XFire中实现WS-Security完整编
2009-03-18 08:47
381 查看
转自:http://docs.codehaus.org/pages/viewpage.action?pageId=59451
Added by qiujiayu, last edited by qiujiayu on Aug 04, 2006
(view change)
XFire中实现WS-Security完整编
在1.1中已经支持ws-security了。XFire通过wss4j提供ws-security支持。
一、 前提条件:
前提条件要安装Unlimited Strength Jurisdiction Policy(可以在http://java.sun.com/j2se/1.5.0/download.jsp或http://java.sun.com/j2se/1.4.2/download.html下载)和Bouncy Castle(来自http://BouncyCastle.org)。否则会出现无效算法(algorithm)或Key大小(KeySize)
为了能支持WS-Security必须添加两个Handler:inhandlers、outhandlers。
以下必须添加到inHandlers
1、 org.codehaus.xfire.security.wss4j.WSS4JInHandler:执行WS-Security相关的函数;
2、 org.codehaus.xfire.util.dom.DOMInHandler:为WS-Security从StAX转换成DOM格式。
注:DOMInHandler必须引入Xalan 2.7.0,XFire默认没有引入(下载地址为:http://www.apache.org/dyn/closer.cgi/xml/xalan-j)。
以下添加到outHandlers:
1、 org.codehaus.xfire.security.wss4j.WSS4JOutHandler:执行WS-Security相关的函数;
2、 org.codehaus.xfire.util.dom.DOMOutHandler:为WS-Security从StAX转换成DOM格式。
二、 安装Unlimited Strength Jurisdiction Policy和Bouncy Castle
1、 安装Unlimited Strength Jurisdiction
Policy:把local_policy.jar和US_export_policy.jar两个文件拷贝到:C:/j2re1.4.2/lib/
security/下;(如果JRE安装在C:/j2re1.4.2)。
2、 安装Bouncy Castle:
(1)、把下载的bcprov-jdk14-119.jar文件拷贝到两个地方:
一个在你安装的JDK目录中,比如:C:/j2sdk1.4.0-rc/jre/lib/ext。另一个在你的JDK运行环境中,比如:C:/Program Files/Java/j2re1.4.0-rc/lib/ext;
(2)、还要在对两个java.security进行修改:
我的在 C:/j2sdk1.4.0-rc/jre/lib/security/java.security;C:/Program
Files/Java/j2re1.4.0-rc/lib/security/java.security;在java.security中加入
security.provider.6=org.bouncycastle.jce.provider.BouncyCastleProvider
三、 创建密钥:
1、 通过别名和密码创建私密钥到keystore:
keytool -genkey -alias ws_security -keypass keypassword -keystore
privatestore.jks -storepass keyStorePassword -dname "cn=ws_security"
-keyalg RSA
采用RSA算法进行处理。
2、 证书:
keytool -selfcert -alias ws_security -keystore privatestore.jks -storepass keyStorePassword -keypass keypassword
3、 导出公钥到key.rsa:
keytool -export -alias ws_security -file key.rsa -keystore privatestore.jks -storepass keyStorePassword
4、 导入公钥到新的keystore中:
keytool -import -alias ws_security -file key.rsa -keystore publicstore.jks -storepass keyStorePassword
5、 创建insecurity.properties:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=keyStorePassword
org.apache.ws.security.crypto.merlin.alias.password=keypassword
org.apache.ws.security.crypto.merlin.keystore.alias=ws_security
org.apache.ws.security.crypto.merlin.file=META-INF/xfire/publicstore.jks
6、 创建outsecurity.properties:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=keyStorePassword
org.apache.ws.security.crypto.merlin.alias.password=keypassword
org.apache.ws.security.crypto.merlin.keystore.alias=ws_security
org.apache.ws.security.crypto.merlin.file=META-INF/xfire/privatestore.jks
7、 把文件insecurity,outsecurity.properties,privatestore.jks和publicstore.jks复制到META-INF/xfire/下。
有关keytool的使用说明,请查看以下资料:
http://www.churchillobjects.com/c/11201e.html
http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html
http://support.globalsign.net/en/objectsign/java.cfm
四、 实例:
1、 创建服务接口:
package example.services;
public interface BookService
Unknown macro: { public String echo(String msg);}
2、 创建服务实现类:
package example.services; public class BookServiceImpl implements BookService
Unknown macro: { public String echo(String msg){ return msg; }
}
3、 配制webservices.xml文件:
<beans xmlns="http://xfire.codehaus.org/config/1.0">
<service>
<name>BookServiceSign</name>
<serviceClass>example.services.BookService</serviceClass>
<implementationClass>
example.services.BookServiceImpl
</implementationClass>
<style>wrapped</style>
<use>literal</use>
<scope>application</scope>
