks keystorePass clientKey.rsa
keytool -import -alias apmserver -file serverKey.rsa -keystore clientStore.jks -storepass keystorePass -noprompt
keytool -import -alias apmclient -file clientKey.rsa -keystore serverStore.jks -storepass keystorePass -noprompt
# ******************* generateServerKey.sh end ***********
3.execute the generateServerKey.sh on Linux(generateServerKey.bat on windows) then you will get two key store file clientStore.jks and serverStore.jks. As show on the shell scriptt the user name and password is:
Server:apmserver / apmserverpass
Client:apmclient / apmclientpass
The third step:Configure Server
Copy the serverStore.jks to the resource fold of the web project, The root fold of resource fold, That is the same fold as the file applicationContext-server.xml.
Create a properties file named server_insecurity_enc.properties in the same fold for server encryption then input the following content:
#-- server_insecurity_enc.properties start
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=keystorePass
org.apache.ws.security.crypto.merlin.alias.password=apmserverpass
org.apache.ws.security.crypto.merlin.keystore.alias=apmserver
org.apache.ws.security.crypto.merlin.file=serverStore.jks
#-- server_insecurity_enc.properties end
Create a properties file named server_insecurity_sign.properties in the same fold for server signature then input the following content:
#-- server_insecurity_enc.properties start
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=keystorePass
org.apache.ws.security.crypto.merlin.keystore.alias=apmserver
org.apache.ws.security.crypto.merlin.file=serverStore.jks
#-- server_insecurity_enc.properties end
Create a properties file named sserver_outsecurity_enc.properties in the same fold for server out encryption then input the following content:
#-- server_outsecurity_enc.properties start
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=keystorePass
org.apache.ws.security.crypto.merlin.file=serverStore.jks
#-- server_outsecurity_enc.properties end
alter the service definition file applicationContext-server.xml.
<!-- applicationContext-server.xml start -->
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">
<import resource="classpath:META-INF/cxf/cxf.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
<import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
<bean id="addressBookServiceImpl" class="com.bruce.cxftest.service.AddressBookServiceImpl" />
<bean id="passwordCallback" class="com.bruce.cxftest.security.ServerPasswordCallback" />
<bean id="saajInInterceptor" class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
<bean id="saajOutInterceptor" class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />
<bean id="logInInterceptor" class="org.apache.cxf.interceptor.LoggingInInterceptor" />
<bean id="logOutInterceptor" class="org.apache.cxf.interceptor.LoggingOutInterceptor" />
<bean id="wss4jInConfiguration" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<property name="properties">
<map>
<entry key="action" value="UsernameToken Timestamp Encrypt Signature" />
<entry key="decryptionPropFile" value="server_insecurity_enc.properties" />
<entry key="signaturePropFile" value="server_insecurity_sign.properties" />
<entry>
<key>
<value>passwordCallbackRef</value>
</key>
<ref bean="passwordCallback" />
</entry>
</map>
</property>
</bean>
<bean id="wss4jOutConfiguration" class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<property name="properties">
<map>
<entry key="action" value="Timestamp Encrypt Signature" />
<entry key="user" value="apmserver" />
<entry key="encryptionUser" value="apmclient" />
<entry key="encryptionPropFile" value="server_outsecurity_enc.properties" />
<entry key="signaturePropFile" value="server_insecurity_sign.properties" />
<entry>
<key>
<value>passwordCallbackRef</value>
</key>
<ref bean="passwordCallback" />
</entry>
</map>
</property>
</bean>
<jaxws:endpoint id="addressBookService" implementor="#addressBookServiceImpl"
address="/AddressBookService" >
<jaxws:inInterceptors>
<ref bean="logInInterceptor" />
<ref bean="saajInInterceptor" />
<ref bean="wss4jInConfiguration" />
</jaxws:inInterceptors>
<jaxws:outInterceptors>
<ref bean="logOutInterceptor" />
<ref bean="saajOutInterceptor" />
<ref bean="wss4jOutConfiguration" />
</jaxws:outInterceptors>
</jaxws:endpoint>
</beans>
<!-- applicationContext-server.xml end -->
6.alter the user name and password call back class:
//---- ServerPasswordCallback.java start
package com.bruce.cxftest.security;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.ws.security.WSPasswordCallback;
public class ServerPasswordCallback implements CallbackHandler {
Map<String,String> userMap = new HashMap<String,String>();
public ServerPasswordCallback(){
userMap.put("apmserver", "apmserverpass");
userMap.put("apmclient", "apmclientpass");
}
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
if (userMap.containsKey(pc.getIdentifier())) {
pc.setPassword(userMap.get(pc.getIdentifier()));
}
}
}
//---- ServerPasswordCallback.java end
The fourth step :configure client
Copy the clientStore.jks to the resource fold of the client project, The root fold of resource fold, That is the same fole as the file applicationContext-client.xml.
