浏览 8478 次
锁定老帖子 主题:CXF密码验证_服务端和客户端配置
精华帖 (0) :: 良好帖 (0) :: 新手帖 (0) :: 隐藏帖 (0)
|
|
---|---|
作者 | 正文 |
发表时间:2010-05-27
最后修改:2010-05-27
CXF密码认证是在我前面的一篇文章WebService CXF+struts+spring 示例 的基础上写的.如果你感觉看不懂这篇.那就先看看前面的那篇文章吧! 1:spring服务端的配置
<bean id="Customer" class="org.web.HelloServiceImpl"></bean> <jaxws:endpoint id="custom" implementor="#Customer" address="/web" > <jaxws:inInterceptors> <bean class="org.apache.cxf.interceptor.LoggingInInterceptor" /> <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" /> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> <constructor-arg> <map> <entry key="action" value="UsernameToken" /> <entry key="passwordType" value="PasswordText" /> <entry key="user" value="cxfServer" /> <entry key="passwordCallbackRef"> <ref bean="serverPasswordCallback" /> </entry> </map> </constructor-arg> </bean> </jaxws:inInterceptors> </jaxws:endpoint> <bean id="serverPasswordCallback" class="org.web.ServerPasswordCallback" />
action:UsernameToken 是使用用户令牌 passwordType:PasswordText 是指密码加密策略.这里是直接密码文本. user:cxfServer 是指别名 passwordCallbackRef:serverPasswordCallback 是这密码验证..类..就是下面配置的.. 2: 类:serverPasswordCallback
import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.UnsupportedCallbackException; import org.apache.ws.security.WSPasswordCallback; public class ServerPasswordCallback implements CallbackHandler { public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { WSPasswordCallback pc=(WSPasswordCallback) callbacks[0]; String pw=pc.getPassword(); String idf=pc.getIdentifier(); System.out.println("密码是:"+pw); System.out.println("类型是:"+idf); if(pw.equals("wdwsb")&&idf.equals("admin")){ System.out.println("成功"); } else{ throw new SecurityException("验证失败"); } } 这个不用多说..就是密码验证..很简单!! 3:spring客户端的配置:
<bean id="webTest" class="org.web.HelloService" factory-bean="client" factory-method="create"/> <bean id="client" class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean" > <property name="address" value="http://127.0.0.1:88/Hello/web/web"></property> <property name="serviceClass" value="org.web.HelloService"></property> <property name="outInterceptors"> <list> <bean class="org.apache.cxf.interceptor.LoggingOutInterceptor" /> <bean class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" /> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"> <constructor-arg> <map> <entry key="action" value="UsernameToken" /> <entry key="passwordType" value="PasswordText" /> <entry key="user" value="cxfClient" /> <entry key="passwordCallbackRef"> <ref bean="clientPasswordCallback" /> </entry> </map> </constructor-arg> </bean> </list> </property> </bean> <bean id="clientPasswordCallback" class="org.web.clientPasswordCallback"></bean> 跟server的配置差不多..没多少要讲的.呵呵... 4: 类clientPasswordCallback的配置
import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.UnsupportedCallbackException; import org.apache.ws.security.WSPasswordCallback; public class clientPasswordCallback implements CallbackHandler { public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for(int i=0;i<callbacks.length;i++){ WSPasswordCallback ps=(WSPasswordCallback) callbacks[i]; ps.setPassword("wdwsb"); ps.setIdentifier("admin"); } } 到此为止..密码认证用户令牌就完成了... 测试!
通过!
当然我前面写的一篇文章是最基本的.缺少了一些jar包.会报错的. 所以要加上以下jar包..
声明:ITeye文章版权属于作者,受法律保护。没有作者书面许可不得转载。
推荐链接
|
|
返回顶楼 | |
发表时间:2010-08-04
例子中 id, password是写死的,
ps.setPassword("wdwsb"); ps.setIdentifier("admin"); 如果 我希望是填入当前登陆用户的用户名,密码,怎么办呢? |
|
返回顶楼 | |
发表时间:2011-04-29
serverPasswordCallback这里有问题:
org.apache.ws.security.validate中 WSPasswordCallback pwCb = new WSPasswordCallback(user, null, pwType, 2, data); try { data.getCallbackHandler().handle(new Callback[] { pwCb }); } 也就是说,在这里要设置password,然后 if (passwordsAreEncoded) passDigest = UsernameToken.doPasswordDigest(nonce, createdTime, Base64.decode(origPassword)); else { passDigest = UsernameToken.doPasswordDigest(nonce, createdTime, origPassword); } if (!(passDigest.equals(password))) { throw new WSSecurityException(5); } 在这里比两个密码是否一致,之后的操作由框架完成所以 serverPasswordCallback要做的是setPassword,而不是在这里比较. apache-cxf-2.4.0 |
|
返回顶楼 | |
发表时间:2011-04-29
PasswordDigest类型的时候是设置password,PasswordText类型时是直接验证的
zhouxianglh 写道 serverPasswordCallback这里有问题:
org.apache.ws.security.validate中 WSPasswordCallback pwCb = new WSPasswordCallback(user, null, pwType, 2, data); try { data.getCallbackHandler().handle(new Callback[] { pwCb }); } 也就是说,在这里要设置password,然后 if (passwordsAreEncoded) passDigest = UsernameToken.doPasswordDigest(nonce, createdTime, Base64.decode(origPassword)); else { passDigest = UsernameToken.doPasswordDigest(nonce, createdTime, origPassword); } if (!(passDigest.equals(password))) { throw new WSSecurityException(5); } 在这里比两个密码是否一致,之后的操作由框架完成所以 serverPasswordCallback要做的是setPassword,而不是在这里比较. apache-cxf-2.4.0 |
|
返回顶楼 | |
发表时间:2011-05-04
为什么我的pc.getPassword()得到的值为null
|
|
返回顶楼 | |