CXF safety certification

CXF's webService has been created is good, but there is no security at all, after all, this is the Internet service ah.
CXF to a very comprehensive security framework, but given ws_security DEMO CXF too complicated, it is password jks X509 Timestamp. I tried many times without success. To simplify, only the realization of a user password better. The following start writing cxf.xml place in the original bean declaration click on it

Java code

<bean>

<constructor-arg>

<map>

<entry key="action" value="UsernameToken" />

<entry key="passwordType" value="PasswordText" />

<Entry key = "passwordCallbackClass"

value = "com.xxxx.Service.ServerPasswordCallback" />

</ Map>

</ Constructor-arg>

</ Bean>

<Jaxws: endpoint implementor = "# chartScreenService"

address = "/ ChartScreenService">

<jaxws:inInterceptors>

<bean />

<ref bean="WSS4JInInterceptor" />

</ Jaxws: inInterceptors>

</ Jaxws: endpoint>

<bean>

<constructor-arg>

<map>

<entry key="action" value="UsernameToken" />

<entry key="passwordType" value="PasswordText" />

<Entry key = "passwordCallbackClass"

value = "com.mms.webservice.test.ServerPasswordCallback" />

</ Map>

</ Constructor-arg>

</ Bean>

<Jaxws: endpoint

implementor = "com.mms.webservice.HelloWorldImpl"

address = "/ HelloWorld">

<jaxws:inInterceptors>

<! -

<Bean

class = "org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />

<Bean

class = "org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">

<constructor-arg>

<map>

<entry key="action" value="UsernameToken" />

<entry key="passwordType" value="PasswordText" />

<Entry key = "passwordCallbackClass"

value = "com.mms.webservice.test.ServerPasswordCallback" />

</ Map>

</ Constructor-arg>

</ Bean>

->

<ref bean="WSS4JInInterceptor" />

</ Jaxws: inInterceptors>

</ Jaxws: endpoint>

WSS4JInInterceptor stuff that we want to define a. CXf has helped you written. Set properties on it. Which attribute values Tingzhi, CXF documentation is too simple, opensource ills! Property values on the search API it.
The following code to write server-side callback function to verify logic defined here.

Java code

public class ServerPasswordCallback implements CallbackHandler (

private Map <String, String> passwords = new HashMap <String, String> ();

public ServerPasswordCallback () (

passwords.put ("admin", "admin");

passwords.put ("test", "test");

)

@ Override

public void handle (Callback [] callbacks) throws IOException,

UnsupportedCallbackException (

for (int i = 0; i <callbacks.length; i + +) (

WSPasswordCallback pc = (WSPasswordCallback) callbacks [i];

if (! passwords.containsKey (pc.getIdentifier ()))

throw new WSSecurityException ("user not match");

String pass = passwords.get (pc.getIdentifier ());

String pwd = pc.getPassword ();

if (pwd == null | |! pwd.equals (pass)) (

throw new WSSecurityException ("password not match");

)

)

)

) This server-side validation on all ok. The next time you call the original caller will be reported ws_security error.

Client verification procedures given below is actually a soapheader add the appropriate content. Also need to use inInterceptors

Java code

public class ClientPasswordCallback implements CallbackHandler (

private Map <String, String> passwords =

new HashMap <String, String> ();

public ClientPasswordCallback () (

passwords.put ("admin", "admin");

passwords.put ("test", "test");

)

@ Override

public void handle (Callback [] callbacks) throws IOException,

UnsupportedCallbackException (

for (int i = 0; i <callbacks.length; i + +) (

WSPasswordCallback pc = (WSPasswordCallback) callbacks [i];

int usage = pc.getUsage ();

if (! passwords.containsKey (pc.getIdentifier ()))

throw new WSSecurityException ("user not exists");

String pass = passwords.get (pc.getIdentifier ());

if (usage == WSPasswordCallback.USERNAME_TOKEN & & pass! = null) (

pc.setPassword (pass);

return;

)

)

)

)

JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean ();

Map <String, Object> outProps = new HashMap <String, Object> ();

outProps.put (WSHandlerConstants.ACTION,

WSHandlerConstants.USERNAME_TOKEN);

outProps.put (WSHandlerConstants.USER, "admin");

outProps.put (WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);

outProps.put (WSHandlerConstants.PW_CALLBACK_CLASS,

ClientPasswordCallback.class.getName ());

WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor (outProps);

factory.getOutInterceptors (). add (wssOut);

factory.getOutInterceptors (). add (new SAAJOutInterceptor ());

factory.setServiceClass (IChartScreenService.class);

factory.setAddress ("http://localhost:8080/ECFlight/service/ChartScreenService");