Create a properties file named insecurity_enc.properties in the same fold for server encryption then input the following content:
#-- insecurity_enc.properties start
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=keystorePass
org.apache.ws.security.crypto.merlin.alias.password=apmclientpass
org.apache.ws.security.crypto.merlin.keystore.alias=apmclient
org.apache.ws.security.crypto.merlin.file=clientStore.jks
#-- insecurity_enc.properties end
Create a properties file named outsecurity_enc.properties in the same fold for server signature then input the following content:
#-- outsecurity_enc.properties start
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=keystorePass
org.apache.ws.security.crypto.merlin.alias.password=apmclientpass
org.apache.ws.security.crypto.merlin.keystore.alias=apmclient
org.apache.ws.security.crypto.merlin.file=clientStore.jks
#-- outsecurity_enc.properties end
Create a properties file named outsecurity_sign.properties in the same fold for server out encryption then input the following content:
#-- outsecurity_sign.properties start
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=keystorePass
org.apache.ws.security.crypto.merlin.alias.password=apmclientpass
org.apache.ws.security.crypto.merlin.keystore.alias=apmclient
org.apache.ws.security.crypto.merlin.file=clientStore.jks
#-- outsecurity_sign.properties end
alter the client definition file applicationContext-client.xml.
<!-- applicationContext-client.xml start -->
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd">
<bean id="passwordCallback" class="com.bruce.cxftest.security.ServerPasswordCallback" />
<bean id="saajInInterceptor" class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
<bean id="saajOutInterceptor" class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />
<bean id="wss4jOutConfiguration" class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<property name="properties">
<map>
<entry key="action" value="UsernameToken Timestamp Encrypt Signature" />
<entry key="user" value="apmclient" />
<entry key="encryptionUser" value="apmserver" />
<entry key="signaturePropFile" value="outsecurity_sign.properties" />
<entry key="signatureKeyIdentifier" value="IssuerSerial" />
<entry key="encryptionPropFile" value="outsecurity_enc.properties" />
<entry>
<key>
<value>passwordCallbackRef</value>
</key>
<ref bean="passwordCallback" />
</entry>
</map>
</property>
</bean>
<bean id="wss4jInConfiguration" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<property name="properties">
<map>
<entry key="action" value="Timestamp Encrypt Signature" />
<entry key="user" value="apmclient" />
<entry key="decryptionPropFile" value="insecurity_enc.properties" />
<entry key="enableSignatureConfirmation" value="true" />
<entry key="signaturePropFile" value="outsecurity_sign.properties" />
<entry key="signatureKeyIdentifier" value="IssuerSerial" />
<entry>
<key>
<value>passwordCallbackRef</value>
</key>
<ref bean="passwordCallback" />
</entry>
</map>
</property>
</bean>
<jaxws:client id="addressBookClient"
serviceClass="com.bruce.cxftest.service.AddressBookService"
address="http://127.0.0.1:9080/cxftest/service/AddressBookService">
<jaxws:outInterceptors>
<ref bean="saajOutInterceptor" />
<ref bean="wss4jOutConfiguration" />
</jaxws:outInterceptors>
<jaxws:inInterceptors>
<ref bean="saajInInterceptor" />
<ref bean="wss4jInConfiguration" />
</jaxws:inInterceptors>
</jaxws:client>
</beans>
<!-- applicationContext-client.xml end -->
6.alter the user name and password call back class:
//---- ServerPasswordCallback.java start
package com.bruce.cxftest.security;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.ws.security.WSPasswordCallback;
public class ServerPasswordCallback implements CallbackHandler {
Map<String,String> userMap = new HashMap<String,String>();
public ServerPasswordCallback(){
userMap.put("apmserver", "apmserverpass");
userMap.put("apmclient", "apmclientpass");
}
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
if (userMap.containsKey(pc.getIdentifier())) {
pc.setPassword(userMap.get(pc.getIdentifier()));
}
}
}
//---- ServerPasswordCallback.java end
7. create a client class not use spring.
