CXF safety certification

CXF's webService has been created is good, but there is no security at all, after all, this is the Internet service ah.
CXF to a very comprehensive security framework, but given ws_security DEMO CXF too complicated, it is password jks X509 Timestamp. I tried many times without success. To simplify, only the realization of a user password better. The following start writing cxf.xml place in the original bean declaration click on it

Java code

<bean>

<constructor-arg>

<map>

<entry key="action" value="UsernameToken" />

<entry key="passwordType" value="PasswordText" />

<Entry key = "passwordCallbackClass"

value = "com.xxxx.Service.ServerPasswordCallback" />

</ Map>

</ Constructor-arg>

</ Bean>

<Jaxws: endpoint implementor = "# chartScreenService"

address = "/ ChartScreenService">

<jaxws:inInterceptors>

<bean />

<ref bean="WSS4JInInterceptor" />

</ Jaxws: inInterceptors>

</ Jaxws: endpoint>

<bean>

<constructor-arg>

<map>

<entry key="action" value="UsernameToken" />

<entry key="passwordType" value="PasswordText" />

<Entry key = "passwordCallbackClass"

value = "com.mms.webservice.test.ServerPasswordCallback" />

</ Map>

</ Constructor-arg>

</ Bean>

<Jaxws: endpoint

implementor = "com.mms.webservice.HelloWorldImpl"

address = "/ HelloWorld">

<jaxws:inInterceptors>

<! -

<Bean

class = "org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />

<Bean

class = "org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">

<constructor-arg>

<map>

<entry key="action" value="UsernameToken" />

<entry key="passwordType" value="PasswordText" />

<Entry key = "passwordCallbackClass"

value = "com.mms.webservice.test.ServerPasswordCallback" />

</ Map>

</ Constructor-arg>

</ Bean>

->

<ref bean="WSS4JInInterceptor" />

</ Jaxws: inInterceptors>

</ Jaxws: endpoint>

WSS4JInInterceptor stuff that we want to define a. CXf has helped you written. Set properties on it. Which attribute values Tingzhi, CXF documentation is too simple, opensource ills! Property values on the search API it.
The following code to write server-side callback function to verify logic defined here.

Java code

public class ServerPasswordCallback implements CallbackHandler (

private Map <String, String> passwords = new HashMap <String, String> ();

public ServerPasswordCallback () (

passwords.put ("admin", "admin");

passwords.put ("test", "test");

)

@ Override

public void handle (Callback [] callbacks) throws IOException,

UnsupportedCallbackException (

for (int i = 0; i <callbacks.length; i + +) (

WSPasswordCallback pc = (WSPasswordCallback) callbacks [i];

if (! passwords.containsKey (pc.getIdentifier ()))

throw new WSSecurityException ("user not match");

String pass = passwords.get (pc.getIdentifier ());

String pwd = pc.getPassword ();

if (pwd == null | |! pwd.equals (pass)) (

throw new WSSecurityException ("password not match");

)

)

)

) This server-side validation on all ok. The next time you call the original caller will be reported ws_security error.

Client verification procedures given below is actually a soapheader add the appropriate content. Also need to use inInterceptors

Java code

public class ClientPasswordCallback implements CallbackHandler (

private Map <String, String> passwords =

new HashMap <String, String> ();

public ClientPasswordCallback () (

passwords.put ("admin", "admin");

passwords.put ("test", "test");

)

@ Override

public void handle (Callback [] callbacks) throws IOException,

UnsupportedCallbackException (

for (int i = 0; i <callbacks.length; i + +) (

WSPasswordCallback pc = (WSPasswordCallback) callbacks [i];

int usage = pc.getUsage ();

if (! passwords.containsKey (pc.getIdentifier ()))

throw new WSSecurityException ("user not exists");

String pass = passwords.get (pc.getIdentifier ());

if (usage == WSPasswordCallback.USERNAME_TOKEN & & pass! = null) (

pc.setPassword (pass);

return;

)

)

)

)

JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean ();

Map <String, Object> outProps = new HashMap <String, Object> ();

outProps.put (WSHandlerConstants.ACTION,

WSHandlerConstants.USERNAME_TOKEN);

outProps.put (WSHandlerConstants.USER, "admin");

outProps.put (WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);

outProps.put (WSHandlerConstants.PW_CALLBACK_CLASS,

ClientPasswordCallback.class.getName ());

WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor (outProps);

factory.getOutInterceptors (). add (wssOut);

factory.getOutInterceptors (). add (new SAAJOutInterceptor ());

factory.setServiceClass (IChartScreenService.class);

factory.setAddress ("http://localhost:8080/ECFlight/service/ChartScreenService");

IChartScreenService service = (IChartScreenService) factory.create ();

Spring configuration can be applied:

<! - Wssecurity ->
<bean />
<bean>
<constructor-arg>
<map>
<entry key="action" value="UsernameToken" />
<entry key="passwordType" value="PasswordText" />
<entry key="user" value="admin" />
<entry key="passwordCallbackRef">
<ref bean="clientPasswordCallback" />
</ Entry>
</ Map>
</ Constructor-arg>
</ Bean>
<Jaxws: client serviceClass = "com.evermore.moa.service.Test"
address = "http://localhost:8080/cxfTestServer/service/testService">
<jaxws:outInterceptors>

<bean />

<ref bean="wsOutInterceptor"/>
</ Jaxws: outInterceptors>
</ Jaxws: client>

Problem: Exception in thread "main" java.lang.NoClassDefFoundError: org / apache / xml / security / Init

Plus: xmlsec-1.4.3.jar package

For WS-Security support:

- Bcprov-jdk15.jar

- Xalan.jar

- Serializer.jar

- Wss4j.jar

- Xmlsec.jar

This article comes from CSDN blog, reproduced, please indicate the source: http://blog.csdn.net/pengchua/archive/2009/12/26/5081164.aspx
  • del.icio.us
  • StumbleUpon
  • Digg
  • TwitThis
  • Mixx
  • Technorati
  • Facebook
  • NewsVine
  • Reddit
  • Google
  • LinkedIn
  • YahooMyWeb

Related Posts of CXF safety certification

  • Use Ext JS to read the JsonReader complex object json

    Today was how to resolve the following complex json object to the difficult living over a long time .. did not find documentation how to read JsonReader Ways json object (possibly also because of their limited level of E the text did not correctly underst

  • Hibernate Inteceptor

    The end of the project stage, the client suddenly put forward a very troublesome but normal demand, the system records all changes must be carried out. Formats such as: 2004.1.1 12:30 Ikuya wind orders Sales Order Date 2004.1.2-> 2004.1.3 The firs ...

  • Dynamic loading JS script four kinds of methods

    To achieve dynamic loading JS script has four kinds of methods: 1, direct document.write <script language="javascript"> document.write ( "<script src='test.js'> <\ / script>"); </ script> 2, dynamic scri

  • FLEX: integrating Spring + Hibernate

    Before a friend also wanted to study development of FLEX. Asked me to help him to be a small sample. Spent a weekend time, to integrate a sampleproject. Client: FLEX Server: Spring2.5 + Hibernate3.2 + Hibernate-annotations3.3.1 + MySQL5 FDS: BlazeDS3 IDE:

  • spring + hibernate + oracle9i to read and write CLOB

    Database-driven update classes12-9i.jar Hibernate modify the configuration of the following code <bean/> <bean Lazy-init="true"> <property name="nativeJdbcExtractor"> <ref local="nativejdbcExtractor"/>

  • Process migration from tomcat to websphere changes

    Process migration from tomcat to websphere changes Because customers use the web application server software used by different what tomcat5, tomcat6, websphere5.1, websphere6.1, weblogic8, and so on, and the software used inconsistent standards, ibm's

  • Spring2.0 + hibernate3.1 + log4j + mysql demo

    applicationContext.xml Non-attachment jar package, necessary friends can send an email to todd.liangt @ gmail.com

  • Struts2 + hibernate + spring problem user log in

    dao layer services layer action jsp <tr> <td align="center"> <b> user name: </ b> </ td> <td> <s: textfield name = "czyNumber" cssClass = "textstyle" theme = "simple" size = &q

  • The level Hibernate cache

    Hibernate cache level: (1) a cache is very short and the session life cycle consistent, also known as session-level cache-level cache or transaction-level cache (2) Ways of Supporting level cache: get (); load (); iterator (); only entity object cach ...

blog comments powered by Disqus
Recent
Recent Entries
Tag Cloud
Random Entries