CXF 入門:創建一個基於WS-Security標準的安全驗證(CXF回調函數使用)
阿新 • • 發佈:2017-08-22
urn star cti say struct stc lba features ear 二,ws具體代碼
一,回調函數WsClinetAuthHandler不變,和上面一樣
註意:以下客戶端調用代碼中獲取服務端ws實例,都是通過CXF 入門: 遠程接口調用方式實現
以下是服務端配置
========================================================
一,web.xml配置,具體不在詳述
- <?xml version="1.0" encoding="UTF-8"?>
- <!DOCTYPE web-app
- PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
- "http://java.sun.com/dtd/web-app_2_3.dtd">
- <web-app>
- <context-param>
- <param-name>contextConfigLocation</param-name>
- <!--ws-context.xml(必須)是cxf配置文件, wssec.xml可選,作用可以打印出加密信息類容 -->
- <param-value>WEB-INF/ws-context.xml,WEB-INF/wssec.xml</param-value>
- </context-param>
- <listener>
- <listener-class>
- org.springframework.web.context.ContextLoaderListener
- </listener-class>
- </listener>
- <servlet>
- <servlet-name>CXFServlet</servlet-name>
- <display-name>CXF Servlet</display-name>
- <servlet-class>
- org.apache.cxf.transport.servlet.CXFServlet
- </servlet-class>
- <load-on-startup>0</load-on-startup>
- </servlet>
- <servlet-mapping>
- <servlet-name>CXFServlet</servlet-name>
- <url-pattern>/services/*</url-pattern>
- </servlet-mapping>
- </web-app>
二,ws具體代碼
簡單的接口
- import javax.jws.WebService;
- @WebService()
- public interface WebServiceSample {
- String say(String name);
- }
接口具體實現類
- public class WebServiceSampleImpl implements WebServiceSample {
- public String say(String name) {
- return "你好," + name;
- }
- }
三,ws回調函數,必須實現javax.security.auth.callback.CallbackHandler
從cxf2.4.x後校驗又cxf內部實現校驗,所以不必自己校驗password是否相同,但客戶端必須設置,詳情請參考:http://cxf.apache.org/docs/24-migration-guide.html的Runtime Changes片段
回調函數WsAuthHandler代碼,校驗客戶端請求是否合法 ,合法就放行,否則拒絕執行任何操作
- import java.io.IOException;
- import javax.security.auth.callback.Callback;
- import javax.security.auth.callback.CallbackHandler;
- import javax.security.auth.callback.UnsupportedCallbackException;
- import org.apache.cxf.interceptor.Fault;
- import org.apache.ws.security.WSPasswordCallback;
- import org.apache.xmlbeans.impl.soap.SOAPException;
- public class WsAuthHandler implements CallbackHandler {
- public void handle(Callback[] callbacks) throws IOException,
- UnsupportedCallbackException {
- for (int i = 0; i < callbacks.length; i++) {
- WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
- String identifier = pc.getIdentifier();
- int usage = pc.getUsage();
- if (usage == WSPasswordCallback.USERNAME_TOKEN) {// 密鑰方式USERNAME_TOKEN
- // username token pwd...