//--- CxfWsTestClient.java start
package com.bruce.cxftest.client;
import java.net.URL;
import java.util.HashMap;
import java.util.Map;
import javax.xml.namespace.QName;
import javax.xml.ws.BindingProvider;
import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor;
import org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor;
import org.apache.cxf.frontend.ClientProxy;
import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
import org.apache.ws.security.handler.WSHandlerConstants;
import com.bruce.cxftest.dto.Phone;
import com.bruce.cxftest.security.ServerPasswordCallback;
import com.bruce.cxftest.service.AddressBookService;
import com.bruce.cxftest.service.AddressBookService_Service;
public class CxfWsTestClient {
public static void main(String[] args) {
try {
URL wsdlAdd = new URL("http://127.0.0.1:9080/cxftest/service/AddressBookService?wsdl");
QName SERVICE = new QName("http://www.bruce.com/cxftest/service", "AddressBookService");
AddressBookService_Service gs = new AddressBookService_Service(wsdlAdd,SERVICE);
AddressBookService greeter = gs.getAddressBookService();
org.apache.cxf.endpoint.Client client = ClientProxy.getClient(greeter);
org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();
SAAJInInterceptor saajInInterceptor = new SAAJInInterceptor();
cxfEndpoint.getInInterceptors().add(saajInInterceptor);
Map<String, Object> inProps = new HashMap<String, Object>();
inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP + " " + WSHandlerConstants.ENCRYPT + " " + WSHandlerConstants.SIGNATURE);
inProps.put(WSHandlerConstants.USER, "apmclient");
inProps.put(WSHandlerConstants.DEC_PROP_FILE, "insecurity_enc.properties");
inProps.put(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, "true");
inProps.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity_sign.properties");
inProps.put(WSHandlerConstants.SIG_KEY_ID, "IssuerSerial");
inProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, ServerPasswordCallback.class.getName());
WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
cxfEndpoint.getInInterceptors().add(wssIn);
SAAJOutInterceptor saajOutInterceptor = new SAAJOutInterceptor();
cxfEndpoint.getOutInterceptors().add(saajOutInterceptor);
Map<String, Object> outProps = new HashMap<String, Object>();
outProps.put(WSHandlerConstants.ACTION,WSHandlerConstants.USERNAME_TOKEN
+ " " + WSHandlerConstants.TIMESTAMP
+ " " + WSHandlerConstants.ENCRYPT
+ " " + WSHandlerConstants.SIGNATURE);
outProps.put(WSHandlerConstants.USER, "apmclient");
outProps.put(WSHandlerConstants.ENCRYPTION_USER, "apmserver");
outProps.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity_sign.properties");
outProps.put(WSHandlerConstants.SIG_KEY_ID, "IssuerSerial");
outProps.put(WSHandlerConstants.ENC_PROP_FILE, "insecurity_enc.properties");
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, ServerPasswordCallback.class.getName());
WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
cxfEndpoint.getOutInterceptors().add(wssOut);
AddressBookService service =(AddressBookService) greeter;
System.out.println("#############Client getPhone##############");
Phone phone = service.getPhone("zph");
System.out.println("AreaCode:" + phone.getAreaCode());
System.out.println("Exchange:" + phone.getExchange());
System.out.println("Number:" + phone.getNumber());
} catch (Exception e) {
e.printStackTrace();
}
}
}
//--- CxfWsTestClient.java end
The fifth step: run and debug
1.ope a Console and change directory to cxftest_build,Run the following maven command:
$mvn clean install
2.Deploy the wea package to Tomcat webapps fold' subfold cxftest.
3.start Tomcat
4.start class SpringUsersWsClient or CxfWsTestClient in the project cxftest_client and you will see the below out put information:
AreaCode:120
Exchange:10
Number:10
That means you have successful!
