首页 诗词 字典 板报 句子 名言 友答 励志 学校 网站地图
当前位置: 首页 > 教程频道 > 网站开发 > XML SOAP >

CXF WS-SECURITY协议对soap讯息加密

2012-10-12 
CXFWS-SECURITY协议对soap消息加密!-- 服务端代码: --jaxws:endpoint iduserWebService implementor

CXF WS-SECURITY协议对soap消息加密

<!-- 服务端代码: --><jaxws:endpoint id="userWebService" implementor="#userServiceImpl" address="/userservice"><jaxws:inInterceptors><bean /> <bean ><constructor-arg><map><entry key="action" value="UsernameToken Timestamp" /><!-- MD5加密明文密码 -->                        <entry key="passwordType" value="PasswordDigest" />                            <entry key="user" value="admin" />                        <entry key="passwordCallbackRef" >                       <ref bean="serverPasswordCallback" />                            </entry>   </map></constructor-arg></bean></jaxws:inInterceptors><jaxws:outInterceptors><bean name="code">package com.cxf.webservice.callback;import java.io.IOException;import java.util.HashMap;import java.util.Map;import javax.security.auth.callback.Callback;import javax.security.auth.callback.CallbackHandler;import javax.security.auth.callback.UnsupportedCallbackException;import org.apache.log4j.Logger;import org.apache.ws.security.WSPasswordCallback;public class ServerPasswordCallback implements CallbackHandler {Logger log = Logger.getLogger(ServerPasswordCallback.class);Map<String, String> user = new HashMap<String, String>();{user.put("admin", "1234");user.put("su", "1234");}@Overridepublic void handle(Callback[] callbacks) throws IOException,UnsupportedCallbackException {log.debug("handler passwordcallback method....");WSPasswordCallback wpc = (WSPasswordCallback) callbacks[0];if (!user.containsKey(wpc.getIdentifier())) {throw new SecurityException("No Permission!");}/* * 此处特别注意:: * WSPasswordCallback 的passwordType属性和password 属性都为null, * 你只能获得用户名(identifier), * 一般这里的逻辑是使用这个用户名到数据库中查询其密码, * 然后再设置到password 属性,WSS4J 会自动比较客户端传来的值和你设置的这个值。 * 你可能会问为什么这里CXF 不把客户端提交的密码传入让我们在ServerPasswordCallbackHandler 中比较呢? * 这是因为客户端提交过来的密码在SOAP 消息中已经被加密为MD5 的字符串, * 如果我们要在回调方法中作比较,那么第一步要做的就是把服务端准备好的密码加密为MD5 字符串, * 由于MD5 算法参数不同结果也会有差别,另外,这样的工作CXF 替我们完成不是更简单吗? */wpc.setPassword(user.get(wpc.getIdentifier()));//如果包含用户名,就设置该用户名正确密码,由CXF验证密码String username = wpc.getIdentifier();String password = wpc.getPassword();log.debug("username: "+username + "    password: "+password);log.info("User : "+wpc.getIdentifier()+ "  login!!!!!");}}

?

?

?

?

<!--客户端配置--><bean id="userService" factory-bean="clientFactory" factory-method="create" /><bean id="clientFactory" value="http://127.0.0.1:8080/HSQLDB/webservice/userservice"></property><property name="serviceClass" value="webservice.cxf.client.UserService"></property><property name="outInterceptors"><list><bean /><bean /><bean value="UsernameToken Timestamp" /><!-- MD5加密明文密码 --><entry key="passwordType" value="PasswordDigest" /><entry key="user" value="admin" /><entry key="passwordCallbackRef"><ref bean="clientPasswordCallback" /></entry></map></constructor-arg></bean></list></property></bean><bean id="clientPasswordCallback" name="code">package webservice.cxf.clientPasswordCalback;import java.io.IOException;import javax.security.auth.callback.Callback;import javax.security.auth.callback.CallbackHandler;import javax.security.auth.callback.UnsupportedCallbackException;import org.apache.ws.security.WSPasswordCallback;public class ClientPasswordCallback implements CallbackHandler {@Overridepublic void handle(Callback[] callbacks) throws IOException,UnsupportedCallbackException {for (Callback callback : callbacks) {//设置用户密码,供服务端验证WSPasswordCallback wsc = (WSPasswordCallback)callback;wsc.setIdentifier("su");wsc.setPassword("1234");}}}

?Tset:

ApplicationContext app ;@Beforepublic void initAPP(){app = new ClassPathXmlApplicationContext("cxf-client.xml");}@Testpublic void testSucruty(){UserService us = (UserService) app.getBean("userService");System.out.println(us.getAllUser().size());}
?

热点排行