<inHandlers>
<handler handlerClass="org.codehaus.xfire.util.dom.DOMInHandler" />
<bean class="org.codehaus.xfire.security.wss4j.WSS4JInHandler" xmlns="">
<property name="properties">
<props>
<prop key="action">Signature</prop>
<prop key="signaturePropFile">
META-INF/xfire/insecurity.properties
</prop>
<prop key="decryptionPropFile">
META-INF/xfire/insecurity.properties
</prop>
<prop key="passwordCallbackClass">example.ws_security.PasswordHandler
</prop>
</props>
</property>
</bean>
</inHandlers>
</service>
<service>
<name>BookServiceUsernameToken</name>
<serviceClass>example.services.BookService</serviceClass>
<implementationClass>
example.services.BookServiceImpl
</implementationClass>
<style>wrapped</style>
<use>literal</use>
<scope>application</scope>
<inHandlers>
<handler handlerClass="org.codehaus.xfire.util.dom.DOMInHandler" />
<bean class="org.codehaus.xfire.security.wss4j.WSS4JInHandler" xmlns="">
<property name="properties">
<props>
<prop key="action">UsernameToken</prop>
<prop key="signaturePropFile">
META-INF/xfire/insecurity.properties
</prop>
<prop key="decryptionPropFile">
META-INF/xfire/insecurity.properties
</prop>
<prop key="passwordCallbackClass">example.ws_security.PasswordHandler
</prop>
</props>
</property>
</bean>
</inHandlers>
</service>
<service>
<name>BookServiceTimestamp</name>
<serviceClass>example.services.BookService</serviceClass>
<implementationClass>
example.services.BookServiceImpl
</implementationClass>
<style>wrapped</style>
<use>literal</use>
<scope>application</scope>
<inHandlers>
<handler handlerClass="org.codehaus.xfire.util.dom.DOMInHandler" />
<bean class="org.codehaus.xfire.security.wss4j.WSS4JInHandler" xmlns="">
<property name="properties">
<props>
<prop key="action">Timestamp</prop>
<prop key="signaturePropFile">
META-INF/xfire/insecurity.properties
</prop>
<prop key="decryptionPropFile">
META-INF/xfire/insecurity.properties
</prop>
<prop key="passwordCallbackClass">example.ws_security.PasswordHandler
</prop>
</props>
</property>
</bean>
</inHandlers>
</service>
<service>
<name>BookServiceEnc</name><serviceClass>example.services.BookService</serviceClass>
<implementationClass>
example.services.BookServiceImpl
</implementationClass>
<style>wrapped</style>
<use>literal</use>
<scope>application</scope>
<inHandlers>
<handler handlerClass="org.codehaus.xfire.util.dom.DOMInHandler" />
<bean class="org.codehaus.xfire.security.wss4j.WSS4JInHandler" xmlns="">
<property name="properties">
<props>
<prop key="action">Encrypt</prop>
<prop key="encryptPropFile">
META-INF/xfire/outsecurity.properties
</prop>
<prop key="decryptionPropFile">
META-INF/xfire/outsecurity.properties
</prop>
<prop key="passwordCallbackClass">
example.ws_security.PasswordHandler
</prop>
</props>
</property>
</bean>
</inHandlers>
</service>
</beans>
4、 创建:
package example.ws_security;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.ws.security.WSPasswordCallback;
public class PasswordHandler implements CallbackHandler
{
private Map passwords = new HashMap();
public PasswordHandler()
Unknown macro: { passwords.put("ws_security", "keypassword");}
public void handle(Callback[] callbacks) throws IOException,UnsupportedCallbackException
Unknown macro:
{ System.out.println("Handling Password!"); WSPasswordCallback pc =
(WSPasswordCallback) callbacks [0]; String id = pc.getIdentifer();
System.out.println("id}
}
5、 客户端实现:
package example.test;
import java.lang.reflect.Proxy;
import java.net.MalformedURLException;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.codehaus.xfire.client.Client;
import org.codehaus.xfire.client.XFireProxy;
