zoukankan      html  css  js  c++  java
  • CXF 入门:创建一个基于WS-Security标准的安全验证(CXF回调函数使用)(转)

    注意:以下客户端调用代码中获取服务端ws实例,都是通过CXF 入门: 远程接口调用方式实现

    直入正题!

    以下是服务端配置

    ========================================================

    一,web.xml配置,具体不在详述

    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE web-app
        PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
        "http://java.sun.com/dtd/web-app_2_3.dtd">
    <web-app>
    	<context-param>
    		<param-name>contextConfigLocation</param-name>
    		<!--ws-context.xml(必须)是cxf配置文件, wssec.xml可选,作用可以打印出加密信息类容 -->
    		<param-value>WEB-INF/ws-context.xml,WEB-INF/wssec.xml</param-value>
    	</context-param>
    
    	<listener>
    		<listener-class>
    			org.springframework.web.context.ContextLoaderListener
    		</listener-class>
    	</listener>
    
    	<servlet>
    		<servlet-name>CXFServlet</servlet-name>
    		<display-name>CXF Servlet</display-name>
    		<servlet-class>
    			org.apache.cxf.transport.servlet.CXFServlet
    		</servlet-class>
    		<load-on-startup>0</load-on-startup>
    	</servlet>
    
    	<servlet-mapping>
    		<servlet-name>CXFServlet</servlet-name>
    		<url-pattern>/services/*</url-pattern>
    	</servlet-mapping>
    </web-app>

     二,ws具体代码
    简单的接口

    import javax.jws.WebService;
    
    @WebService()
    public interface WebServiceSample {
    	String say(String name);
    
    }
    

    接口具体实现类

    public class WebServiceSampleImpl implements WebServiceSample {
    
    	public String say(String name) {
    		return "你好," + name;
    	}
    }

    三,ws回调函数,必须实现javax.security.auth.callback.CallbackHandler

    从cxf2.4.x后校验又cxf内部实现校验,所以不必自己校验password是否相同,但客户端必须设置,详情请参考:http://cxf.apache.org/docs/24-migration-guide.html的Runtime  Changes片段

    回调函数WsAuthHandler代码,校验客户端请求是否合法 ,合法就放行,否则拒绝执行任何操作

    import java.io.IOException;
    import javax.security.auth.callback.Callback;
    import javax.security.auth.callback.CallbackHandler;
    import javax.security.auth.callback.UnsupportedCallbackException;
    import org.apache.cxf.interceptor.Fault;
    import org.apache.ws.security.WSPasswordCallback;
    import org.apache.xmlbeans.impl.soap.SOAPException;
    
    public class WsAuthHandler implements CallbackHandler {
    
    	public void handle(Callback[] callbacks) throws IOException,
    			UnsupportedCallbackException {
    		for (int i = 0; i < callbacks.length; i++) {
    			WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
    			String identifier = pc.getIdentifier();
    			int usage = pc.getUsage();
    			if (usage == WSPasswordCallback.USERNAME_TOKEN) {// 密钥方式USERNAME_TOKEN
    				// username token pwd...
    				// ▲这里的值必须和客户端设的值相同,从cxf2.4.x后校验方式改为cxf内部实现校验,不必自己比较password是否相同
    				// 请参考:http://cxf.apache.org/docs/24-migration-guide.html的Runtime
    				// Changes片段
    				pc.setPassword("testPassword");// ▲【这里非常重要】▲
    				// ▲PS 如果和客户端不同将抛出org.apache.ws.security.WSSecurityException:
    				// The
    				// security token could not be authenticated or
    				// authorized异常,服务端会认为客户端为非法调用
    			} else if (usage == WSPasswordCallback.SIGNATURE) {// 密钥方式SIGNATURE
    				// set the password for client's keystore.keyPassword
    				// ▲这里的值必须和客户端设的值相同,从cxf2.4.x后校验方式改为cxf内部实现校验,不必自己比较password是否相同;
    				// 请参考:http://cxf.apache.org/docs/24-migration-guide.html的Runtime
    				// Changes片段
    				pc.setPassword("testPassword");// //▲【这里非常重要】▲
    				// ▲PS:如果和客户端不同将抛出org.apache.ws.security.WSSecurityException:The
    				// security token could not be authenticated or
    				// authorized异常,服务端会认为客户端为非法调用
    			}
    			//不用做其他操作
    		}
    	}
    }
    

    四,CXF配置ws-context.xml:

    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws"
    	xsi:schemaLocation="
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
    http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">
    
