CXF uses WS-Security X509 certificate for authentication

First, the related concepts <br /> mentioned x509, to have to mention a few related concepts.
1, Private key
2, Public key
3, KeyStore
4, TrustStore
Private key and Public key is very simple, literal meaning can be understood, is often said that the private key and public key.
KeyStore and TrustStore simply means that the private key and the key storage container. From the above two are the same storage structure, but its concept to be a distinction between, KeyStore is mainly used to store the private key (and possibly Chain), TrustStore is used to store the public key.
More details can be seen another article: http://lukejin.javaeye.com/blog/605634
In CXF, the use of encryption as a way of signing security policy, configuration, and some trouble.
First look at a map:
CXF uses WS-Security X509 certificate for authentication

Simple explanation
1, the client sends to the server first soap A (client) need to use your private key to sign, the use of B (server) public key encryption, and then soap pass B, B with a private key to decrypt A public key used to sign test.
2, the server returns data to the client B first to sign with their private key, encrypted with A's public key, and then soap back to A, A with the private key to decrypt, using B's public key stamped .
As long to figure out this process, then use the CXF becomes relatively easy.

Second, the build environment

Here we can build the environment of the first with CXF maven to create a simple java project, you can create a good package com.tongtech.ti.cxf.demo.security
Then the pom files covering the following pom file in your project pom file.

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
        <modelVersion>4.0.0</modelVersion>
        <groupId>ti-cxf</groupId>
        <artifactId>ti-cxf-security</artifactId>
        <version>0.0.1-SNAPSHOT</version>
        <packaging>jar</packaging>
        <name>Tongtech Demo for CXF Security with wss4j</name>
        <properties>
                <cxf.version>2.4.0-SNAPSHOT</cxf.version>
        </properties>
        <dependencies>
                <dependency>
                        <groupId>org.apache.cxf</groupId>
                        <artifactId>cxf-rt-frontend-jaxws</artifactId>
                        <version>${cxf.version}</version>
                </dependency>
                <dependency>
                        <groupId>org.apache.cxf</groupId>
                        <artifactId>cxf-rt-transports-http</artifactId>
                        <version>${cxf.version}</version>
                </dependency>
                <dependency>
                        <groupId>org.apache.cxf</groupId>
                        <artifactId>cxf-rt-ws-security</artifactId>
                        <version>${cxf.version}</version>
                </dependency>
                <dependency>
                        <groupId>org.apache.cxf</groupId>
                        <artifactId>cxf-rt-transports-http-jetty</artifactId>
                        <version>${cxf.version}</version>
                </dependency>
        </dependencies>

        <build>
                <plugins>
                        <plugin>
                                <groupId>org.apache.maven.plugins</groupId>
                                <artifactId>maven-compiler-plugin</artifactId>
                                <configuration>
                                        <source>1.6</source>
                                        <target>1.6</target>
                                </configuration>
                        </plugin>
                        <plugin>
                                <groupId>org.apache.cxf</groupId>
                                <artifactId>cxf-codegen-plugin</artifactId>
                                <version>${cxf.version}</version>
                                <executions>
                                        <execution>
                                                <id>generate-sources-static</id>
                                                <phase>generate-sources</phase>
                                                <configuration>
                                                        <sourceRoot>${basedir}/target/generate</sourceRoot>
                                                        <wsdlOptions>
                                                                <wsdlOption>
                                                                        <wsdl>${basedir}/src/main/java/com/tongtech/ti/cxf/demo/security/security.wsdl</wsdl>
                                                                        <extraargs>
                                                                                <extraarg>-db</extraarg>
                                                                                <extraarg>jaxb</extraarg>
                                                                                <extraarg>-p</extraarg>
                                                                                <extraarg>com.tongtech.ti.cxf.demo.security.service</extraarg>
                                                                                <extraarg>-all</extraarg>
                                                                        </extraargs>
                                                                </wsdlOption>
                                                        </wsdlOptions>
                                                </configuration>
                                                <goals>
                                                        <goal>wsdl2java</goal>
                                                </goals>
                                        </execution>
                                </executions>
                        </plugin>
                </plugins>
        </build>