import org.codehaus.xfire.client.XFireProxyFactory;
import org.codehaus.xfire.security.wss4j.WSS4JOutHandler;
import org.codehaus.xfire.service.Service;
import org.codehaus.xfire.service.binding.ObjectServiceFactory;
import org.codehaus.xfire.util.dom.DOMOutHandler;
import example.services.BookService;
import example.ws_security.PasswordHandler;
public class TTTest
{
private WSS4JOutHandler wsOut;
private Service service;
private BookService bookservice;
private Client client;
public TTTest(){}
public void testClientEcr()
Unknown macro: { String
serviceName="BookServiceEnc"; String
actions=WSHandlerConstants.ENCRYPT; String SERVICE_URL ="http}
catch (MalformedURLException e)
Unknown macro: { e.printStackTrace(); }
wsOut = new WSS4JOutHandler();
wsOut.setProperty(WSHandlerConstants.SIG_PROP_FILE, "META-INF/xfire/insecurity.properties");
wsOut.setProperty(WSHandlerConstants.ENC_PROP_FILE, "META-INF/xfire/insecurity.properties");
wsOut.setProperty(WSHandlerConstants.USER, "ws_security");
wsOut.setProperty("password", "keypassword");
wsOut.setProperty(WSHandlerConstants.PASSWORD_TYPE,WSConstants.PW_TEXT);
wsOut.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS,PasswordHandler.class.getName());
wsOut.setProperty(WSHandlerConstants.SIG_KEY_ID,"IssuerSerial");
client.addOutHandler(new DOMOutHandler());
client.addOutHandler(wsOut);
//client.addInHandler(new DOMInHandler());
//wsOut.setProperty(WSHandlerConstants.TTL_TIMESTAMP,"30");
wsOut.setProperty(WSHandlerConstants.ACTION, actions);
System.out.println(bookservice.echo("Client test msg"+actions));
client.close();
}
public void testClient2(String serviceName,String actions)
{
String SERVICE_URL="http://localhost:8080/TT/services/"+serviceName;
//建议采用此种方式进行创建服务(带有服务名,此例为"BookService")
service=new ObjectServiceFactory().create(BookService.class,serviceName,null,null);
try
{
bookservice=(BookService) new XFireProxyFactory().create(service, SERVICE_URL);
client = ((XFireProxy) Proxy.getInvocationHandler(bookservice)).getClient();
}}
} catch (MalformedURLException e)
Unknown macro: { e.printStackTrace();}
wsOut = new WSS4JOutHandler();
wsOut.setProperty(WSHandlerConstants.SIG_PROP_FILE, "META-INF/xfire/outsecurity.properties");
wsOut.setProperty(WSHandlerConstants.ENC_PROP_FILE, "META-INF/xfire/outsecurity.properties");
wsOut.setProperty(WSHandlerConstants.USER, "ws_security");
wsOut.setProperty("password", "keypassword");
wsOut.setProperty(WSHandlerConstants.PASSWORD_TYPE,WSConstants.PW_TEXT);
wsOut.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS,PasswordHandler.class.getName());
wsOut.setProperty(WSHandlerConstants.SIG_KEY_ID,"IssuerSerial");
client.addOutHandler(new DOMOutHandler());
client.addOutHandler(wsOut);
//client.addInHandler(new DOMInHandler());
//wsOut.setProperty(WSHandlerConstants.TTL_TIMESTAMP,"30");
wsOut.setProperty(WSHandlerConstants.ACTION, actions);
System.out.println(bookservice.echo("Client test msg "+actions));
client.close();
}
public static void main(String [] args)
Unknown macro: { TTTest
tt=new TTTest(); tt.testClientEcr();
tt.testClient2("BookServiceSign", WSHandlerConstants.SIGNATURE);
tt.testClient2("BookServiceUsernameToken",
WSHandlerConstants.USERNAME_TOKEN);
tt.testClient2("BookServiceTimestamp", WSHandlerConstants.TIMESTAMP);}
}
xfiire官方的文章:http://xfire.codehaus.org/WS-Security
WS-Security support is now included in the 1.1 release. XFire uses WSS4J
to provide WS-Security support. In addition to the documentation here,
you may find their site helpful as well. XFire also includes some
WS-Security examples in the distribution which you can try out.