1.Operating System Version :Fedora14
2.Eclipse Version:J2ee版3.5
3.jdk Version:jdk1.6
4.maven local repository:/var/javaproject/repo
5.tomcat Version:1.6
6.tomcat Port:9080
7.The Web service server and client use CXF can work already. refer to CXF用户认证
The second step:Create X509 certificate store
Window batch scriptt file
create a dos batch execute file name generateKeyPair.bat and input the following content
rem ************** generateKeyPair.bat ********** start
rem @echo off
echo alias %1
echo keypass %2
echo keystoreName %3
echo KeyStorePass %4
echo keyName %5
echo keyName %5
keytool -genkey -alias %1 -keypass %2 -keystore %3 -storepass %4 -dname "cn=%1" -keyalg RSA
keytool -selfcert -alias %1 -keystore %3 -storepass %4 -keypass %2
keytool -export -alias %1 -file %5 -keystore %3 -storepass %4
rem ************** generateKeyPair.bat ********** end
create a dos batch execute file name generateServerKey.bat and input the following content:
rem ************** generateServerKey.bat ********** start
call generateKeyPair.bat apmserver apmserverpass serverStore.jks keystorePass serverKey.rsa
call generateKeyPair.bat apmclient apmclientpass clientStore.jks keystorePass clientKey.rsa
keytool -import -alias apmserver -file serverKey.rsa -keystore clientStore.jks -storepass keystorePass -noprompt
keytool -import -alias apmclient -file clientKey.rsa -keystore serverStore.jks -storepass keystorePass -noprompt
rem ************** generateServerKey.bat ********** end
Linux shell scriptt :
create a Linux shell scriptt file name generateKeyPair.sh and input the following content:
# ******************* generateKeyPair.sh start ***********
#!/bin/bash
echo alias $1
echo keypass $2
echo keystoreName $3
echo KeyStorePass $4
echo keyName $5
echo keyName $5
keytool -genkey -alias $1 -keypass $2 -keystore $3 -storepass $4 -dname "cn=$1" -keyalg RSA
keytool -selfcert -alias $1 -keystore $3 -storepass $4 -keypass $2
keytool -export -alias $1 -file $5 -keystore $3 -storepass $4
# ******************* generateKeyPair.sh end ***********
create a Linux shell scriptt file name generateServerKey.sh then input the following content:
# ******************* generateServerKey.sh start ***********
#!/bin/bash
./generateKeyPair.sh apmserver apmserverpass serverStore.jks keystorePass serverKey.rsa
./generateKeyPair.sh apmclient apmclientpass clientStore.jks keystorePass clientKey.rsa
keytool -import -alias apmserver -file serverKey.rsa -keystore clientStore.jks -storepass keystorePass -noprompt
keytool -import -alias apmclient -file clientKey.rsa -keystore serverStore.jks -storepass keystorePass -noprompt
# ******************* generateServerKey.sh end ***********
3.execute the generateServerKey.sh on Linux(generateServerKey.bat on windows) then you will get two key store file clientStore.jks and serverStore.jks. As show on the shell scriptt the user name and password is:
Server:apmserver / apmserverpass
Client:apmclient / apmclientpass
The third step:Configure Server
Copy the serverStore.jks to the resource fold of the web project, The root fold of resource fold, That is the same fold as the file applicationContext-server.xml.
Create a properties file named server_insecurity_enc.properties in the same fold for server encryption then input the following content:
#-- server_insecurity_enc.properties start
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=keystorePass
org.apache.ws.security.crypto.merlin.alias.password=apmserverpass
org.apache.ws.security.crypto.merlin.keystore.alias=apmserver
org.apache.ws.security.crypto.merlin.file=serverStore.jks
#-- server_insecurity_enc.properties end
Create a properties file named server_insecurity_sign.properties in the same fold for server signature then input the following content:
#-- server_insecurity_enc.properties start
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=keystorePass
org.apache.ws.security.crypto.merlin.keystore.alias=apmserver
org.apache.ws.security.crypto.merlin.file=serverStore.jks
#-- server_insecurity_enc.properties end
Create a properties file named sserver_outsecurity_enc.properties in the same fold for server out encryption then input the following content:
#-- server_outsecurity_enc.properties start
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=keystorePass
org.apache.ws.security.crypto.merlin.file=serverStore.jks
#-- server_outsecurity_enc.properties end
alter the service definition file applicationContext-server.xml.
