apache cfx 安全认证的两种方式

具体看文档,
Apache Cxf 安全认证
1. 方法一:密码验证 实例查看 apacheCxf_密码.zip
client-beans.xml









在客户端发送请求时,使用一个拦截器,通过 ClientPasswordCallback 类加载用 户账号密码。
beans.xml










在服务端接受请求时,使用一个拦截器,通过 ServerPasswordCallback 得到 用户密码,进行验证。
2. 方法二:CA 证书验证
实例查看 apacheCxf_SSL.zip,或者文档 apache CXF ssl 安全认证教程.pdf
UserServiceFactory
/**
* 取得信任证书管理器
*
* @return
* @throws IOException */
private static TrustManager[] getTrustManagers() throws IOException { try {
String alg = TrustManagerFactory.getDefaultAlgorithm(); TrustManagerFactory factory = TrustManagerFactory.getInstance(alg); InputStream fp = UserServiceFactory.class.getResourceAsStream(trustStore); KeyStore ks = KeyStore.getInstance("JKS");
ks.load(fp, trustStorePass.toCharArray());
fp.close();
factory.init(ks);
TrustManager[] tms = factory.getTrustManagers();
return tms;
} catch (NoSuchAlgorithmException e) { e.printStackTrace();
} catch (KeyStoreException e) { e.printStackTrace();
} catch (CertificateException e) { e.printStackTrace();

}
return null; }
/**
* 取得个人证书管理器 * @return *
* @throws IOException
*/
private static KeyManager[] getKeyManagers() throws IOException { try {
String alg = KeyManagerFactory.getDefaultAlgorithm(); KeyManagerFactory factory = KeyManagerFactory.getInstance(alg); InputStream fp = UserServiceFactory.class.getResourceAsStream(keyStore); KeyStore ks = KeyStore.getInstance("JKS");
ks.load(fp, keyStorePass.toCharArray());
fp.close();
factory.init(ks, keyStorePass.toCharArray());
KeyManager[] keyms = factory.getKeyManagers();
return keyms;
} catch (NoSuchAlgorithmException e) { e.printStackTrace();
} catch (KeyStoreException e) { e.printStackTrace();
} catch (CertificateException e) { e.printStackTrace();
} catch (UnrecoverableKeyException e) { e.printStackTrace();
}
return null; }
static {
// 得到实例
ApplicationContext context = new ClassPathXmlApplicationContext(new String[] { "Test/client-beans.xml" });
us = (UserService) context.getBean("client");
Client client = ClientProxy.getClient(us);
HTTPConduit httpConduit = (HTTPConduit) client.getConduit(); TLSClientParameters tlsParams = httpConduit.getTlsClientParameters(); if (tlsParams == null)
tlsParams = new TLSClientParameters(); tlsParams.setSecureSocketProtocol("SSL"); tlsParams.setDisableCNCheck(true);

try {
tlsParams.setKeyManagers(getKeyManagers()); tlsParams.setTrustManagers(getTrustManagers());
} catch (IOException e) { e.printStackTrace();
}
httpConduit.setTlsClientParameters(tlsParams); }
public static UserService getInstance() { return us;
}
通过 UserServiceFactory 得到 client 的 key,将 key 传给 server 进行验证。Server 端使用 tomcat 配置 ssl 验证器。增加 tomcat 的 server.xml 中的 connector。
生成证书方式可查看 apache CXF ssl 安全认证教程.pdf


你可能感兴趣的:(java)