installed Unlimited Strength Jurisdiction Policy Files for your SDK
version ( bottom of the page http://java.sun.com/j2se/1.5.0/download.jsp or http://java.sun.com/j2se/1.4.2/download.html), and the Bouncy Castle security provider from http://BouncyCastle.org ( Here is short description of instalation process : http://docs.safehaus.org/display/PENROSE/Installing+Security+Provider ) . If you don't, you will probably receive an exception message about invalid algorithm or key size.
To enable WS-Security support you must add two handlers to the
incoming (inhandlers) and/or outgoing (outhandlers) handler chains ( If
your client sends secured data but does not expect to get such
response, its enough to only add security handlers to the client's
outHandlers and if your server takes secured messages but does not send
such, you can add handlers only to the server's inHandlers chain).
These handlers must be added to the inHandlers:
org.codehaus.xfire.security.wss4j.WSS4JInHandler - Performs the WS-Security related functions
org.codehaus.xfire.util.dom.DOMInHandler - Converts from StAX to DOM format for WS-Security
Note: DOMInHandler requires XML Transformer support which is
included in Xalan 2.7.0. This library is not included with XFire by
default.
and the handlers below to outHandlers:
org.codehaus.xfire.security.wss4j.WSS4JOutHandler - Performs the WS-Security related functions
org.codehaus.xfire.util.dom.DOMOutHandler - Converts from DOM to StAX format for WS-Security
Server side configuration :
Client side configuration :
following steps. Keep in mind these will not be signed by an external
authority like Verisign.
1. Creating private key with given alias and password like "myAlias"/"myAliasPassword" in keystore (protected by password for
security reasons)
In this instance we are using the RSA algorithm.
2. Self-sign our certificate (in production environment this will be done by a company like Verisign).
3. Export the public key from our private keystore to file named key.rsa
4. Import the public key to new keystore:
So now we have two keystores containing our keys - a public one
(publicstore.jks) and a private one (privatestore.jks). Both of them
have keystore password set to keyStorePass (this not recommended for
production but ok for development) and alias set to myAlias. The file
key.rsa can removed from filesystem, since it used only temporarily.
Storing keys in keystores is strongly advised because a keystore is
protected by a password.
A more detailed description of key generation can be found here:
http://www.churchillobjects.com/c/11201e.html
http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html
How to create a production certificate can be found here:
http://support.globalsign.net/en/objectsign/java.cfm
message header. A password can be sent as plain text or in hashed form
(depending on "passwordType" property).
Client side configuration :
The PasswordHandler class is responsible for finding the password for given user name and must implement the org.apache.ws.security.WSPasswordCallback interface.
You can also specify an existing handler instance, using the
WSHandlerConstants.PW_CALLBACK_REF property on the client/service
instance or MessageContext ( e.g. client.setProperty(new PasswordHandler())).
The WSHandlerConstants.PASSWORD_TYPE property determines how the
password will be sent. If it is set to WSConstants.PW_TEXT, the
password will be sent as plain text. If the value is
WSConstants.PW_DIGEST, a password digest will be sent. If no value is
set, a digest is used by default..
Server side configuration :
The "action" property contains an action to perform.
The "passwordCallbackClass"
property contains the handler class name which will process the
password sent with the SOAP message. If the password is in plain form,
the callback class can authenticate the user or just ignore the
password and let the XFire handler perform the authentication with a
data set on the MessageContext by security handler. In the case of a
hashed password, the callback class MUST return the same password as
used on client side. If a null value is returned or the password
doesn't match the orignal password, an exception will be thrown.