</project>

Then in the WSDL:
Security.wsdl

<?xml version="1.0" encoding="UTF-8"?>
<wsdl:definitions name="security"
        targetNamespace="http://demo.ti.tongtech.com/security/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
        xmlns:tns="http://demo.ti.tongtech.com/security/" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
        xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/">
        <wsdl:types>
                <xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                        targetNamespace="http://demo.ti.tongtech.com/security/">
                        <xsd:element name="input">
                                <xsd:complexType>
                                        <xsd:sequence>
                                                <xsd:element name="in" type="xsd:string"></xsd:element>
                                        </xsd:sequence>
                                </xsd:complexType>
                        </xsd:element>
                        <xsd:element name="inputResponse">
                                <xsd:complexType>
                                        <xsd:sequence>
                                                <xsd:element name="out" type="xsd:string"></xsd:element>
                                        </xsd:sequence>
                                </xsd:complexType>
                        </xsd:element>
                </xsd:schema>
        </wsdl:types>
        <wsdl:message name="inputRequest">
                <wsdl:part name="parameters" element="tns:input"></wsdl:part>
        </wsdl:message>
        <wsdl:message name="inputResponse">
                <wsdl:part name="parameters" element="tns:inputResponse"></wsdl:part>
        </wsdl:message>
        <wsdl:portType name="ISecuriyDemo">
                <wsdl:operation name="input">
                        <wsdl:input message="tns:inputRequest"></wsdl:input>
                        <wsdl:output message="tns:inputResponse"></wsdl:output>
                </wsdl:operation>
        </wsdl:portType>
        <wsdl:binding name="ISecurityBinding" type="tns:ISecuriyDemo">
                <soap:binding
                        transport="http://schemas.xmlsoap.org/soap/http" />
                <wsdl:operation name="input">
                        <soap:operation soapAction="http://demo.ti.tongtech.com/security/input" />
                        <wsdl:input>
                                <soap:body use="literal" />
                        </wsdl:input>
                        <wsdl:output>
                                <soap:body use="literal" />
                        </wsdl:output>
                </wsdl:operation>
        </wsdl:binding>
        <wsdl:service name="ISecuriyService">
                <wsdl:port name="ISecuriyServicePort" binding="tns:ISecurityBinding">
                        <soap:address location="http://localhost:8080/sec" />
                </wsdl:port>
        </wsdl:service>
</wsdl:definitions>

wsdl file on com.tongtech.ti.cxf.demo.security package below.

Following the implementation of mvn eclipse: myeclipse / eclipse: eclipse / idea: idea, maven will automatically create the relevant wsdl code. After code generation copy com.tongtech.ti.cxf.demo.security.service below.
Third, write code
(A) to generate the certificate or certificates <br /> generate more troublesome, the jdk to use a tool - keytool
First, create a client KeyStore and public key in the command line run:
1, creating the private key and the KeyStore:

keytool -genkey -alias clientprivatekey -keypass keypass -keystore Client_KeyStore.jks -storepass storepass -dname "CN=tongtech.com,C=CN" -keyalg RSA

Create a KeyStore, the file name for Client_KeyStore.jks, which has a private key named clientprivatekey.
2, to the private key from the signature:

keytool -selfcert -keystore Client_KeyStore.jks -storepass storepass -alias clientprivatekey -keypass keypass

Signed success, without any prompts.
3, export the private key role is to export the public key certificate will be saved to TrustStore in.

keytool -export -alias clientprivatekey -file Client_PublicCert.cer -keystore Client_KeyStore.jks -storepass storepass

If successful, you can see the prompt:
Stored in a file certification <Client_PublicCert.cer>
Then create a server KeyStore
1, creating the private key and the KeyStore

keytool -genkey -alias serverprivatekey -keypass keypass -keystore Server_KeyStore.jks -storepass storepass -dname "CN=tongtech.com,C=CN" -keyalg RSA

2, a self-signed private key

keytool -selfcert -keystore Server_KeyStore.jks -storepass storepass -alias serverprivatekey -keypass keypass

3, export the private key

keytool -export -alias serverprivatekey -file Server_PublicCert.cer -keystore Server_KeyStore.jks -storepass storepass

Next, import the client public key to the server TrustStore, the public key of the server to the client TrustStore in import.
At the command line, type:

keytool -import -alias clientpublickey -file Client_PublicCert.cer -keystore Server_TrustStore.jks -storepass storepass

Will be prompted to enter

Quote

Owner: CN = tongtech.com, C = CN
Issuer: CN = tongtech.com, C = CN
Serial Number: 4cc7e86c
Valid: Wed Oct 27 16:53:00 CST 2010 to Tue Jan 25 16:53:00 CST 2011
Certificate fingerprints:
MD5: FB: AB: 71:9 F: 56: F3: CB: 65:16: DC: 52: E0: 2D: 27: FF: F6
SHA1: 06: A8: B1: B4: E2: 42:9 D: B2: F7: 99: E7: 70:34:08:96:52: E1: CD: 4A: 76
Signature algorithm name: SHA1withRSA
Version: 3
Trust this certificate? [No]:

Y can play, and then prompts

Quote

Certification has been added to the keystore in the

Similarly, the public key into the server in the client TrustStore

keytool -import -alias serverpublickey -file Server_PublicCert.cer -keystore Client_TrustStore.jks -storepass storepass

The same will be prompted to hit Enter y, suggesting that the success on it.
Here there will be a question, why call keystore? As mentioned at the top, KeyStore and TrustStore is the conceptual distinction.

(B) write the code above to generate a good <br /> maven project into eclipse, in the src / main / java package under the new, the name cert, will generate good KeyStore and just copying the cert package under TrustStore .
1, create a configuration file to create client encryption / decryption configuration: Client_Encrypt.properties

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=storepass
org.apache.ws.security.crypto.merlin.keystore.alias=serverpublickey
org.apache.ws.security.crypto.merlin.file=cert/Client_TrustStore.jks

Experience in establishing client sign / signature configurations: Client_Sign.properties

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=storepass
org.apache.ws.security.crypto.merlin.keystore.alias=clientprivatekey
org.apache.ws.security.crypto.merlin.file=cert/Client_KeyStore.jks

Establishment of service-side encryption / decryption configuration: Server_Decrypt.properties

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=storepass
org.apache.ws.security.crypto.merlin.keystore.alias=serverprivatekey
org.apache.ws.security.crypto.merlin.file=cert/Server_KeyStore.jks

Experience in building a service-side sign / signature configurations: Server_SignVerf.properties

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=storepass
org.apache.ws.security.crypto.merlin.keystore.alias=clientpublickey
org.apache.ws.security.crypto.merlin.file=cert/Server_TrustStore.jks

Tidy:

Quote

May say here, since some of the weird name, the file is the example I copied from the cxf over, I think the original intent should be to sign the client encryption, decryption server stamped, and no sign of the return data encryption intentions, so name from such a way, but that's okay, sort out, thinking more clearly.
Client_Encrypt.properties ---- Client_TrustStore.jks---- serverpublickey
Client_Sign.properties ---- Client_KeyStore.jks---- clientprivatekey
Server_Decrypt.properties ---- Server_KeyStore.jks---- serverprivatekey
Server_SignVerf.properties ---- Server_TrustStore.jks---- clientpublickey

2, preparation of client, server and their respective Callback
First of all first target / generate the code will be copied to the com.tongtech.ti.cxf.demo.security.service, and then in the security directory to establish X509.client and X509.server, were renamed the ISecuriyDemo_ISecuriyServicePort_Client.java and ISecuriyDemo_ISecuriyServicePort_Server.java into Client and Server and move to the X509.client and X509.server package, and then established under the client package UTPasswordClientCallBack.java class.
UTPasswordClientCallBack.java code:

package com.tongtech.ti.cxf.demo.security.X509.client;

import java.io.IOException;

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;

import org.apache.ws.security.WSPasswordCallback;

public class UTPasswordClientCallBack implements CallbackHandler {

        public void handle(Callback[] callbacks) throws IOException,
                        UnsupportedCallbackException {
                WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
                pc.setPassword("keypass");
                System.out.println("Client Identifier=" + pc.getIdentifier());
                System.out.println("Client Password=" + pc.getPassword());
        }

}

Established with the server package UTPasswordServerCallBack.java
UTPasswordServerCallBack.java code:

package com.tongtech.ti.cxf.demo.security.X509.server;

import java.io.IOException;

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;

import org.apache.ws.security.WSPasswordCallback;

public class UTPasswordServerCallBack implements CallbackHandler {

        public void handle(Callback[] callbacks) throws IOException,
                        UnsupportedCallbackException {
                WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
                pc.setPassword("keypass");
                System.out.println("Server Identifier=" + pc.getIdentifier());
                System.out.println("Server Password=" + pc.getPassword());
        }
}

These two classes, pc.setPassword method parameters are keypass, because we generate all the password keys are keypass, if the key password is different where the need for key Identifier (equivalent to the alias) to judge, to set a different password.