<!-- applicationContext-server.xml start -->
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">
<import resource="classpath:META-INF/cxf/cxf.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
<import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
<bean id="addressBookServiceImpl" class="com.bruce.cxftest.service.AddressBookServiceImpl" />
<bean id="passwordCallback" class="com.bruce.cxftest.security.ServerPasswordCallback" />
<bean id="saajInInterceptor" class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
<bean id="saajOutInterceptor" class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />
<bean id="logInInterceptor" class="org.apache.cxf.interceptor.LoggingInInterceptor" />
<bean id="logOutInterceptor" class="org.apache.cxf.interceptor.LoggingOutInterceptor" />
<bean id="wss4jInConfiguration" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<property name="properties">
<map>
<entry key="action" value="UsernameToken Timestamp Encrypt Signature" />
<entry key="decryptionPropFile" value="server_insecurity_enc.properties" />
<entry key="signaturePropFile" value="server_insecurity_sign.properties" />
<entry>
<key>
<value>passwordCallbackRef</value>
</key>
<ref bean="passwordCallback" />
</entry>
</map>
</property>
</bean>
<bean id="wss4jOutConfiguration" class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<property name="properties">
<map>
<entry key="action" value="Timestamp Encrypt Signature" />
<entry key="user" value="apmserver" />
<entry key="encryptionUser" value="apmclient" />
<entry key="encryptionPropFile" value="server_outsecurity_enc.properties" />
<entry key="signaturePropFile" value="server_insecurity_sign.properties" />
<entry>
<key>
<value>passwordCallbackRef</value>
</key>
<ref bean="passwordCallback" />
</entry>
</map>
</property>
</bean>
<jaxws:endpoint id="addressBookService" implementor="#addressBookServiceImpl"
address="/AddressBookService" >
<jaxws:inInterceptors>
<ref bean="logInInterceptor" />
<ref bean="saajInInterceptor" />
<ref bean="wss4jInConfiguration" />
</jaxws:inInterceptors>
<jaxws:outInterceptors>
<ref bean="logOutInterceptor" />
<ref bean="saajOutInterceptor" />
<ref bean="wss4jOutConfiguration" />
</jaxws:outInterceptors>
</jaxws:endpoint>
</beans>
<!-- applicationContext-server.xml end -->
6.alter the user name and password call back class:
//---- ServerPasswordCallback.java start
package com.bruce.cxftest.security;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.ws.security.WSPasswordCallback;
public class ServerPasswordCallback implements CallbackHandler {
Map<String,String> userMap = new HashMap<String,String>();
public ServerPasswordCallback(){
userMap.put("apmserver", "apmserverpass");
userMap.put("apmclient", "apmclientpass");
}
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
if (userMap.containsKey(pc.getIdentifier())) {
pc.setPassword(userMap.get(pc.getIdentifier()));
}
}
}
//---- ServerPasswordCallback.java end
The fourth step :configure client
Copy the clientStore.jks to the resource fold of the client project, The root fold of resource fold, That is the same fole as the file applicationContext-client.xml.
Create a properties file named insecurity_enc.properties in the same fold for server encryption then input the following content:
#-- insecurity_enc.properties start
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=keystorePass
org.apache.ws.security.crypto.merlin.alias.password=apmclientpass
org.apache.ws.security.crypto.merlin.keystore.alias=apmclient
org.apache.ws.security.crypto.merlin.file=clientStore.jks
#-- insecurity_enc.properties end
Create a properties file named outsecurity_enc.properties in the same fold for server signature then input the following content:
#-- outsecurity_enc.properties start
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=keystorePass
org.apache.ws.security.crypto.merlin.alias.password=apmclientpass
org.apache.ws.security.crypto.merlin.keystore.alias=apmclient
org.apache.ws.security.crypto.merlin.file=clientStore.jks
#-- outsecurity_enc.properties end
Create a properties file named outsecurity_sign.properties in the same fold for server out encryption then input the following content:
#-- outsecurity_sign.properties start
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=keystorePass
org.apache.ws.security.crypto.merlin.alias.password=apmclientpass
org.apache.ws.security.crypto.merlin.keystore.alias=apmclient
org.apache.ws.security.crypto.merlin.file=clientStore.jks
#-- outsecurity_sign.properties end
alter the client definition file applicationContext-client.xml.
