1.服务器实现
将serverStore.jks拷贝到<工程目录>/src/META-INF/xfire的目录下
1、insecurity.properties文件,放在META-INF/xfire/下
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin |
2、service.xml文件,放在META-INF/xfire/下
<?xmlversion="1.0"encoding="UTF-8"?> <!-- START SNIPPET: services --> <beansxmlns="http://xfire.codehaus.org/config/1.0"> <service> <name>SayHelloService</name> <namespace>http://com.test.wsses/SayHelloService </namespace> <serviceClass>com.test.wsses.SayHelloService </serviceClass> <implementationClass>com.test.wsses.SayHelloServiceImpl </implementationClass> <inHandlers> <handler handlerClass="org.codehaus.xfire.util.dom.DOMInHandler"/> <beanclass="org.codehaus.xfire.security. wss4j.WSS4JInHandler"xmlns=""> <propertyname="properties"> <props> <propkey="action">Encrypt Signature</prop> <!--组合动作用空格分隔(报文加密和数字签名);在XFire中,动作的执行顺序和动作的编写顺序一致,如“Encrypt Signature”表示先解密再验证数字签名(对于InHandler)--> <!--验证签名须使用client数字证书,属性文件需要提供访问密钥库client数字证书的配置-->
<propkey="signaturePropFile"> META-INF/xfire/insecurity.properties </prop> <!--解密须使用server的私钥,属性文件必须提供访问密钥库中私钥的相关配置--> <propkey="decryptionPropFile"> META-INF/xfire/insecurity.properties </prop> //指定一个密码回调实现类 <propkey="passwordCallbackClass"> com.test.wsses.PasswordHandler </prop> </props> </property> </bean> </inHandlers> </service> </beans> <!-- END SNIPPET: services --> |
3、PasswordHandler类
package com.test.wsses; import java.io.IOException; import java.util.HashMap; import java.util.Map; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.UnsupportedCallbackException; import org.apache.ws.security.WSPasswordCallback; publicclass PasswordHandlerimplements CallbackHandler { @SuppressWarnings("unchecked") private Map passwords =new HashMap();
@SuppressWarnings("unchecked") public PasswordHandler() { passwords.put("server","serverpass"); passwords.put("client","clientpass"); }
publicvoid handle(Callback[] callbacks)throws IOException, UnsupportedCallbackException { System.out.println("Handling Password!"); WSPasswordCallback pc = (WSPasswordCallback) callbacks[0]; String id = pc.getIdentifer(); System.out.println("id:"+id+" ,password:"+(String)passwords.get(id)); pc.setPassword((String)passwords.get(id)); } } |
2.客户端实现
1、PasswordHandler类
packagecom.test.wsses; importjava.io.IOException; importjava.util.HashMap; import java.util.Map; import javax.security.auth.callback.Callback; importjavax.security.auth.callback.CallbackHandler; importjavax.security.auth.callback.UnsupportedCallbackException; importorg.apache.ws.security.WSPasswordCallback; publicclass PasswordHandlerimplements CallbackHandler { @SuppressWarnings("unchecked") private Map passwords =new HashMap();
@SuppressWarnings("unchecked") public PasswordHandler() { passwords.put("server","serverpass"); passwords.put("client","clientpass"); } publicvoid handle(Callback[] callbacks)throws IOException, UnsupportedCallbackException { System.out.println("Handling Password!"); WSPasswordCallback pc = (WSPasswordCallback) callbacks[0]; String id = pc.getIdentifer(); System.out.println("id:"+id+" ,password:"+(String)passwords.get(id)); pc.setPassword((String)passwords.get(id)); } } |
2、outsecurity.properties文件,位于<工程目录>/src/下。
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin |
将clientStore.jks拷贝到<工程目录>/src目录下。
3、客户端访问类
package com.test.wsses.client; import java.net.MalformedURLException; import org.apache.ws.security.WSConstants; importorg.apache.ws.security.handler.WSHandlerConstants; import org.codehaus.xfire.client.Client; import org.codehaus.xfire.client.XFireProxyFactory; import org.codehaus.xfire.security.wss4j.WSS4JOutHandler; import org.codehaus.xfire.service.Service; import org.codehaus.xfire.service.binding.ObjectServiceFactory; import org.codehaus.xfire.transport.http.CommonsHttpMessageSender; import org.codehaus.xfire.util.dom.DOMOutHandler; import com.test.wsses.PasswordHandler; publicclass SayHelloClient { publicstaticvoid main(String args[]){ String serviceURL ="http://localhost:8080/wsses/services/SayHelloService"; //创建service对象 Service serviceModel =new ObjectServiceFactory().create(SayHelloService.class); XFireProxyFactory serviceFactory =new XFireProxyFactory(); try{ //获取服务对象 SayHelloService service = (SayHelloService) serviceFactory.create(serviceModel, serviceURL);
//忽略http连接的超时时间,0为不设置超时时间,》=1为超时毫秒数 Client client = Client.getInstance(service); client.setProperty(CommonsHttpMessageSender.HTTP_TIMEOUT,"0"); //WS-Security WSS4JOutHandler wsOut =new WSS4JOutHandler(); String actions =WSHandlerConstants.ENCRYPT + " " +WSHandlerConstants.SIGNATURE;//组合动作用空格分隔 wsOut.setProperty(WSHandlerConstants.ACTION, actions); //加密属性设置:使用server数字证书进行加密 wsOut.setProperty(WSHandlerConstants.ENCRYPTION_USER,"server"); wsOut.setProperty(WSHandlerConstants.ENC_PROP_FILE,"outsecurity.properties");
//签名属性设置:使用client私钥进行签名 wsOut.setProperty(WSHandlerConstants.USER,"client"); wsOut.setProperty(WSHandlerConstants.SIG_PROP_FILE,"outsecurity.properties"); wsOut.setProperty(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PASSWORD_DIGEST);
wsOut.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS, PasswordHandler.class.getName()); wsOut.setProperty(WSHandlerConstants.SIG_KEY_ID,"IssuerSerial"); client.addOutHandler(new DOMOutHandler()); client.addOutHandler(wsOut);
//调用服务 String helloMsg = service.sayHello("dabing"); System.out.println(helloMsg); helloMsg = service.sayHello(null); System.out.println(helloMsg); }catch (MalformedURLException e){ e.printStackTrace(); } } } |
运行结果如下:
Handling Password!
id:client ,password:clientpass
dabing,早上好,还没有去工作吗 ?
Handling Password!
id:client ,password:clientpass
你叫什么名字呢?