xfire的webservice安全机制之加密(二)
xfire的webservice安全机制
下面是客户端调用的配置
如果按照我上次采用的那个整合XFIRE和SPRING的办法,需要修改的东西很少,
配置文件做如下修改:
<bean name="tuserManagerXfire"
value="http://192.168.10.103/ipcamera/services/UserServiceEnc"/>
<property name="serviceClassName" value="com.megaeyes.ipcamera.service.webservice.iface.UserService"/>
</bean>
嘿嘿。其实改的就是URL,改了一个
http://192.168.10.103/ipcamera/services/UserServiceEnc
调用了加密后的接口
然后我写的那个XFireClientFactory.java里面要做一个修改,加入如下代码:
public Object getObject() throws Exception {
String url = this.getServiceURL();
Class sClass = null;
try {
sClass = Class.forName(this.getServiceClassName());
} catch (ClassNotFoundException e) {
log.error(e.getMessage(), e);
return null;
}
Assert.notNull(url);
Assert.notNull(sClass);
Service serviceModel = new ObjectServiceFactory().create(sClass);
try {
Object obj = serviceFactory.create(serviceModel, url);
//加入了加密的内容
getEnc(obj);
return obj;
} catch (MalformedURLException e) {
log.error(e.getMessage(), e);
return null;
}
}
public void getEnc(Object service) {
Client client = ((XFireProxy) Proxy.getInvocationHandler(service))
.getClient();
// 挂上WSS4JOutHandler,提供认证
client.addOutHandler(new DOMOutHandler());
Properties properties = new Properties();
properties.setProperty(WSHandlerConstants.ACTION,
WSHandlerConstants.ENCRYPT);
properties.setProperty(WSHandlerConstants.USER, "tianyi");
// config.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS,
// PasswordHandler.class.getName());
// Configuration of public key used to encrypt message goes to
// properties file.
properties
.setProperty(
WSHandlerConstants.ENC_PROP_FILE,
"outsecurity_enc.properties");
client.addOutHandler(new WSS4JOutHandler(properties));
}
其实就把原来的方法改了,在返回调用前,先调用了getEnc(obj);这个方法,挂上了加密这个动作。
有个比较土的地方要修改一下,就是代码里面还有一个
properties.setProperty(WSHandlerConstants.USER, "tianyi");
写死的传递用户名的。嘿嘿。改成从配置中读取吧。
在客户端的properties文件中,这么写outsecurity_enc.properties:
#加密的类
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
#打开加密的文件的密码
org.apache.ws.security.crypto.merlin.keystore.password=ipcamera
#公匙的名字
org.apache.ws.security.crypto.merlin.file=tianyi_public.jks
这样客户端就配置完成了。调用原来那个
public void testGetUser() {
UserService userService = (UserService) appContext
.getBean("tuserManagerXfire");
IUserInfo iuserInfo = new IUserInfo();
iuserInfo.setId("0000000000000000000000000000119");
IUserInfoResult result = userService.getUser(iuserInfo);
assertNotNull(result);
System.out.println(result.getErrorCode());
System.out.println(result.getMessage());
System.out.println(result.getLogonName());
}
就可以测试了