<!-- applicationContext-client.xml start -->
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd">
<bean id="passwordCallback" class="com.bruce.cxftest.security.ServerPasswordCallback" />
<bean id="saajInInterceptor" class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
<bean id="saajOutInterceptor" class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />
<bean id="wss4jOutConfiguration" class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<property name="properties">
<map>
<entry key="action" value="UsernameToken Timestamp Encrypt Signature" />
<entry key="user" value="apmclient" />
<entry key="encryptionUser" value="apmserver" />
<entry key="signaturePropFile" value="outsecurity_sign.properties" />
<entry key="signatureKeyIdentifier" value="IssuerSerial" />
<entry key="encryptionPropFile" value="outsecurity_enc.properties" />
<entry>
<key>
<value>passwordCallbackRef</value>
</key>
<ref bean="passwordCallback" />
</entry>
</map>
</property>
</bean>
<bean id="wss4jInConfiguration" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<property name="properties">
<map>
<entry key="action" value="Timestamp Encrypt Signature" />
<entry key="user" value="apmclient" />
<entry key="decryptionPropFile" value="insecurity_enc.properties" />
<entry key="enableSignatureConfirmation" value="true" />
<entry key="signaturePropFile" value="outsecurity_sign.properties" />
<entry key="signatureKeyIdentifier" value="IssuerSerial" />
<entry>
<key>
<value>passwordCallbackRef</value>
</key>
<ref bean="passwordCallback" />
</entry>
</map>
</property>
</bean>
<jaxws:client id="addressBookClient"
serviceClass="com.bruce.cxftest.service.AddressBookService"
address="http://127.0.0.1:9080/cxftest/service/AddressBookService">
<jaxws:outInterceptors>
<ref bean="saajOutInterceptor" />
<ref bean="wss4jOutConfiguration" />
</jaxws:outInterceptors>
<jaxws:inInterceptors>
<ref bean="saajInInterceptor" />
<ref bean="wss4jInConfiguration" />
</jaxws:inInterceptors>
</jaxws:client>
</beans>
<!-- applicationContext-client.xml end -->
6.alter the user name and password call back class:
//---- ServerPasswordCallback.java start
package com.bruce.cxftest.security;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.ws.security.WSPasswordCallback;
public class ServerPasswordCallback implements CallbackHandler {
Map<String,String> userMap = new HashMap<String,String>();
public ServerPasswordCallback(){
userMap.put("apmserver", "apmserverpass");
userMap.put("apmclient", "apmclientpass");
}
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
if (userMap.containsKey(pc.getIdentifier())) {
pc.setPassword(userMap.get(pc.getIdentifier()));
}
}
}
//---- ServerPasswordCallback.java end
7. create a client class not use spring.
//--- CxfWsTestClient.java start
package com.bruce.cxftest.client;
import java.net.URL;
import java.util.HashMap;
import java.util.Map;
import javax.xml.namespace.QName;
import javax.xml.ws.BindingProvider;
import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor;
import org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor;
import org.apache.cxf.frontend.ClientProxy;
import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
import org.apache.ws.security.handler.WSHandlerConstants;
import com.bruce.cxftest.dto.Phone;
import com.bruce.cxftest.security.ServerPasswordCallback;
import com.bruce.cxftest.service.AddressBookService;
import com.bruce.cxftest.service.AddressBookService_Service;
public class CxfWsTestClient {
public static void main(String[] args) {
try {
URL wsdlAdd = new URL("http://127.0.0.1:9080/cxftest/service/AddressBookService?wsdl");
QName SERVICE = new QName("http://www.bruce.com/cxftest/service", "AddressBookService");
AddressBookService_Service gs = new AddressBookService_Service(wsdlAdd,SERVICE);
AddressBookService greeter = gs.getAddressBookService();
org.apache.cxf.endpoint.Client client = ClientProxy.getClient(greeter);
org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();
SAAJInInterceptor saajInInterceptor = new SAAJInInterceptor();
