基于CXF的WebService的安全验证问题

       关于基于CXF的安全验证问题,以下是一则有意思的评论:
cxf 涉及安全方面主要有三个途径。

1. transport level的, https, 通过配置jetty来获得。cxf kit里面有一个例子wsdl_first_https, 很详细的讲了怎么使用https

2. soap message的,也就是通过WS-SECURITY协议对soap消息进行各种签名 加密 时间戳,传输密码(各种不同的Token)等操作,cxf中利用了Apache wss4j这个项目来实现WS-SECURITY, 楼主的例子就是UsernameToken的使用。
cxf kit里面ws_security有不少具体的例子,有兴趣可以看一下。

3. 最简单的方式是使用Http Basic Auth, 这个也是jaxws 规范里面要求必须实现的。

关于cxf security的相关讨论,在cxf maillinglist里面有很多,大家有兴趣可以去查看

Cxf网站上面的User's Guide也对security有详细的讲解。

还有就是FuseSource 也有Cxf的文档, Fuse Services Framework就是基于Apache Cxf.



Freeman

------------------------
FuseSource: http://fusesource.com
Apache Servicemix:http://servicemix.apache.org
Apache Cxf: http://cxf.apache.org
Apache Karaf: http://karaf.apache.org
Apache Felix: http://felix.apache.org
以上是一则评论,摘自链接:http://xbcoil.javaeye.com/blog/680732
那什么是Fuse Services Framework呢?维基百科这样解释,Fuse Services Framework是一个基于CXF框架的框架,又称企业级CXF,具体实英文描述如下:
Fuse Services Framework is an open source SOAP and REST web services platform based on Apache CXF for use in enterprise IT organizations. It is productized and supported by the Fuse group at FuseSource Corp. Fuse Services Framework service-enables new and existing systems for use in enterprise SOA infrastructure.

Fuse Services Framework is a pluggable, small-footprint engine that creates high performance, secure and robust services in minutes using front-end programming APIs like JAX-WS and JAX-RS. It supports multiple transports and bindings and is extensible so developers can add bindings for additional message formats so all systems can work together without having to communicate through a centralized server.

Fuse Services Framework is part of a family of enterprise open source SOA infrastructure tools that include Fuse ESB (based on Apache ServiceMix), Fuse Message Broker (based on Apache ActiveMQ) and Fuse Mediation Router (based on Apache Camel).

维基百科这个词条的链接为:http://en.wikipedia.org/wiki/Fuse_Services_Framework

额。。。。
最近纠结于RestFul啊,悲剧。。。

你可能感兴趣的:(webservice,CXF,职场,休闲,安全验证问题)