Next will be the preparation of a client and server.
First open Client.java class, copy the following code complete coverage into

package com.tongtech.ti.cxf.demo.security.X509.client;

/**
 * Please modify this class to meet your needs
 * This class is not complete
 */

import java.net.URL;
import java.util.HashMap;
import java.util.Map;

import javax.xml.namespace.QName;

import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.frontend.ClientProxy;
import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
import org.apache.ws.security.handler.WSHandlerConstants;

import com.tongtech.ti.cxf.demo.security.service.ISecuriyDemo;
import com.tongtech.ti.cxf.demo.security.service.ISecuriyService;

/**
 * This class was generated by Apache CXF 2.4.0-SNAPSHOT Tue Oct 26 16:45:43 CST
 * 2010 Generated source version: 2.4.0-SNAPSHOT
 *
 */

public final class Client {

        private static final QName SERVICE_NAME = new QName(
                        "http://demo.ti.tongtech.com/security/", "ISecuriyService");

        private Client() {
        }

        public static void main(String args[]) throws Exception {
                URL wsdlURL = ISecuriyService.WSDL_LOCATION;

                ISecuriyService ss = new ISecuriyService(wsdlURL, SERVICE_NAME);
                ISecuriyDemo port = ss.getISecuriyServicePort();
                org.apache.cxf.endpoint.Client client = ClientProxy.getClient(port);
                Endpoint cxfEp = client.getEndpoint();

                // Clint Out
                Map<String, Object> outProp = new HashMap<String, Object>();
                outProp.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP
                                + " " + WSHandlerConstants.SIGNATURE + " "
                                + WSHandlerConstants.ENCRYPT);
                outProp.put(WSHandlerConstants.USER, "clientprivatekey");
                outProp.put(WSHandlerConstants.ENCRYPTION_USER, "serverpublickey");
                outProp.put(WSHandlerConstants.PW_CALLBACK_CLASS,
                                UTPasswordClientCallBack.class.getName());
                outProp.put(WSHandlerConstants.SIG_PROP_FILE,
                                "cert/Client_Sign.properties");
                outProp.put(WSHandlerConstants.ENC_PROP_FILE,
                                "cert/Client_Encrypt.properties");
                cxfEp.getOutInterceptors().add(new WSS4JOutInterceptor(outProp));

                // Client In(Return)
                Map<String, Object> inProp = new HashMap<String, Object>();
                inProp.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP
                                + " " + WSHandlerConstants.SIGNATURE + " "
                                + WSHandlerConstants.ENCRYPT);
                inProp.put(WSHandlerConstants.PW_CALLBACK_CLASS,
                                UTPasswordClientCallBack.class.getName());
                inProp.put(WSHandlerConstants.DEC_PROP_FILE,
                                "cert/Client_Sign.properties");
                inProp.put(WSHandlerConstants.SIG_PROP_FILE,
                                "cert/Client_Encrypt.properties");
                cxfEp.getInInterceptors().add(new WSS4JInInterceptor(inProp));

                {
                        System.out.println("Invoking input...");
                        java.lang.String _input_in = "Input Value!";
                        java.lang.String _input__return = port.input(_input_in);
                        System.out.println("input.result=" + _input__return);
                }

                System.exit(0);
        }

}

Open Server.java, empathy copy the following code to the full and complete coverage:

package com.tongtech.ti.cxf.demo.security.X509.server;

import java.util.HashMap;
import java.util.Map;

import javax.xml.ws.Endpoint;

import org.apache.cxf.jaxws.EndpointImpl;
import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
import org.apache.ws.security.handler.WSHandlerConstants;

import com.tongtech.ti.cxf.demo.security.service.ISecuriyDemoImpl;

/**
 * This class was generated by Apache CXF 2.4.0-SNAPSHOT Tue Oct 26 16:45:43 CST
 * 2010 Generated source version: 2.4.0-SNAPSHOT
 *
 */

public class Server {

        protected Server() throws Exception {
                System.out.println("Starting Server");
                Object implementor = new ISecuriyDemoImpl();
                String address = "http://localhost:8080/sec";
                EndpointImpl ep = (EndpointImpl) Endpoint.publish(address, implementor);
                org.apache.cxf.endpoint.Endpoint cxfEp = ep.getServer().getEndpoint();

                // ///////////////////////////////////////////////////////////////

                Map<String, Object> inProp = new HashMap<String, Object>();
                inProp.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP
                                + " " + WSHandlerConstants.SIGNATURE + " "
                                + WSHandlerConstants.ENCRYPT);
                inProp.put(WSHandlerConstants.PW_CALLBACK_CLASS,
                                UTPasswordServerCallBack.class.getName());
                inProp.put(WSHandlerConstants.SIG_PROP_FILE,
                                "cert/Server_SignVerf.properties");
                inProp.put(WSHandlerConstants.DEC_PROP_FILE,
                                "cert/Server_Decrypt.properties");
                cxfEp.getInInterceptors().add(new WSS4JInInterceptor(inProp));