    	<import resource="classpath:META-INF/cxf/cxf.xml" />
    	<import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
    	<import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
    	<!-- 以上未基本配置,必须,位置在cxf jar中 -->
    	<jaxws:endpoint id="webServiceSample" address="/WebServiceSample"
    		implementor="com.service.impl.WebServiceSampleImpl">
    		<!--inInterceptors表示被外部调用时,调用此拦截器 -->
    		<jaxws:inInterceptors>
    			<bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
    			<bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
    				<constructor-arg>
    					<map>
    						<!-- 设置加密类型 -->
    						<entry key="action" value="UsernameToken" />
    						<!-- 设置密码类型为明文 -->
    						<entry key="passwordType" value="PasswordText" />
    						<!--<entry key="action" value="UsernameToken Timestamp" /> 设置密码类型为加密<entry 
    							key="passwordType" value="PasswordDigest" /> -->
    						<entry key="passwordCallbackClass" value="com.service.handler.WsAuthHandler" />
    					</map>
    				</constructor-arg>
    			</bean>
    		</jaxws:inInterceptors>
    	</jaxws:endpoint>
    </beans>
    

    CXF配置wssec.xml(可选),用于配置输出校验的具体信息

    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:cxf="http://cxf.apache.org/core"
    	xmlns:wsa="http://cxf.apache.org/ws/addressing" xmlns:http="http://cxf.apache.org/transports/http/configuration"
    	xmlns:wsrm-policy="http://schemas.xmlsoap.org/ws/2005/02/rm/policy"
    	xmlns:wsrm-mgr="http://cxf.apache.org/ws/rm/manager"
    	xsi:schemaLocation="
           http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
           http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
           http://schemas.xmlsoap.org/ws/2005/02/rm/policy http://schemas.xmlsoap.org/ws/2005/02/rm/wsrm-policy.xsd
           http://cxf.apache.org/ws/rm/manager http://cxf.apache.org/schemas/configuration/wsrm-manager.xsd
           http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
    	<cxf:bus>
    		<cxf:features>
    			<cxf:logging />
    			<wsa:addressing />
    		</cxf:features>
    	</cxf:bus>
    </beans>

    服务端代码及配置到此结束!!!

    =========================================================

    =========================================================

    以下是客户端配置,主要是回调函数,在客户端调用服务端前被调用,负责安全信息的设置

    ----------------------------------------------------------------------------------------

    一,先实现回调函数WsClinetAuthHandler,同样必须实现javax.security.auth.callback.CallbackHandler

    import java.io.IOException;
    import javax.security.auth.callback.Callback;
    import javax.security.auth.callback.CallbackHandler;
    import javax.security.auth.callback.UnsupportedCallbackException;
    import org.apache.ws.security.WSPasswordCallback;
    
    public class WsClinetAuthHandler implements CallbackHandler {
    
    	public void handle(Callback[] callbacks) throws IOException,
    			UnsupportedCallbackException {
    		for (int i = 0; i < callbacks.length; i++) {
    			WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
    			System.out.println("identifier: " + pc.getIdentifier());
    			// 这里必须设置密码,否则会抛出:java.lang.IllegalArgumentException: pwd == null
    			// but a password is needed
    			pc.setPassword("testPassword");// ▲【这里必须设置密码】▲
    		}
    	}
    }
     

    二,客户端调用代码:

    import java.util.ArrayList;
    import java.util.HashMap;
    import java.util.Map;
    
    import org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor;
    import org.apache.cxf.jaxws.JaxWsProxyFactoryBean;
    import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
    import org.apache.ws.security.WSConstants;
    import org.apache.ws.security.handler.WSHandlerConstants;
    
    import test.saa.client.WebServiceSample;
    import test.saa.handler.WsClinetAuthHandler;
    
    public class TestClient {
    
    	public static void main(String[] args) {
    		// 以下和服务端配置类似,不对,应该说服务端和这里的安全验证配置一致
    		Map<String, Object> outProps = new HashMap<String, Object>();
    		outProps.put(WSHandlerConstants.ACTION,
    				WSHandlerConstants.USERNAME_TOKEN);
    		outProps.put(WSHandlerConstants.USER, "admin");
    		outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
    		// 指定在调用远程ws之前触发的回调函数WsClinetAuthHandler,其实类似于一个拦截器
    		outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
    				WsClinetAuthHandler.class.getName());
    		ArrayList list = new ArrayList();
    		// 添加cxf安全验证拦截器,必须
    		list.add(new SAAJOutInterceptor());
    		list.add(new WSS4JOutInterceptor(outProps));
    