- // ▲這裏的值必須和客戶端設的值相同,從cxf2.4.x後校驗方式改為cxf內部實現校驗,不必自己比較password是否相同
- // 請參考:http://cxf.apache.org/docs/24-migration-guide.html的Runtime
- // Changes片段
- pc.setPassword("testPassword");// ▲【這裏非常重要】▲
- // ▲PS 如果和客戶端不同將拋出org.apache.ws.security.WSSecurityException:
- // The
- // security token could not be authenticated or
- // authorized異常,服務端會認為客戶端為非法調用
- } else if (usage == WSPasswordCallback.SIGNATURE) {// 密鑰方式SIGNATURE
- // set the password for client‘s keystore.keyPassword
- // ▲這裏的值必須和客戶端設的值相同,從cxf2.4.x後校驗方式改為cxf內部實現校驗,不必自己比較password是否相同;
- // 請參考:http://cxf.apache.org/docs/24-migration-guide.html的Runtime
- // Changes片段
- pc.setPassword("testPassword");// //▲【這裏非常重要】▲
- // ▲PS:如果和客戶端不同將拋出org.apache.ws.security.WSSecurityException:The
- // security token could not be authenticated or
- // authorized異常,服務端會認為客戶端為非法調用
- }
- //不用做其他操作
- }
- }
- }
四,CXF配置ws-context.xml:
- <?xml version="1.0" encoding="UTF-8"?>
- <beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws"
- xsi:schemaLocation="
- http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">
- <import resource="classpath:META-INF/cxf/cxf.xml" />
- <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
- <import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
- <!-- 以上未基本配置,必須,位置在cxf jar中 -->
- <jaxws:endpoint id="webServiceSample" address="/WebServiceSample"
- implementor="com.service.impl.WebServiceSampleImpl">
- <!--inInterceptors表示被外部調用時,調用此攔截器 -->
- <jaxws:inInterceptors>
- <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
- <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
- <constructor-arg>
- <map>
- <!-- 設置加密類型 -->
- <entry key="action" value="UsernameToken" />
- <!-- 設置密碼類型為明文 -->
- <entry key="passwordType" value="PasswordText" />
- <!--<entry key="action" value="UsernameToken Timestamp" /> 設置密碼類型為加密<entry
- key="passwordType" value="PasswordDigest" /> -->
- <entry key="passwordCallbackClass" value="com.service.handler.WsAuthHandler" />
- </map>
- </constructor-arg>
- </bean>
- </jaxws:inInterceptors>
- </jaxws:endpoint>
- </beans>
CXF配置wssec.xml(可選),用於配置輸出校驗的具體信息
- <?xml version="1.0" encoding="UTF-8"?>
- <beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:cxf="http://cxf.apache.org/core"
- xmlns:wsa="http://cxf.apache.org/ws/addressing" xmlns:http="http://cxf.apache.org/transports/http/configuration"
- xmlns:wsrm-policy="http://schemas.xmlsoap.org/ws/2005/02/rm/policy"
- xmlns:wsrm-mgr="http://cxf.apache.org/ws/rm/manager"
- xsi:schemaLocation="
- http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
- http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
- http://schemas.xmlsoap.org/ws/2005/02/rm/policy http://schemas.xmlsoap.org/ws/2005/02/rm/wsrm-policy.xsd
- http://cxf.apache.org/ws/rm/manager http://cxf.apache.org/schemas/configuration/wsrm-manager.xsd
- http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
- <cxf:bus>
- <cxf:features>
- <cxf:logging />
- <wsa:addressing />
- </cxf:features>
- </cxf:bus>
- </beans>
服務端代碼及配置到此結束!!!
=========================================================
=========================================================
以下是客戶端配置,主要是回調函數,在客戶端調用服務端前被調用,負責安全信息的設置
----------------------------------------------------------------------------------------
一,先實現回調函數WsClinetAuthHandler,同樣必須實現javax.security.auth.callback.CallbackHandler
- import java.io.IOException;
- import javax.security.auth.callback.Callback;
- import javax.security.auth.callback.CallbackHandler;
- import javax.security.auth.callback.UnsupportedCallbackException;
- import org.apache.ws.security.WSPasswordCallback;
- public class WsClinetAuthHandler implements CallbackHandler {
- public void handle(Callback[] callbacks) throws IOException,
- UnsupportedCallbackException {
- for (int i = 0; i < callbacks.length; i++) {
- WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
- System.out.println("identifier: " + pc.getIdentifier());
- // 這裏必須設置密碼,否則會拋出:java.lang.IllegalArgumentException: pwd == null
- // but a password is needed
- pc.setPassword("testPassword");// ▲【這裏必須設置密碼】▲
- }
- }
- }
二,客戶端調用代碼:
- import java.util.ArrayList;
- import java.util.HashMap;
- import java.util.Map;
- import org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor;
- import org.apache.cxf.jaxws.JaxWsProxyFactoryBean;
- import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
- import org.apache.ws.security.WSConstants;
- import org.apache.ws.security.handler.WSHandlerConstants;
- import test.saa.client.WebServiceSample;
- import test.saa.handler.WsClinetAuthHandler;
- public class TestClient {
- public static void main(String[] args) {
- // 以下和服務端配置類似,不對,應該說服務端和這裏的安全驗證配置一致
- Map<String, Object> outProps = new HashMap<String, Object>();
- outProps.put(WSHandlerConstants.ACTION,
- WSHandlerConstants.USERNAME_TOKEN);
- outProps.put(WSHandlerConstants.USER, "admin");
- outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
- // 指定在調用遠程ws之前觸發的回調函數WsClinetAuthHandler,其實類似於一個攔截器
- outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
- WsClinetAuthHandler.class.getName());
- ArrayList list = new ArrayList();
- // 添加cxf安全驗證攔截器,必須
- list.add(new SAAJOutInterceptor());
- list.add(new WSS4JOutInterceptor(outProps));
- JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
- // WebServiceSample服務端接口實現類,這裏並不是直接把服務端的類copy過來,具體請參考http://learning.iteye.com/blog/1333223
- factory.setServiceClass(WebServiceSample.class);
- // 設置ws訪問地址
- factory.setAddress("http://localhost:8080/cxf-wssec/services/WebServiceSample");
- //註入攔截器,用於加密安全驗證信息
- factory.getOutInterceptors().addAll(list);
- WebServiceSample service = (WebServiceSample) factory.create();
- String response = service.say("2012");
- System.out.println(response);
- }
- }
客戶端到此結束!!!!
