分享一下wss4j+cxf基于UsernameToken的安全验证。名词解释:
cxf : apache下的一个开源项目,用于发布webservice。
WSS4J : Web Services Security for Java.
废话少说,直接上代码。
1. 首先,需要导入cxf中的所有jar包,及wss4j中的所有jar包与log4j.jar。
(本例中使用的版本是:apache-cxf-2.7.3,wss4j-1.6.9)
2. 首先建立server 项目,发布一个简单的helloWorldService.
目录结构图:
webservice接口代码:
- package com.wss4j.server;
- import javax.jws.WebParam;
- import javax.jws.WebService;
- @WebService
- public interface HelloWorld {
- public String sayHello(@WebParam(name = "name") String name);
- }
webservice实现类
- package com.wss4j.server;
- public class HelloWorldImpl implements HelloWorld {
- @Override
- public String sayHello(String name) {
- return "Hello " + name + " ^_^ !";
- }
- }
接下来是服务端拦截器: ServerPasswordCallback.java
- package com.wss4j.interceptor;
- import java.io.IOException;
- import javax.security.auth.callback.Callback;
- import javax.security.auth.callback.CallbackHandler;
- import javax.security.auth.callback.UnsupportedCallbackException;
- import org.apache.ws.security.WSPasswordCallback;
- import org.slf4j.Logger;
- public class ServerPasswordCallback implements CallbackHandler {
- private Logger logger = org.slf4j.LoggerFactory.getLogger(ServerPasswordCallback.class);
- @Override
- public void handle(Callback[] callbacks) throws IOException,
- UnsupportedCallbackException {
- WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];