CXF全接触(一) --- WS-Security的实现
参考本例前,请先阅读下面的2篇资料:
http://blog.csdn.net/kunshan_shenbin/archive/2008/12/26/3613918.aspx
http://blog.csdn.net/kunshan_shenbin/archive/2008/12/27/3621990.aspx
我们使用Apache WSS4J这个WS-Security的开源实现,相关内容请参阅:
http://ws.apache.org/wss4j/
WSS4J支持如下几种模式:
XML Security
XML Signature
XML Encryption
Tokens
Username Tokens
Timestamps
SAML Tokens
这里将使用Timestamps+Encryption+Signature组合。
首先需要生成服务端及客户端密钥文件:
generateKeyPair.bat
rem @echo off echo alias %1 echo keypass %2 echo keystoreName %3 echo KeyStorePass %4 echo keyName %5 echo keyName %5 keytool -genkey -alias %1 -keypass %2 -keystore %3 -storepass %4 -dname "cn=%1" -keyalg RSA keytool -selfcert -alias %1 -keystore %3 -storepass %4 -keypass %2 keytool -export -alias %1 -file %5 -keystore %3 -storepass %4
generateServerKey.bat
call generateKeyPair.bat apmserver apmserverpass serverStore.jks keystorePass serverKey.rsa call generateKeyPair.bat apmclient apmclientpass clientStore.jks keystorePass clientKey.rsa keytool -import -alias apmserver -file serverKey.rsa -keystore clientStore.jks -storepass keystorePass -noprompt keytool -import -alias apmclient -file clientKey.rsa -keystore serverStore.jks -storepass keystorePass -noprompt
执行generateServerKey.bat批处理,生成clientStore.jks及serverStore.jks文件。
生成的密钥文件中包含的信息:
服务端 账户:apmserver / apmserverpass
客户端 账户:apmclient / apmclientpass
如下图所示建立工程:
所使用到的Jar包一览
PasswordHandler.java
package com.cecltd.security; import java.io.IOException; import java.util.HashMap; import java.util.Map; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.UnsupportedCallbackException; import org.apache.ws.security.WSPasswordCallback; public class PasswordHandler implements CallbackHandler { private Map
SayHiSrvcImpl.java
package com.cecltd.service.impl; import com.cecltd.service.SayHiSrvc; public class SayHiSrvcImpl implements SayHiSrvc { public String sayHi(String username) { return "Hi, " + username + "!"; } }
SayHiSrvc.java
package com.cecltd.service; import javax.jws.WebService; @WebService public interface SayHiSrvc { public String sayHi(String username); }
server_insecurity_enc.properties
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=jks org.apache.ws.security.crypto.merlin.keystore.password=keystorePass org.apache.ws.security.crypto.merlin.alias.password=apmserverpass org.apache.ws.security.crypto.merlin.keystore.alias=apmserver org.apache.ws.security.crypto.merlin.file=serverStore.jks
server_insecurity_sign.properties
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=jks org.apache.ws.security.crypto.merlin.keystore.password=keystorePass #org.apache.ws.security.crypto.merlin.alias.password=apmserverpass org.apache.ws.security.crypto.merlin.keystore.alias=apmserver org.apache.ws.security.crypto.merlin.file=serverStore.jks
server_outsecurity_enc.properties
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=jks org.apache.ws.security.crypto.merlin.keystore.password=keystorePass #org.apache.ws.security.crypto.merlin.alias.password=apmserverpass #org.apache.ws.security.crypto.merlin.keystore.alias=apmserver org.apache.ws.security.crypto.merlin.file=serverStore.jks
SayHiServiceTest.java
package com.service.test; import static org.junit.Assert.*; import org.junit.BeforeClass; import org.junit.Test; import org.springframework.context.ApplicationContext; import org.springframework.context.support.ClassPathXmlApplicationContext; import com.cecltd.service.SayHiSrvc; public class SayHiServiceTest { private static SayHiSrvc sayHiSrvc; @BeforeClass public static void setUp() { ApplicationContext context = new ClassPathXmlApplicationContext(new String[] { "applicationContext.xml" }); sayHiSrvc = (SayHiSrvc)context.getBean("SayHiSrvc"); } @Test public void testSayHi() { assertEquals("Hi, ShenBin!", sayHiSrvc.sayHi("ShenBin")); } }
applicationContext.xml
insecurity_enc.properties
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=jks org.apache.ws.security.crypto.merlin.keystore.password=keystorePass org.apache.ws.security.crypto.merlin.alias.password=apmclientpass org.apache.ws.security.crypto.merlin.keystore.alias=apmclient org.apache.ws.security.crypto.merlin.file=clientStore.jks
outsecurity_enc.properties
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=jks org.apache.ws.security.crypto.merlin.keystore.password=keystorePass org.apache.ws.security.crypto.merlin.alias.password=apmclientpass org.apache.ws.security.crypto.merlin.keystore.alias=apmclient org.apache.ws.security.crypto.merlin.file=clientStore.jks
outsecurity_sign.properties
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=jks org.apache.ws.security.crypto.merlin.keystore.password=keystorePass org.apache.ws.security.crypto.merlin.alias.password=apmclientpass org.apache.ws.security.crypto.merlin.keystore.alias=apmclient org.apache.ws.security.crypto.merlin.file=clientStore.jks
serverhost.properties
host.url=http://127.0.0.1:8080/J6CxfSrvc/services
cxf-config.xml
web.xml