                // /////////////////////////////////////////////////////////////////

                Map<String, Object> outProp = new HashMap<String, Object>();
                outProp.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP
                                + " " + WSHandlerConstants.SIGNATURE + " "
                                + WSHandlerConstants.ENCRYPT);
                outProp.put(WSHandlerConstants.USER, "serverprivatekey");
                outProp.put(WSHandlerConstants.PW_CALLBACK_CLASS,
                                UTPasswordServerCallBack.class.getName());
                outProp.put(WSHandlerConstants.ENCRYPTION_USER, "clientpublickey");
                outProp.put(WSHandlerConstants.SIG_PROP_FILE,
                                "cert/Server_Decrypt.properties");//  The private key
                outProp.put(WSHandlerConstants.ENC_PROP_FILE,
                                "cert/Server_SignVerf.properties");//  The public key
                cxfEp.getOutInterceptors().add(new WSS4JOutInterceptor(outProp));
        }

        public static void main(String args[]) throws Exception {
                new Server();
                System.out.println("Server ready...");

                Thread.sleep(60 * 60 * 1000);
                System.out.println("Server exiting");
                System.exit(0);
        }
}

Replication is complete, run the server and the client can test. Not a word other than the client can successfully receive the returned information.

If you see soap content, open the service pack under the ISecuriyDemo.java, add the following annotation code:

@WebService(targetNamespace = "http://demo.ti.tongtech.com/security/", name = "ISecuriyDemo")
@XmlSeeAlso({ObjectFactory.class})
//==== Adding the following code  ====
@InInterceptors(interceptors = { "org.apache.cxf.interceptor.LoggingInInterceptor" })
@OutInterceptors(interceptors = { "org.apache.cxf.interceptor.LoggingOutInterceptor" })
//==== Join the code end  ====
public interface ISecuriyDemo {

    @WebResult(name = "out", targetNamespace = "")
    @RequestWrapper(localName = "input", targetNamespace = "http://demo.ti.tongtech.com/security/", className = "com.tongtech.ti.cxf.demo.security.service.Input")
    @WebMethod(action = "http://demo.ti.tongtech.com/security/input")
    @ResponseWrapper(localName = "inputResponse", targetNamespace = "http://demo.ti.tongtech.com/security/", className = "com.tongtech.ti.cxf.demo.security.service.InputResponse")
    public java.lang.String input(
        @WebParam(name = "in", targetNamespace = "")
        java.lang.String in
    );
}

Finally, the client, for example, simply explain to configure access points:
Clients include:

                org.apache.cxf.endpoint.Client client = ClientProxy.getClient(port);
                Endpoint cxfEp = client.getEndpoint();

                // Clint Out
                Map<String, Object> outProp = new HashMap<String, Object>();
                outProp.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP
                                + " " + WSHandlerConstants.SIGNATURE + " "
                                + WSHandlerConstants.ENCRYPT);
                outProp.put(WSHandlerConstants.USER, "clientprivatekey");
                outProp.put(WSHandlerConstants.ENCRYPTION_USER, "serverpublickey");
                outProp.put(WSHandlerConstants.PW_CALLBACK_CLASS,
                                UTPasswordClientCallBack.class.getName());
                outProp.put(WSHandlerConstants.SIG_PROP_FILE,
                                "cert/Client_Sign.properties");
                outProp.put(WSHandlerConstants.ENC_PROP_FILE,
                                "cert/Client_Encrypt.properties");
                cxfEp.getOutInterceptors().add(new WSS4JOutInterceptor(outProp));

                // Client In(Return)
                Map<String, Object> inProp = new HashMap<String, Object>();
                inProp.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP
                                + " " + WSHandlerConstants.SIGNATURE + " "
                                + WSHandlerConstants.ENCRYPT);
                inProp.put(WSHandlerConstants.PW_CALLBACK_CLASS,
                                UTPasswordClientCallBack.class.getName());
                inProp.put(WSHandlerConstants.DEC_PROP_FILE,
                                "cert/Client_Sign.properties");
                inProp.put(WSHandlerConstants.SIG_PROP_FILE,
                                "cert/Client_Encrypt.properties");
                cxfEp.getInInterceptors().add(new WSS4JInInterceptor(inProp));