Security processing ( like username/password from usertoken header )
can be retrieved from MessageContext with the following code :
Client side configuration:
The WSHandlerConstants.TTL_TIMESTAMP property specifies the number of seconds or milliseconds for which the message is considered valid .
The WSHandlerConstants.TIMESTAMP_PRECISION property determines the time unit for the time stamp ( seconds or miliseconds). If not specified, seconds are used.
Server side configuration:
the given crypthography algorithm. For performance reasons, message
data is encrypted using a symmetric key and then the symmetic key is
encrypted with the receiver's public key.
Client side configuration:
WSHandlerConstants.ENC_PROP_FILE - contains path to file with details of encryption configuration.
WSHandlerConstants.ENC_SYM_ALGO - specify symmetric algorithm used to encrypt message data. Allowed values are : WSConstants.TRIPLE_DES,WSConstants.AES_128 ( default ), WSConstants.AES_256, and WSConstants.AES_192
The file can look like the following :
org.apache.ws.security.crypto.provider - implementation class for security provider ( must be set to org.apache.ws.security.components.crypto.Merlin )
org.apache.ws.security.crypto.merlin.keystore.type - keystore type ( jks/pkcs12 )
org.apache.ws.security.crypto.merlin.keystore.password - keystore passphrase
org.apache.ws.security.crypto.merlin.keystore.alias - alias of key inside keystore
org.apache.ws.security.crypto.merlin.alias.password - password for private key inside keystore stored under given alias ( not used for encryption )
org.apache.ws.security.crypto.merlin.file - path to keystore
Server side configuration:
which assures that no one modified the message content between the
sender and receiver. This action creates a digest of the message and
encrypts it with sender private key. The receiver must have the
sender's public key to verify this signature.
Client side configuration:
WSHandlerConstants.SIG_KEY_ID specify what key identifier should be used ( possible values are : "IssuerSerial" ( recommended ) and "DirectReference" ).
WSHandlerConstants.SIG_PROP_FILE contains path to file with details of signature configuration.
Configuration file can look like:
Inserting a certicate in the signing message : http://ws.apache.org/wss4j/cert.html
Server side configuration:
The file insecurity_sign.properties:
To use this feature you must add following two lines:
Custom Encrypter is a simple class (which extend AbstractDecrypter ) implementing any algorithm used to decrypt passwords.
Added by qiujiayu, last edited by qiujiayu on Aug 04, 2006
(view change)
XFire中实现WS-Security完整编
在1.1中已经支持ws-security了。XFire通过wss4j提供ws-security支持。
一、 前提条件:
前提条件要安装Unlimited Strength Jurisdiction Policy(可以在http://java.sun.com/j2se/1.5.0/download.jsp或http://java.sun.com/j2se/1.4.2/download.html下载)和Bouncy Castle(来自http://BouncyCastle.org)。否则会出现无效算法(algorithm)或Key大小(KeySize)
为了能支持WS-Security必须添加两个Handler:inhandlers、outhandlers。
以下必须添加到inHandlers
1、 org.codehaus.xfire.security.wss4j.WSS4JInHandler:执行WS-Security相关的函数;
2、 org.codehaus.xfire.util.dom.DOMInHandler:为WS-Security从StAX转换成DOM格式。
注:DOMInHandler必须引入Xalan 2.7.0,XFire默认没有引入(下载地址为:http://www.apache.org/dyn/closer.cgi/xml/xalan-j)。
以下添加到outHandlers:
1、 org.codehaus.xfire.security.wss4j.WSS4JOutHandler:执行WS-Security相关的函数;
2、 org.codehaus.xfire.util.dom.DOMOutHandler:为WS-Security从StAX转换成DOM格式。
二、 安装Unlimited Strength Jurisdiction Policy和Bouncy Castle
1、 安装Unlimited Strength Jurisdiction
Policy:把local_policy.jar和US_export_policy.jar两个文件拷贝到:C:/j2re1.4.2/lib/
security/下;(如果JRE安装在C:/j2re1.4.2)。
2、 安装Bouncy Castle:
(1)、把下载的bcprov-jdk14-119.jar文件拷贝到两个地方:
一个在你安装的JDK目录中,比如:C:/j2sdk1.4.0-rc/jre/lib/ext。另一个在你的JDK运行环境中,比如:C:/Program Files/Java/j2re1.4.0-rc/lib/ext;
(2)、还要在对两个java.security进行修改:
我的在 C:/j2sdk1.4.0-rc/jre/lib/security/java.security;C:/Program
Files/Java/j2re1.4.0-rc/lib/security/java.security;在java.security中加入
security.provider.6=org.bouncycastle.jce.provider.BouncyCastleProvider
三、 创建密钥:
1、 通过别名和密码创建私密钥到keystore:
keytool -genkey -alias ws_security -keypass keypassword -keystore
privatestore.jks -storepass keyStorePassword -dname "cn=ws_security"
-keyalg RSA
采用RSA算法进行处理。
2、 证书:
keytool -selfcert -alias ws_security -keystore privatestore.jks -storepass keyStorePassword -keypass keypassword
3、 导出公钥到key.rsa:
keytool -export -alias ws_security -file key.rsa -keystore privatestore.jks -storepass keyStorePassword
4、 导入公钥到新的keystore中:
keytool -import -alias ws_security -file key.rsa -keystore publicstore.jks -storepass keyStorePassword
5、 创建insecurity.properties:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=keyStorePassword
org.apache.ws.security.crypto.merlin.alias.password=keypassword
org.apache.ws.security.crypto.merlin.keystore.alias=ws_security
org.apache.ws.security.crypto.merlin.file=META-INF/xfire/publicstore.jks
6、 创建outsecurity.properties:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=keyStorePassword
org.apache.ws.security.crypto.merlin.alias.password=keypassword
org.apache.ws.security.crypto.merlin.keystore.alias=ws_security
org.apache.ws.security.crypto.merlin.file=META-INF/xfire/privatestore.jks
7、 把文件insecurity,outsecurity.properties,privatestore.jks和publicstore.jks复制到META-INF/xfire/下。
有关keytool的使用说明,请查看以下资料:
http://www.churchillobjects.com/c/11201e.html
http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html
http://support.globalsign.net/en/objectsign/java.cfm
四、 实例:
1、 创建服务接口:
package example.services;
public interface BookService
Unknown macro: { public String echo(String msg);}
2、 创建服务实现类:
package example.services; public class BookServiceImpl implements BookService
Unknown macro: { public String echo(String msg){ return msg; }
}
3、 配制webservices.xml文件:
<beans xmlns="http://xfire.codehaus.org/config/1.0">
<service>
<name>BookServiceSign</name>
<serviceClass>example.services.BookService</serviceClass>
<implementationClass>
example.services.BookServiceImpl
</implementationClass>
<style>wrapped</style>
<use>literal</use>
<scope>application</scope>
<inHandlers>
<handler handlerClass="org.codehaus.xfire.util.dom.DOMInHandler" />
<bean class="org.codehaus.xfire.security.wss4j.WSS4JInHandler" xmlns="">
<property name="properties">
<props>
<prop key="action">Signature</prop>
<prop key="signaturePropFile">
META-INF/xfire/insecurity.properties
</prop>
<prop key="decryptionPropFile">
META-INF/xfire/insecurity.properties
</prop>
<prop key="passwordCallbackClass">example.ws_security.PasswordHandler
</prop>
</props>
</property>
</bean>
</inHandlers>
</service>
<service>
<name>BookServiceUsernameToken</name>
<serviceClass>example.services.BookService</serviceClass>
<implementationClass>
example.services.BookServiceImpl
</implementationClass>
<style>wrapped</style>
<use>literal</use>
<scope>application</scope>
<inHandlers>
<handler handlerClass="org.codehaus.xfire.util.dom.DOMInHandler" />
<bean class="org.codehaus.xfire.security.wss4j.WSS4JInHandler" xmlns="">
<property name="properties">
<props>
<prop key="action">UsernameToken</prop>
<prop key="signaturePropFile">
META-INF/xfire/insecurity.properties
</prop>
<prop key="decryptionPropFile">
META-INF/xfire/insecurity.properties
</prop>
<prop key="passwordCallbackClass">example.ws_security.PasswordHandler
</prop>
</props>
</property>
</bean>
</inHandlers>
</service>
<service>
<name>BookServiceTimestamp</name>
