论坛首页 Java企业应用论坛

CXF密码验证_服务端和客户端配置

浏览 8479 次
精华帖 (0) :: 良好帖 (0) :: 新手帖 (0) :: 隐藏帖 (0)
作者 正文
   发表时间:2010-05-27   最后修改:2010-05-27
SOA

CXF密码认证是在我前面的一篇文章WebService CXF+struts+spring 示例 的基础上写的.如果你感觉看不懂这篇.那就先看看前面的那篇文章吧!

1:spring服务端的配置

  <bean id="Customer" class="org.web.HelloServiceImpl"></bean>
	<jaxws:endpoint  id="custom"  implementor="#Customer"   address="/web" >
	  	 <jaxws:inInterceptors>  
            <bean class="org.apache.cxf.interceptor.LoggingInInterceptor" />  
            <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />  
            <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">  
                <constructor-arg>  
                    <map>  
                        <entry key="action" value="UsernameToken" />  
                        <entry key="passwordType"  
                            value="PasswordText" />  
                        <entry key="user" value="cxfServer" />  
                        <entry key="passwordCallbackRef">  
                            <ref bean="serverPasswordCallback" />  
                        </entry>  
                    </map>  
                </constructor-arg>  
            </bean>  
        </jaxws:inInterceptors>  
	  
	 </jaxws:endpoint>
	<bean id="serverPasswordCallback"  class="org.web.ServerPasswordCallback" />  

 

action:UsernameToken 是使用用户令牌

passwordType:PasswordText 是指密码加密策略.这里是直接密码文本.

user:cxfServer 是指别名

passwordCallbackRef:serverPasswordCallback 是这密码验证..类..就是下面配置的..

2: 类:serverPasswordCallback

 

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException; 
import org.apache.ws.security.WSPasswordCallback;


public class ServerPasswordCallback implements CallbackHandler {

	public void handle(Callback[] callbacks) throws IOException,
			UnsupportedCallbackException {
		WSPasswordCallback  pc=(WSPasswordCallback) callbacks[0];
		String pw=pc.getPassword();
		String idf=pc.getIdentifier();
		System.out.println("密码是:"+pw);
		System.out.println("类型是:"+idf);
		if(pw.equals("wdwsb")&&idf.equals("admin")){
			System.out.println("成功");
		}
		else{
			throw new SecurityException("验证失败");
		}
	}

  这个不用多说..就是密码验证..很简单!!

3:spring客户端的配置:

 

<bean id="webTest" class="org.web.HelloService" factory-bean="client" factory-method="create"/>
	 <bean id="client" class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean" >
	 		<property name="address" value="http://127.0.0.1:88/Hello/web/web"></property>
	 		<property name="serviceClass" value="org.web.HelloService"></property>
	 		<property name="outInterceptors">
	 			<list>
					<bean class="org.apache.cxf.interceptor.LoggingOutInterceptor" />  
		            <bean class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />  
		            <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">  
		                <constructor-arg>  
		                    <map>  
		                        <entry key="action" value="UsernameToken" />  
		                        <entry key="passwordType"  
		                            value="PasswordText" />  
		                        <entry key="user" value="cxfClient" />  
		                        <entry key="passwordCallbackRef">  
		                            <ref bean="clientPasswordCallback" />  
		                        </entry>  
		                    </map>  
		                </constructor-arg>  
		            </bean>  
	 			</list>
		</property>
	 </bean>
	 <bean id="clientPasswordCallback" class="org.web.clientPasswordCallback"></bean>

跟server的配置差不多..没多少要讲的.呵呵...

4: 类clientPasswordCallback的配置

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.ws.security.WSPasswordCallback;

public class clientPasswordCallback implements CallbackHandler {

	public void handle(Callback[] callbacks) throws IOException,
			UnsupportedCallbackException {
		for(int i=0;i<callbacks.length;i++){
			WSPasswordCallback ps=(WSPasswordCallback) callbacks[i];
			ps.setPassword("wdwsb");
			ps.setIdentifier("admin");
		}
	}

   到此为止..密码认证用户令牌就完成了...

测试!

 

通过!

 

当然我前面写的一篇文章是最基本的.缺少了一些jar包.会报错的.

所以要加上以下jar包..

 

 

 

 

  • 大小: 8.4 KB
   发表时间:2010-08-04  
例子中 id, password是写死的,
ps.setPassword("wdwsb");  
 ps.setIdentifier("admin");  


如果 我希望是填入当前登陆用户的用户名,密码,怎么办呢?
0 请登录后投票
   发表时间:2011-04-29  
serverPasswordCallback这里有问题:
org.apache.ws.security.validate中
WSPasswordCallback pwCb = new WSPasswordCallback(user, null, pwType, 2, data);
 try
 {
       data.getCallbackHandler().handle(new Callback[] { pwCb });
 }

也就是说,在这里要设置password,然后
if (passwordsAreEncoded)
passDigest = UsernameToken.doPasswordDigest(nonce, createdTime, Base64.decode(origPassword));
else {
 passDigest = UsernameToken.doPasswordDigest(nonce, createdTime, origPassword);
}
if (!(passDigest.equals(password))) {
throw new WSSecurityException(5);
}

在这里比两个密码是否一致,之后的操作由框架完成所以
serverPasswordCallback要做的是setPassword,而不是在这里比较.
apache-cxf-2.4.0
0 请登录后投票
   发表时间:2011-04-29  
PasswordDigest类型的时候是设置password,PasswordText类型时是直接验证的
zhouxianglh 写道
serverPasswordCallback这里有问题:
org.apache.ws.security.validate中
WSPasswordCallback pwCb = new WSPasswordCallback(user, null, pwType, 2, data);
 try
 {
       data.getCallbackHandler().handle(new Callback[] { pwCb });
 }

也就是说,在这里要设置password,然后
if (passwordsAreEncoded)
passDigest = UsernameToken.doPasswordDigest(nonce, createdTime, Base64.decode(origPassword));
else {
 passDigest = UsernameToken.doPasswordDigest(nonce, createdTime, origPassword);
}
if (!(passDigest.equals(password))) {
throw new WSSecurityException(5);
}

在这里比两个密码是否一致,之后的操作由框架完成所以
serverPasswordCallback要做的是setPassword,而不是在这里比较.
apache-cxf-2.4.0

0 请登录后投票
   发表时间:2011-05-04  
为什么我的pc.getPassword()得到的值为null
0 请登录后投票
论坛首页 Java企业应用版

跳转论坛:
Global site tag (gtag.js) - Google Analytics