========================================================================
#######################################################################
PS:客戶端的另一種調用方式,主要通過配置文件,不過需要spring bean的配置文件(第一種就不用牽扯到spring的配置,比較通用吧!)
一,回調函數WsClinetAuthHandler不變,和上面一樣
二,client-beans.xml安全驗證配置文件,具體信息看註釋,如下:
- <?xml version="1.0" encoding="UTF-8"?>
- <beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws"
- xsi:schemaLocation="
- http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
- http://cxf.apache.org/jaxws http://cxf.apache.org/schema/jaxws.xsd">
- <!--這裏無非是通過配置來替代JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean()創建代理並實例化一個ws-->
- <bean id="client" class="test.saa.client.WebServiceSample"
- factory-bean="clientFactory" factory-method="create" />
- <!-- 通過代理創建ws實例 -->
- <bean id="clientFactory" class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean">
- <property name="serviceClass" value="test.saa.client.WebServiceSample" />
- <!-- ws地址,也可以是完整的wsdl地址 -->
- <property name="address"
- value="http://localhost:8080/cxf-wssec/services/WebServiceSample" />
- <!--outInterceptors表示調用外部指定ws時,調用此攔截器 -->
- <property name="outInterceptors">
- <list>
- <bean class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />
- <ref bean="wss4jOutConfiguration" />
- </list>
- </property>
- </bean>
- <bean id="wss4jOutConfiguration" class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
- <property name="properties">
- <map>
- <!-- 設置加密類型 ,服務端需要和這裏的設置保持一致-->
- <entry key="action" value="UsernameToken" />
- <entry key="user" value="admin" />
- <!-- 設置密碼為明文 ,服務端需要和這裏的設置保持一致-->
- <entry key="passwordType" value="PasswordText" />
- <!-- <entry key="action" value="UsernameToken Timestamp" /> <entry key="user"
- value="adminTest" /> 設置密碼類型為加密方式,服務端需要和這裏的設置保持一致<entry key="passwordType" value="PasswordDigest"
- /> -->
- <entry key="passwordCallbackRef">
- <ref bean="passwordCallback" />
- </entry>
- </map>
- </property>
- </bean>
- <bean id="passwordCallback" class="test.saa.handler.WsClinetAuthHandler" />
- </beans>
三,具體調用服務端代碼:
- import org.springframework.context.ApplicationContext;
- import org.springframework.context.support.ClassPathXmlApplicationContext;
- import test.saa.client.WebServiceSample;
- public final class Client {
- public static void main(String args[]) throws Exception {
- //加載配置
- ApplicationContext context = new ClassPathXmlApplicationContext(
- new String[] { "test/saa/client-beans.xml" });
- //獲取ws實例
- WebServiceSample client = (WebServiceSample) context.getBean("client");
- String response = client.say("2012");
- System.out.println("Response: " + response);
- }
- }
CXF 入門:創建一個基於WS-Security標準的安全驗證(CXF回調函數使用)