IChartScreenService service = (IChartScreenService) factory.create ();

Spring configuration can be applied:

<! - Wssecurity ->
<bean />
<bean>
<constructor-arg>
<map>
<entry key="action" value="UsernameToken" />
<entry key="passwordType" value="PasswordText" />
<entry key="user" value="admin" />
<entry key="passwordCallbackRef">
<ref bean="clientPasswordCallback" />
</ Entry>
</ Map>
</ Constructor-arg>
</ Bean>
<Jaxws: client serviceClass = "com.evermore.moa.service.Test"
address = "http://localhost:8080/cxfTestServer/service/testService">
<jaxws:outInterceptors>

<bean />

<ref bean="wsOutInterceptor"/>
</ Jaxws: outInterceptors>
</ Jaxws: client>

Problem: Exception in thread "main" java.lang.NoClassDefFoundError: org / apache / xml / security / Init

Plus: xmlsec-1.4.3.jar package

For WS-Security support:

- Bcprov-jdk15.jar

- Xalan.jar

- Serializer.jar

- Wss4j.jar

- Xmlsec.jar

This article comes from CSDN blog, reproduced, please indicate the source: http://blog.csdn.net/pengchua/archive/2009/12/26/5081164.aspx

分类:Java 时间:2010-05-26 人气:213
分享到:
blog comments powered by Disqus

相关文章

  • How to use the js code or Java code jsp tag 2011-05-05

    JSP tag is still very convenient, such as Struts, Spring and other JSP tags provided to us, you can use them to get some variable or calculation. For example struts2 of <s:url value="/admin/unmi.action"/> automatically for us in front of t

  • java code for the page 2010-02-09

    Recent studies have crawled pages, and discovered to obtain the page's encoding format, Java implementations is not ready, although there are a csdn Daren wrote an article, with code, unfortunately, I did not find the relevant package, a last resort,

  • Java language coding standards (Java Code Conventions 2009-01-05

    At the beginning of Notes ") http://www.huihoo.org/code/java_code_conventions.html - Package and the introduction of statements (see "package and the introduction of statements") - Class and interface declarations (see "classes and int

  • Java code to build a pool of threads 2010-04-25

    In modern operating systems, there is a very important concept - the thread, almost all currently popular operating systems support threads, thread the concept of the process from the operating system, the process has its own virtual address space an

  • Java code optimization, strategies and methods 2010-05-04

    Java code optimization, strategies and methods - Summary 1. How to Use Exception Exception decrease performance. An exception thrown first need to create a new object. Throwable interface, the constructor call, called fillInStackTrace () local method

  • Typical Java code for the thread pool and various parts of Features 2010-05-08

    (1) According to the xml file to manage the thread pool's maximum and minimum number of threads (2) Timer on a regular basis by scanning the thread pool to prevent the thread is not active; (3) by a single variable (in this procedure is freeThreadCou

  • jsp page using java code 2010-05-28

    Previously, I do not like jsp pages directly to use java code block, mosaic java code, but after work, use this situation, I changed the mind, in fact, it has the convenience of his office ah! <%@ page language="java" import="java.util.*

  • Ketama Hash Algorithm consistency study (including Java code) 2010-06-04

    Consistent hashing algorithm (Consistent Hashing Algorithm) is a distributed algorithm, commonly used in load balancing. Memcached client also choose this method, to solve the key-value evenly distributed to a number of Memcached server problems. It

  • java code Note 2010-06-03: StringTokenizer and the use of HashMap instance 2010-06-07

    -------- StringTokenizer and the use of HashMap instance ------------ import java.util.HashMap; import java.util.Iterator; import java.util.Map; import java.util.Set; import java.util.StringTokenizer; public class jay_x_stringtokenizer_map ( void sta

  • java code review checklist 2010-06-30

    java code review checklist Source: 21tx.com Importance of the activation level of inspection items naming a total of 20 named important whether the norms adopted in line? Whether the minimum length of 20 followed the principle of maximum information?

iOS 开发

Android 开发

Python 开发

JAVA 开发

开发语言

PHP 开发

Ruby 开发

搜索

前端开发

数据库

开发工具

开放平台

Javascript 开发

.NET 开发

云计算

服务器

Copyright (C) codeweblog.com, All Rights Reserved.

CodeWeblog.com 版权所有 黔ICP备15002463号-1

processed in 0.389 (s). 12 q(s)