cxfEndpoint.getInInterceptors().add(saajInInterceptor);
Map<String, Object> inProps = new HashMap<String, Object>();
inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP + " " + WSHandlerConstants.ENCRYPT + " " + WSHandlerConstants.SIGNATURE);
inProps.put(WSHandlerConstants.USER, "apmclient");
inProps.put(WSHandlerConstants.DEC_PROP_FILE, "insecurity_enc.properties");
inProps.put(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, "true");
inProps.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity_sign.properties");
inProps.put(WSHandlerConstants.SIG_KEY_ID, "IssuerSerial");
inProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, ServerPasswordCallback.class.getName());
WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps);
cxfEndpoint.getInInterceptors().add(wssIn);
SAAJOutInterceptor saajOutInterceptor = new SAAJOutInterceptor();
cxfEndpoint.getOutInterceptors().add(saajOutInterceptor);
Map<String, Object> outProps = new HashMap<String, Object>();
outProps.put(WSHandlerConstants.ACTION,WSHandlerConstants.USERNAME_TOKEN
+ " " + WSHandlerConstants.TIMESTAMP
+ " " + WSHandlerConstants.ENCRYPT
+ " " + WSHandlerConstants.SIGNATURE);
outProps.put(WSHandlerConstants.USER, "apmclient");
outProps.put(WSHandlerConstants.ENCRYPTION_USER, "apmserver");
outProps.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity_sign.properties");
outProps.put(WSHandlerConstants.SIG_KEY_ID, "IssuerSerial");
outProps.put(WSHandlerConstants.ENC_PROP_FILE, "insecurity_enc.properties");
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, ServerPasswordCallback.class.getName());
WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
cxfEndpoint.getOutInterceptors().add(wssOut);
AddressBookService service =(AddressBookService) greeter;
System.out.println("#############Client getPhone##############");
Phone phone = service.getPhone("zph");
System.out.println("AreaCode:" + phone.getAreaCode());
System.out.println("Exchange:" + phone.getExchange());
System.out.println("Number:" + phone.getNumber());
} catch (Exception e) {
e.printStackTrace();
}
}
}
//--- CxfWsTestClient.java end
The fifth step: run and debug
1.ope a Console and change directory to cxftest_build,Run the following maven command:
$mvn clean install
2.Deploy the wea package to Tomcat webapps fold' subfold cxftest.
3.start Tomcat
4.start class SpringUsersWsClient or CxfWsTestClient in the project cxftest_client and you will see the below out put information:
AreaCode:120
Exchange:10
Number:10
That means you have successful!
发表评论
-
windows10上编译openjdk12
2019-10-09 18:36 6751. 安装cygwin64 下载地址: https://c ... -
Windows10上优化Tomcat9速度
2019-10-07 23:59 933一、环境 OS:windows10 CPU:I7-67 ... -
Java调用tesseract识别中文
2019-05-09 14:57 1261环境: java:jdk1.8 os:windows1 ... -
java实现逻辑回归
2019-05-03 23:41 837pom.xml <!-- 用于矩阵运算 --&g ... -
java实现决策树算法
2018-09-17 23:06 1884决策树 package decisiontree; ... -
opencv 读取摄像头数据
2018-08-14 08:28 1551opencv 读取摄像头数据代码: package ope ... -
opencv 播放视频
2018-08-14 08:26 622opencv播放视频代码: package openvc; ... -
windows10上配置opencv开发环境
2018-08-14 08:21 9541. 下载opencv 3.4.2 地址:htt ... -
centos7上编译openjdk10
2018-08-07 19:34 958一、准备 确保服务器能连上网,最好能连国外的网。 安装J ... -
window10上编译openjdk9
2018-08-06 10:26 11861. 安装cygwin64 下载地址: https://c ... -
软件调用时间数量级
2017-08-04 14:21 349No. 类型类型 耗时 1 本地 ... -
加快tomcat8启动速度
2017-02-08 09:28 16521.禁止Servlet 3扫描 修改tomcat/conf/c ... -
CXF开通用户认证
2016-03-28 15:11 713第一部分:环境 1.系统版本:Fedora14 2.Ecli ... -
MAVEN 常用命令
2016-03-28 14:57 4911.下载包的源文件与文旦 mvn eclipse:eclips ... -
iReport&Jaspereport 显示二维码
2016-03-25 10:05 17151) 将 ZXing’s Core and JavaSE ja ... -
window10上编译openJDK8
2016-02-03 11:37 20991. MinGW + msys + OpenJDK8: 我已经 ...
相关推荐
1)参考: ...2)CXFWS工程是基于WS-Security规范,实现X.509身份验证的,同时实现签名和加密 keytool 工具的使用参考 http://hi.baidu.com/qianshuifanchuan/blog/item/6291b8510009ad3c42a75b8e.html ...
在本项目"springboot_cxf_security"中,我们主要探讨的是如何将Spring Boot、Apache CXF和Spring Security整合,以创建一个集成了Web服务(Webservice)和模型视图控制器(MVC)功能的应用程序。以下是对这些技术的...
