java 手动解析soap消息_java – 如何手动加密SOAP消息？

如果可能,您可以使用Axis2和Rampart.我已经在类似的情况下成功地使用了它们.

Rampart是一个用于处理安全性的axis2模块,它暴露了一个API,允许您定义要使用的密钥存储位置和别名,从而允许您动态定义它.

示例代码：

private static final String CONFIGURATION_CTX = "src/ctx";

private static final String KEYSTORE_TYPE = "org.apache.ws.security.crypto.merlin.keystore.type";

private static final String KEYSTORE_FILE = "org.apache.ws.security.crypto.merlin.file";

private static final String KEYSTORE_PWD = "org.apache.ws.security.crypto.merlin.keystore.password";

private static final String PROVIDER = "org.apache.ws.security.components.crypto.Merlin";

private static void engageRampartModules(Stub stub)

throws AxisFault, FileNotFoundException, XMLStreamException {

ServiceClient serviceClient = stub._getServiceClient();

engageAddressingModule(stub);

serviceClient.engageModule("rampart");

serviceClient.engageModule("rahas");

RampartConfig rampartConfig = prepareRampartConfig();

attachPolicy(stub,rampartConfig);

}

/**

* Sets all the required security properties.

* @return rampartConfig - an object containing rampart configurations

*/

private static RampartConfig prepareRampartConfig() {

String certAlias = "alias"; //The alias of the public key in the jks file

String keyStoreFile = "ctx/client.ks";

String keystorePassword = "pwd";

String userName = "youusename";

RampartConfig rampartConfig = new RampartConfig();

//Define properties for signing and encription

Properties merlinProp = new Properties();

merlinProp.put(KEYSTORE_TYPE, "JKS");

merlinProp.put(KEYSTORE_FILE,keyStoreFile);

merlinProp.put(KEYSTORE_PWD, keystorePassword);

CryptoConfig cryptoConfig = new CryptoConfig();

cryptoConfig.setProvider(PROVIDER);

cryptoConfig.setProp(merlinProp);

//Rampart configurations

rampartConfig.setUser(userName);

rampartConfig.setUserCertAlias(certAlias);

rampartConfig.setEncryptionUser(certAlias);

rampartConfig.setPwCbClass("com.callback.tests.PasswordCallbackHandler"); //Password Callbak class

rampartConfig.setSigCryptoConfig(cryptoConfig);

rampartConfig.setEncrCryptoConfig(cryptoConfig);

return rampartConfig;

}

/**

* attach the security policy to the stub.

* @param stub

* @param rampartConfig

* @throws XMLStreamException

* @throws FileNotFoundException

*/

private static void attachPolicy(Stub stub, RampartConfig rampartConfig) throws XMLStreamException, FileNotFoundException {

Policy policy = new Policy();

policy.addAssertion(rampartConfig);

stub._getServiceClient().getAxisService().getPolicySubject().attachPolicy(policy);

}

PasswordCallbackHandler：

import java.io.IOException;

import javax.security.auth.callback.Callback;

import javax.security.auth.callback.CallbackHandler;

import javax.security.auth.callback.UnsupportedCallbackException;

import org.apache.ws.security.WSPasswordCallback;

public class PasswordCallbackHandler implements CallbackHandler {

// @Override

public void handle(Callback[] callbacks) throws IOException,

UnsupportedCallbackException {

for (int i = 0; i < callbacks.length; i++) {

WSPasswordCallback pwcb = (WSPasswordCallback) callbacks[i];

String id = pwcb.getIdentifer();

switch (pwcb.getUsage()) {

case WSPasswordCallback.USERNAME_TOKEN: {

if (id.equals("pwd")) {

pwcb.setPassword("pwd");

}

}

}

}

}

}