    		JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
    		// WebServiceSample服务端接口实现类,这里并不是直接把服务端的类copy过来,具体请参考http://learning.iteye.com/blog/1333223
    		factory.setServiceClass(WebServiceSample.class);
    		// 设置ws访问地址
    		factory.setAddress("http://localhost:8080/cxf-wssec/services/WebServiceSample");
            //注入拦截器,用于加密安全验证信息
    		factory.getOutInterceptors().addAll(list);
    		WebServiceSample service = (WebServiceSample) factory.create();
    		String response = service.say("2012");
    		System.out.println(response);
    	}
    }

     客户端到此结束!!!!

    ========================================================================

    #######################################################################

    PS:客户端的另一种调用方式,主要通过配置文件,不过需要spring bean的配置文件(第一种就不用牵扯到spring的配置,比较通用吧!)

    一,回调函数WsClinetAuthHandler不变,和上面一样
    二,client-beans.xml安全验证配置文件,具体信息看注释,如下:

    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws"
    	xsi:schemaLocation="
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
    http://cxf.apache.org/jaxws http://cxf.apache.org/schema/jaxws.xsd">
    <!--这里无非是通过配置来替代JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean()创建代理并实例化一个ws-->
    	<bean id="client" class="test.saa.client.WebServiceSample"
    		factory-bean="clientFactory" factory-method="create" />
    	<!-- 通过代理创建ws实例 -->
    	<bean id="clientFactory" class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean">
    		<property name="serviceClass" value="test.saa.client.WebServiceSample" />
    		<!-- ws地址,也可以是完整的wsdl地址 -->
    		<property name="address"
    			value="http://localhost:8080/cxf-wssec/services/WebServiceSample" />
    		<!--outInterceptors表示调用外部指定ws时,调用此拦截器 -->
    		<property name="outInterceptors">
    			<list>
    				<bean class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />
    				<ref bean="wss4jOutConfiguration" />
    			</list>
    		</property>
    	</bean>
    
    	<bean id="wss4jOutConfiguration" class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
    		<property name="properties">
    			<map>
    				<!-- 设置加密类型 ,服务端需要和这里的设置保持一致-->
    				<entry key="action" value="UsernameToken" />
    				<entry key="user" value="admin" />
    				<!-- 设置密码为明文 ,服务端需要和这里的设置保持一致-->
    				<entry key="passwordType" value="PasswordText" />
    				<!-- <entry key="action" value="UsernameToken Timestamp" /> <entry key="user" 
    					value="adminTest" /> 设置密码类型为加密方式,服务端需要和这里的设置保持一致<entry key="passwordType" value="PasswordDigest" 
    					/> -->
    				<entry key="passwordCallbackRef">
    					<ref bean="passwordCallback" />
    				</entry>
    			</map>
    		</property>
    	</bean>
    	<bean id="passwordCallback" class="test.saa.handler.WsClinetAuthHandler" />
    </beans>

     
    三,具体调用服务端代码:

    import org.springframework.context.ApplicationContext;
    import org.springframework.context.support.ClassPathXmlApplicationContext;
    
    import test.saa.client.WebServiceSample;
    
    public final class Client {
    
    	public static void main(String args[]) throws Exception {
    	//加载配置
    		ApplicationContext context = new ClassPathXmlApplicationContext(
    				new String[] { "test/saa/client-beans.xml" });
            //获取ws实例
    		WebServiceSample client = (WebServiceSample) context.getBean("client");
    		String response = client.say("2012");
    		System.out.println("Response: " + response);
    	}
    }

     
    到此客户端第二种实现方式结束
    GOOD LUCKY!!!
    如有不明,请指教!!!

    来源:http://www.blogjava.net/zljpp/archive/2012/04/15/374371.html

  • 相关阅读:
    简析Java RMI 与 .NET Remoting
    实现一个压缩Remoting传输数据的Sink:CompressionSink (转载)
    智能部署与更新
    第二章:.NET Remoting基础知识
    创建以Microsoft .NET Remoting为基础的分布式应用架构
    vs2005如何防止代码被反编译
    使用.NET Remoting开发分布式应用——配置文件篇(转载)
    Remoting概述
    高级 .NET Remoting
    第一章:Remoting技术简介
  • 原文地址:https://www.cnblogs.com/edison2012/p/6292154.html
Copyright © 2011-2022 走看看