CXF应用程序开发应用程序的安全性

最新推荐文章于 2021-02-23 22:50:11 发布

longgangbai

最新推荐文章于 2021-02-23 22:50:11 发布

阅读量57

点赞数

文章标签： Security WebService Java Apache SOAP

package com.easyway.cxf.service;

import javax.jws.WebParam;
import javax.jws.WebService;
import java.util.List;


import com.easyway.cxf.model.User;
/**
 * 
 * 采用JaxWS发布服务
 * 备注在接口中必须使用@WebService 注解否则出现错误
 * 
 * 
 * @author longgangbai
 *
 */
@WebService
public interface HelloService {
 /**
  * The @WebParam annotation is necessary as java interfaces do not store the Parameter name in the .class file. So if you leave out the annotation your parameter will be named arg0.
  * @param name
  * @return
  */
  public String hello(@WebParam(name="text")String name);
  
  /**
   * Advanced usecase of passing an Interface in.  JAX-WS/JAXB does not
   * support interfaces directly.  Special XmlAdapter classes need to
   * be written to handle them
   */
  public String sayHi(User user);

  public String[] getAllUseNames(List<User> userList);
}

package com.easyway.cxf.service;

import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;

import javax.jws.WebService;

import com.easyway.cxf.model.User;
/**
 * 
 *  采用JaxWS发布服务
 *  
 * JAX-WS includes many more annotations as well such as:
 *
 * @WebMethod - allows you to customize the operation name, exclude the operation from inclusion in the service, etc 
 * @WebParam - allows you to customize a parameter's name, namespace, direction (IN or OUT), etc 
 * @WebResult - allows you to customize the return value of the web service call 
 *
 * @author longgangbai
 *
 */
@WebService(endpointInterface = "com.easyway.cxf.service.HelloService",
        serviceName = "HelloService")
public class HelloServiceImpl implements HelloService {

    Map<Integer, User> users = new LinkedHashMap<Integer, User>();
    

	public String hello(String username) {
        return "Hello " + username;
	}

	public String sayHi(User user) {
	        users.put(users.size() + 1, user);
	        return "Hello "  + user.getUsername();
	}
	public String[] getAllUseNames(List<User> userList) {
		String[] userListArr=new String[userList.size()];
		for (int i=0;i<userList.size();i++) {
			userListArr[i]=userList.get(i).getUsername();
		}
		return userListArr;
	}

}

package com.easyway.cxf.security;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;

import org.apache.ws.security.WSPasswordCallback;
/**
 * 采用回调方法检测WS调用的安全性
 * @author longgangbai
 *
 */
public class ServerPasswordHandler implements CallbackHandler{

	private Map<String, String> passwords;   
	
	public ServerPasswordHandler(){
		passwords=new HashMap<String, String>();
    	passwords.put("admin", "admin");   
        passwords.put("test", "test");   
        passwords.put("userName", "password"); 
	}
	
	public void handle(Callback[] callbacks) throws IOException,
			UnsupportedCallbackException {
		 WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];  
		 //获取用户名
		 String id = pc.getIdentifier(); 
		 System.out.println("id==="+id);
		 //获取密码
		 String password = pc.getPassword();  
	     if(passwords.containsKey(id)){
	    	 if(!password.equals(passwords.get(id))){
	    		 throw new SecurityException("wrong password");
	    	 }
	     }else{
	    	 throw new SecurityException("wrong username");
	     }
	}
}

package com.easyway.cxf.security;

import java.io.IOException;

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.ws.security.WSPasswordCallback;
/**
 * 客户端的验证校验代码
 * @author longgangbai
 *
 */
public class ClientPasswordCallback implements CallbackHandler { 

		public void handle(Callback[] callbacks) throws IOException,
				UnsupportedCallbackException {
	            WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];    
	            int usage = pc.getUsage();    
	            System.out.println("identifier: " + pc.getIdentifier());    
	            System.out.println("usage: " + pc.getUsage());    
	            if (usage == WSPasswordCallback.USERNAME_TOKEN) {  
	            	System.out.println("admin =====");
	                    pc.setPassword("admin");   
	                    pc.setIdentifier("admin");
	            } 
		}    

	}

package com.easyway.cxf.test.client.security;

import java.util.HashMap;
import java.util.Map;

import org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor;
import org.apache.cxf.jaxws.JaxWsProxyFactoryBean;
import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.handler.WSHandlerConstants;

import com.easyway.cxf.security.ClientPasswordCallback;
import com.easyway.cxf.service.HelloService;
import com.easyway.cxf.test.server.CFX;
/**
 * 
 * @author longgangbai
 *
 */
public class CXFClientSecurity {
public static void main(String[] args) {
	JaxWsProxyFactoryBean factory=new JaxWsProxyFactoryBean();
	Map<String, Object> outProps = new HashMap<String, Object>(); 
	outProps.put(WSHandlerConstants.ACTION,WSHandlerConstants.USERNAME_TOKEN); 
	outProps.put(WSHandlerConstants.USER, "userName"); 
	outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT); 
	outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, 
	ClientPasswordCallback.class.getName()); 
	WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps); 
	factory.getOutInterceptors().add(wssOut); 
	factory.getOutInterceptors().add(new SAAJOutInterceptor()); 
	factory.setServiceClass(HelloService.class);
	//和服务端发送路径一样的
	factory.setAddress(CFX.SERVICE_ADDRESS);
	HelloService helloService=(HelloService)factory.create();
	String msg=helloService.hello("xiaobai");
	System.out.println("msg="+msg);
}
}

package com.easyway.cxf.test.client.security;

import java.util.HashMap;
import java.util.Map;

import org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor;
import org.apache.cxf.jaxws.JaxWsProxyFactoryBean;
import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.handler.WSHandlerConstants;

import com.easyway.cxf.security.ClientPasswordCallback;
import com.easyway.cxf.service.HelloService;
import com.easyway.cxf.test.server.CFX;
/**
 * 
 * @author longgangbai
 *
 */
public class CXFClientSecurity {
public static void main(String[] args) {
	JaxWsProxyFactoryBean factory=new JaxWsProxyFactoryBean();
	Map<String, Object> outProps = new HashMap<String, Object>(); 
	outProps.put(WSHandlerConstants.ACTION,WSHandlerConstants.USERNAME_TOKEN); 
	outProps.put(WSHandlerConstants.USER, "userName"); 
	outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT); 
	outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, 
	ClientPasswordCallback.class.getName()); 
	WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps); 
	factory.getOutInterceptors().add(wssOut); 
	factory.getOutInterceptors().add(new SAAJOutInterceptor()); 
	factory.setServiceClass(HelloService.class);
	//和服务端发送路径一样的
	factory.setAddress(CFX.SERVICE_ADDRESS);
	HelloService helloService=(HelloService)factory.create();
	String msg=helloService.hello("xiaobai");
	System.out.println("msg="+msg);
}
}

longgangbai

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
CXF应用程序开发应用程序的安全性

package com.easyway.cxf.service;import javax.jws.WebParam;import javax.jws.WebService;import java.util.List;import com.easyway.cxf.model.User;/** * * 采用JaxWS发布服务 * 备注在接口中必须使用@We...
复制链接

扫一扫