apache cfx 安全认证的两种方式
具体看文档,
Apache Cxf 安全认证
1. 方法一:密码验证 实例查看 apacheCxf_密码.zip
client-beans.xml
<jaxws:outInterceptors>
<bean class="org.apache.cxf.interceptor.LoggingOutInterceptor" /> <bean class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" /> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<constructor-arg> <map>
<entry key="action" value="UsernameToken" />
<entry key="passwordType" value="PasswordDigest" /> <entry key="user" value="user_name" />
<entry key="passwordCallbackRef">
<ref bean="clientPasswordCallback" /> </entry>
</map> </constructor-arg>
</bean> </jaxws:outInterceptors>
在客户端发送请求时,使用一个拦截器,通过 ClientPasswordCallback 类加载用 户账号密码。
beans.xml
<jaxws:inInterceptors>
<bean class="org.apache.cxf.interceptor.LoggingInInterceptor" /> <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" /> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>

<map>
<entry key="action" value="UsernameToken" />
<entry key="passwordType" value="PasswordDigest" /> <entry key="passwordCallbackRef">
<ref bean="serverPasswordCallback" /> </entry>
</map> </constructor-arg>
</bean> </jaxws:inInterceptors>
在服务端接受请求时,使用一个拦截器,通过 ServerPasswordCallback 得到 用户密码,进行验证。
2. 方法二:CA 证书验证
实例查看 apacheCxf_SSL.zip,或者文档 apache CXF ssl 安全认证教程.pdf
UserServiceFactory
/**
* 取得信任证书管理器
*
* @return
* @throws IOException */
private static TrustManager[] getTrustManagers() throws IOException { try {
String alg = TrustManagerFactory.getDefaultAlgorithm(); TrustManagerFactory factory = TrustManagerFactory.getInstance(alg); InputStream fp = UserServiceFactory.class.getResourceAsStream(trustStore); KeyStore ks = KeyStore.getInstance("JKS");
ks.load(fp, trustStorePass.toCharArray());
fp.close();
factory.init(ks);
TrustManager[] tms = factory.getTrustManagers();
return tms;
} catch (NoSuchAlgorithmException e) { e.printStackTrace();
} catch (KeyStoreException e) { e.printStackTrace();
} catch (CertificateException e) { e.printStackTrace();

}
return null; }
/**
* 取得个人证书管理器 * @return *
* @throws IOException
*/
private static KeyManager[] getKeyManagers() throws IOException { try {
String alg = KeyManagerFactory.getDefaultAlgorithm(); KeyManagerFactory factory = KeyManagerFactory.getInstance(alg); InputStream fp = UserServiceFactory.class.getResourceAsStream(keyStore); KeyStore ks = KeyStore.getInstance("JKS");
ks.load(fp, keyStorePass.toCharArray());
fp.close();
factory.init(ks, keyStorePass.toCharArray());
KeyManager[] keyms = factory.getKeyManagers();
return keyms;
} catch (NoSuchAlgorithmException e) { e.printStackTrace();
} catch (KeyStoreException e) { e.printStackTrace();
} catch (CertificateException e) { e.printStackTrace();
} catch (UnrecoverableKeyException e) { e.printStackTrace();
}
return null; }
static {
// 得到实例
ApplicationContext context = new ClassPathXmlApplicationContext(new String[] { "Test/client-beans.xml" });
us = (UserService) context.getBean("client");
Client client = ClientProxy.getClient(us);
HTTPConduit httpConduit = (HTTPConduit) client.getConduit(); TLSClientParameters tlsParams = httpConduit.getTlsClientParameters(); if (tlsParams == null)
tlsParams = new TLSClientParameters(); tlsParams.setSecureSocketProtocol("SSL"); tlsParams.setDisableCNCheck(true);

try {
tlsParams.setKeyManagers(getKeyManagers()); tlsParams.setTrustManagers(getTrustManagers());
} catch (IOException e) { e.printStackTrace();
}
httpConduit.setTlsClientParameters(tlsParams); }
public static UserService getInstance() { return us;
}
通过 UserServiceFactory 得到 client 的 key,将 key 传给 server 进行验证。Server 端使用 tomcat 配置 ssl 验证器。增加 tomcat 的 server.xml 中的 connector。 <Connector port="8444" SSLEnabled="true" secure="true" algorithm="SunX509" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" clientAuth="true" sslProtocol="TLS" keystoreFile="/Users/apple/server.store" keystorePass="123456" keystoreType="jks" keyAlias="akey" truststoreFile="/Users/apple/server.store" truststorePass="123456" truststoreType="jks" />
生成证书方式可查看 apache CXF ssl 安全认证教程.pdf

