xfire的webservice安全机制之签名

xfire的webservice安全机制之签名

服务端配置修改点:
applicationContext-webservice.xml文件:
<property name="inHandlers">
<list>
<ref bean="domInHandler" />
<ref bean="wss4jInHandlerSign"/>
<ref bean="validateUserTokenHandler" />
</list>
</property>

<bean id="wss4jInHandlerSign" class="org.codehaus.xfire.security.wss4j.WSS4JInHandler">
<property name="properties">
<props>
<prop key="action">Signature</prop>
<prop key="signaturePropFile">
insecurity_sign.properties
</prop>
</props>
</property>
</bean>

新增配置文件insecurity_sign.properties:

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=dv110.com
org.apache.ws.security.crypto.merlin.file=tianyi_public.jks

客户端配置文件:
只需要修改XFireClientFactory.java文件:
//签名
getSign(obj);

public void getSign(Object service){
Client client = ((XFireProxy) Proxy.getInvocationHandler(service)).getClient();
//挂上WSS4JOutHandler,提供认证
client.addOutHandler(new DOMOutHandler());
Properties properties = new Properties();

properties.setProperty(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE);
// User in keystore
properties.setProperty(WSHandlerConstants.USER, "safedv");
// This callback is used to specify password for given user for keystore
properties.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS, PasswordHandler.class.getName());
// Configuration for accessing private key in keystore
properties.setProperty(WSHandlerConstants.SIG_PROP_FILE, "outsecurity_sign.properties");
properties.setProperty(WSHandlerConstants.SIG_KEY_ID, "IssuerSerial");

client.addOutHandler(new WSS4JOutHandler(properties));
}

客户端增加配置文件,outsecurity_sign.properties
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=dv110.com
org.apache.ws.security.crypto.merlin.file=tianyi_private.jks

附录,生成签名的各个KEY,其实就是和ENC反过来操作,私匙签名,公匙解
1、通过别名和密码创建私密钥到keystore:
C:\>keytool -genkey -alias safedv -keypass safedv -keystore tianyi_private.jks -storepass dv110.com -dname "cn=dv110" -keyalg RSA

2、证书:
C:\>keytool -selfcert -alias safedv -keystore tianyi_private.jks -storepass dv110.com -keypass safedv
3、导出公钥到key.rsa:

C:\>keytool -export -alias safedv -file safedv.rsa -keystore tianyi_private.jks -storepass dv110.com

4、导入公钥到新的keystore中:
C:\>keytool -import -alias safedv -file safedv.rsa -keystore tianyi_public.jks -storepass dv110.com
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值