The first line, using CXF's Client Agent (ClientProxy) to get the Endpoint, and then added to the Endpoint WSS4J in the Intercepter.
Need to add two WSS4J the Intercepter, WSS4JOutInterceptor and WSS4JInInterceptor, outIntercepter the client request to the server, as a customer brought in stations (OutBound) the Intercepter, need to configure WSS4J related attributes:
WSHandlerConstants.ACTION, WSHandlerConstants.USER, WSHandlerConstants.ENCRYPTION_USER, WSHandlerConstants.PW_CALLBACK_CLASS, WSHandlerConstants.SIG_PROP_FILE, WSHandlerConstants.ENC_PROP_FILE, these properties into the map, the incoming WSS4JOutInterceptor in.
For customers who brought in stations, the signature requires the client private key (Client_Sign.properties) for signing, encryption, public key server needs (Client_Encrypt.properties) encryption, the signature attribute in the configuration file for the WSHandlerConstants.SIG_PROP_FILE, WSHandlerConstants.ENC_PROP_FILE as encrypted configuration file.
Into the station, by contrast, need to test the server public key signing (Client_Encrypt.properties), requires the client to decrypt the private key (Client_Sign.properties).
Server side and client-side contrast, the same meaning and the client.

分类:Java 时间:2010-10-27 人气:286
分享到:
blog comments powered by Disqus

相关文章

  • SSL mutual authentication java implementation 2010-05-09

    In this paper, simulation scenario describes two-way SSL authentication java implementation By default, I think that readers already have some knowledge of principles of SSL, so the article on the principle of SSL, do not do detail. If there is such

  • Java generates RSA asymmetric public key and private key encryption (using the java API) 2010-07-16

    Non-symmetric encryption is ideal for multiple client and server secret communications between the client will use the same public key encryption which, while the public key can not reverse the decryption, the ciphertext is sent to the server with se

  • RSA Public Key Cryptography in Java 2010-12-20

    Public Key Cryptography is a well-known Concept, but for some Reason the JCE (Java Cryptography Extensions) documentation doesn't make IT ALL at Clear How to interoperate with common formats such as those public Key produced by openssl . If you try t

  • Encryption, decryption, authentication, digital signature, public key private key 2010-12-20

    Encryption, decryption, authentication, digital signature, public key private key articles Category: Industry Applications Bob, Alice and digital certificates Network security is probably the most well-known figure in Bob and Alice, because a lot of

  • java project java web project database garbled solution to the problem 2010-04-30

    As a java newbie, in the study to the database when the operation will often encounter a very difficult problem, a database of Chinese garbage. This seems to be growing every java programmer will encounter problems, here I put my own and share with y

  • Apache java Project Introduction 2009-04-01

    Apache java Project Introduction (2009-02-25 10:21:46) Apache java Project Introduction Recent contact with Jakarta-Common-BeanUtils this Dongdong more so on the Apache Jakarta Project interest, on their official website under the terms of the feelin

  • The use of Ant build and deploy Java Project 2010-03-29

    Ant can replace the use of javac, java and the jar to execute commands such as java operations, so as to achieve easy to build and deploy Java aim of the project. Look at the following number of knowledge points. 1. Using Ant's javac task to compile

  • Management Eclipse Java project to use Maven 2010-03-29

    This article can be willfully, but please keep the original Source: http://www.webwork.cn/archives/50009640.html Why do you want to use Maven, What are the benefits of using Maven maven is a project to help you compile, document management, reporting

  • Java project naming convention transfer order 2010-03-19

    Investigation of the Java project naming convention sun online documentation help documentation. Transfer from the following: Trackback: http://tb.blog.csdn.net/TrackBack.aspx?PostId=1443852 Level I: Default registration requirements for all projects

  • JAVA Project JDK conversion 2010-03-25

    1: JAVA Project Switch JDK, in the environment variables are configured based on the note of a few 1. Switch the project JDK (Figure 2) 2. Conversion to compile level (Figure 1) May need to modify (Figure 3) 2: WEB project needs to focus on the local

iOS 开发

Android 开发

Python 开发

JAVA 开发

开发语言

PHP 开发

Ruby 开发

搜索

前端开发

数据库

开发工具

开放平台

Javascript 开发

.NET 开发

云计算

服务器

Copyright (C) codeweblog.com, All Rights Reserved.

CodeWeblog.com 版权所有 黔ICP备15002463号-1

processed in 0.483 (s). 13 q(s)