Apache Cxf 安全认证
1. 方法一:密码验证 实例查看 apacheCxf_密码.zip
client-beans.xml
<jaxws:outInterceptors>
<bean class="org.apache.cxf.interceptor.LoggingOutInterceptor" /> <bean class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" /> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<constructor-arg> <map>
<entry key="action" value="UsernameToken" />
<entry key="passwordType" value="PasswordDigest" /> <entry key="user" value="user_name" />
<entry key="passwordCallbackRef">
<ref bean="clientPasswordCallback" /> </entry>
</map> </constructor-arg>
</bean> </jaxws:outInterceptors>
在客户端发送请求时,使用一个拦截器,通过 ClientPasswordCallback 类加载用 户账号密码。
beans.xml
<jaxws:inInterceptors>
<bean class="org.apache.cxf.interceptor.LoggingInInterceptor" /> <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" /> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>

<map>
<entry key="action" value="UsernameToken" />
<entry key="passwordType" value="PasswordDigest" /> <entry key="passwordCallbackRef">
<ref bean="serverPasswordCallback" /> </entry>
</map> </constructor-arg>
</bean> </jaxws:inInterceptors>
在服务端接受请求时,使用一个拦截器,通过 ServerPasswordCallback 得到 用户密码,进行验证。
2. 方法二:CA 证书验证
实例查看 apacheCxf_SSL.zip,或者文档 apache CXF ssl 安全认证教程.pdf
UserServiceFactory
/**
* 取得信任证书管理器
*
* @return
* @throws IOException */
private static TrustManager[] getTrustManagers() throws IOException { try {
String alg = TrustManagerFactory.getDefaultAlgorithm(); TrustManagerFactory factory = TrustManagerFactory.getInstance(alg); InputStream fp = UserServiceFactory.class.getResourceAsStream(trustStore); KeyStore ks = KeyStore.getInstance("JKS");
ks.load(fp, trustStorePass.toCharArray());
fp.close();
factory.init(ks);
TrustManager[] tms = factory.getTrustManagers();
return tms;
} catch (NoSuchAlgorithmException e) { e.printStackTrace();
} catch (KeyStoreException e) { e.printStackTrace();
} catch (CertificateException e) { e.printStackTrace();

}
return null; }
/**
* 取得个人证书管理器 * @return *
* @throws IOException
*/
private static KeyManager[] getKeyManagers() throws IOException { try {
String alg = KeyManagerFactory.getDefaultAlgorithm(); KeyManagerFactory factory = KeyManagerFactory.getInstance(alg); InputStream fp = UserServiceFactory.class.getResourceAsStream(keyStore); KeyStore ks = KeyStore.getInstance("JKS");
ks.load(fp, keyStorePass.toCharArray());
fp.close();
factory.init(ks, keyStorePass.toCharArray());
KeyManager[] keyms = factory.getKeyManagers();
return keyms;
} catch (NoSuchAlgorithmException e) { e.printStackTrace();
} catch (KeyStoreException e) { e.printStackTrace();
} catch (CertificateException e) { e.printStackTrace();
} catch (UnrecoverableKeyException e) { e.printStackTrace();
}
return null; }
static {
// 得到实例
ApplicationContext context = new ClassPathXmlApplicationContext(new String[] { "Test/client-beans.xml" });
us = (UserService) context.getBean("client");
Client client = ClientProxy.getClient(us);
HTTPConduit httpConduit = (HTTPConduit) client.getConduit(); TLSClientParameters tlsParams = httpConduit.getTlsClientParameters(); if (tlsParams == null)
tlsParams = new TLSClientParameters(); tlsParams.setSecureSocketProtocol("SSL"); tlsParams.setDisableCNCheck(true);

try {
tlsParams.setKeyManagers(getKeyManagers()); tlsParams.setTrustManagers(getTrustManagers());
} catch (IOException e) { e.printStackTrace();
}
httpConduit.setTlsClientParameters(tlsParams); }
public static UserService getInstance() { return us;
}
通过 UserServiceFactory 得到 client 的 key,将 key 传给 server 进行验证。Server 端使用 tomcat 配置 ssl 验证器。增加 tomcat 的 server.xml 中的 connector。 <Connector port="8444" SSLEnabled="true" secure="true" algorithm="SunX509" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" clientAuth="true" sslProtocol="TLS" keystoreFile="/Users/apple/server.store" keystorePass="123456" keystoreType="jks" keyAlias="akey" truststoreFile="/Users/apple/server.store" truststorePass="123456" truststoreType="jks" />
生成证书方式可查看 apache CXF ssl 安全认证教程.pdf