**CXF(WS_Security)证书加密** 在IT行业中,Web服务是系统间通信的一种重要方式,而安全性是任何网络通信的关键因素。CXF(Apache CXF)是一个开源的Java框架,它支持创建和消费各种Web服务,包括SOAP和RESTful...
在CXF中,WS-Security(Web Services Security)是一种关键的安全机制,用于确保Web服务的安全通信。WSS4J(Web Services Security for Java)是Apache的开源库,它为Java应用程序提供了实施WS-Security标准的功能。...
配置cxf ws security的教程
本文将深入探讨如何使用CXF框架结合ws-security标准来实现对Java客户端调用Web服务的安全接口。CXF是一个开源的服务框架,它允许开发人员创建和消费各种Web服务,而ws-security(Web Services Security)则是用于...
本项目是一个基于Spring MVC 3、Apache CXF、Spring Security 3和MyBatis 3(使用Proxool作为连接池)的整合示例,采用Maven进行项目管理。下面将详细解释这些组件及其在项目中的作用。 1. **Spring MVC 3**: ...
cxf ws-Security的实现 WS-SecurityPolicy 安全配置指定在客户机和服务之间交换的消息所需的安全处理。在大多数情况下,Web 服务堆栈还需要更多信息,才能对消息交换应用安全措施。 里面有2个project,分别server ...
【标题】"我的cxf与ws-security"涉及的是在Java Web服务开发中使用Apache CXF框架集成WS-Security(Web Service Security)的安全机制。Apache CXF是一个开源的、功能丰富的Web服务框架,它允许开发者创建和消费各种...
本文将深入探讨如何利用Spring Security来保护Apache CXF服务中的业务方法,确保只有经过适当授权的用户才能访问。 Apache CXF是一个流行的开源框架,用于构建和开发Web服务。它提供了丰富的功能,如SOAP和RESTful...
综上所述,"cxf+ws-security-JAR"是针对Web服务安全调用的解决方案,通过Apache CXF和WS-Security标准,为Web服务提供了强大的安全保障,确保了敏感数据的传输安全和用户身份的有效验证。这个JAR包很可能包含了一些...
标题中的"CXF处理不规则SOAP message(转)"指出,这篇内容主要涉及的是Apache CXF框架在处理非标准或不规范的SOAP(简单对象访问协议)消息时的问题和解决方案。SOAP是Web服务的一种通信协议,用于交换结构化的、...
标题中的"CXF3.0+Spring3.2 WSSecurity"指的是使用Apache CXF 3.0版本与Spring 3.2版本结合实现WSSecurity(Web Services Security)的示例或教程。WSSecurity是WS-I(Web Services Interoperability Organization)...
import org.apache.cxf.message.Message; import org.apache.cxf.phase.AbstractPhaseInterceptor; import org.apache.cxf.phase.Phase; public class InInterceptor extends AbstractPhaseInterceptor<Message> { ...
在使用Apache CXF框架创建客户端时,可能会遇到与GBK编码相关的问题。这通常是由于数据传输过程中编码不一致或处理不当导致的。GBK编码是中文字符集的一种,它扩展了GB2312,包含了更多的汉字,但在处理非GBK字符集...
7. **安全特性**:CXF提供了WS-Security和其他安全标准的实现,确保服务的安全性,如WS-Trust、WS-SecureConversation等。 8. **MTOM/XOP**:CXF支持Message Transmission Optimization Mechanism (MTOM)和XML ...
5. **Message-level Security**:CXF支持各种安全标准,包括WS-Security、WS-Trust、WS-SecureConversation等,确保Web服务的安全通信。 6. **Integration with Spring Framework**:CXF与Spring框架深度集成,可以...
9. **MTOM/XOP**:CXF支持Message Transmission Optimization Mechanism (MTOM) 和XML-binary Optimized Packaging (XOP),这些技术可以优化处理大型二进制数据。 10. **国际化与本地化**:CXF支持多语言环境,使...
5. **WS-Security**:CXF提供了对Web服务安全标准(如WS-Security、WS-SecureConversation等)的支持,确保服务的安全通信。 6. **MTOM/XOP**:CXF支持Message Transmission Optimization Mechanism (MTOM) 和XML-...