前一篇使用明文密码,这一篇使用密文加密。服务端和客户端同时加密,然后利用cxf的拦截器底层自动校验
服务端code如下:
回调函数MyPwdCallback代码如下:
package com.bojoy.service;
import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import com.bojoy.util.MyConfigUtil;
import com.bojoy.util.MyPwTools;
public class MyPwdCallback implements CallbackHandler {
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
//使用加密后的密码
WSPasswordCallback wpc = (WSPasswordCallback) callbacks[0];
String identifer = wpc.getIdentifier();
String pw = MyConfigUtil.getProperties(identifer);
String getpw = MyPwTools.getPw(identifer, pw);
wpc.setPassword(getpw);
/*//使用明文密码
* WSPasswordCallback wpc = (WSPasswordCallback) callbacks[0];
*
* String identifier = wpc.getIdentifier();
*
* String password = "";
*
* if (identifier.equals("cxf")) { password = "wss4j"; }
*
* wpc.setPassword(password);
*/
}
}
加密工具类MypwTools和MD5Util和MyConfigUtil类如下:
package com.bojoy.util;
import