<serviceClass>example.services.BookService</serviceClass>
<implementationClass>
example.services.BookServiceImpl
</implementationClass>
<style>wrapped</style>
<use>literal</use>
<scope>application</scope>
<inHandlers>
<handler handlerClass="org.codehaus.xfire.util.dom.DOMInHandler" />
<bean class="org.codehaus.xfire.security.wss4j.WSS4JInHandler" xmlns="">
<property name="properties">
<props>
<prop key="action">Timestamp</prop>
<prop key="signaturePropFile">
META-INF/xfire/insecurity.properties
</prop>
<prop key="decryptionPropFile">
META-INF/xfire/insecurity.properties
</prop>
<prop key="passwordCallbackClass">example.ws_security.PasswordHandler
</prop>
</props>
</property>
</bean>
</inHandlers>
</service>
<service>
<name>BookServiceEnc</name><serviceClass>example.services.BookService</serviceClass>
<implementationClass>
example.services.BookServiceImpl
</implementationClass>
<style>wrapped</style>
<use>literal</use>
<scope>application</scope>
<inHandlers>
<handler handlerClass="org.codehaus.xfire.util.dom.DOMInHandler" />
<bean class="org.codehaus.xfire.security.wss4j.WSS4JInHandler" xmlns="">
<property name="properties">
<props>
<prop key="action">Encrypt</prop>
<prop key="encryptPropFile">
META-INF/xfire/outsecurity.properties
</prop>
<prop key="decryptionPropFile">
META-INF/xfire/outsecurity.properties
</prop>
<prop key="passwordCallbackClass">
example.ws_security.PasswordHandler
</prop>
</props>
</property>
</bean>
</inHandlers>
</service>
</beans>
4、 创建:
package example.ws_security;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.ws.security.WSPasswordCallback;
public class PasswordHandler implements CallbackHandler
{
private Map passwords = new HashMap();
public PasswordHandler()
Unknown macro: { passwords.put("ws_security", "keypassword");}
public void handle(Callback[] callbacks) throws IOException,UnsupportedCallbackException
Unknown macro:
{ System.out.println("Handling Password!"); WSPasswordCallback pc =
(WSPasswordCallback) callbacks [0]; String id = pc.getIdentifer();
System.out.println("id}
}
5、 客户端实现:
package example.test;
import java.lang.reflect.Proxy;
import java.net.MalformedURLException;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.codehaus.xfire.client.Client;
import org.codehaus.xfire.client.XFireProxy;
import org.codehaus.xfire.client.XFireProxyFactory;
import org.codehaus.xfire.security.wss4j.WSS4JOutHandler;
import org.codehaus.xfire.service.Service;
import org.codehaus.xfire.service.binding.ObjectServiceFactory;
import org.codehaus.xfire.util.dom.DOMOutHandler;
import example.services.BookService;
import example.ws_security.PasswordHandler;
public class TTTest
{
private WSS4JOutHandler wsOut;
private Service service;
private BookService bookservice;
private Client client;
public TTTest(){}
public void testClientEcr()
Unknown macro: { String
serviceName="BookServiceEnc"; String
actions=WSHandlerConstants.ENCRYPT; String SERVICE_URL ="http}
catch (MalformedURLException e)
Unknown macro: { e.printStackTrace(); }
wsOut = new WSS4JOutHandler();
wsOut.setProperty(WSHandlerConstants.SIG_PROP_FILE, "META-INF/xfire/insecurity.properties");
wsOut.setProperty(WSHandlerConstants.ENC_PROP_FILE, "META-INF/xfire/insecurity.properties");
wsOut.setProperty(WSHandlerConstants.USER, "ws_security");
wsOut.setProperty("password", "keypassword");
wsOut.setProperty(WSHandlerConstants.PASSWORD_TYPE,WSConstants.PW_TEXT);
wsOut.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS,PasswordHandler.class.getName());
wsOut.setProperty(WSHandlerConstants.SIG_KEY_ID,"IssuerSerial");
client.addOutHandler(new DOMOutHandler());
client.addOutHandler(wsOut);
//client.addInHandler(new DOMInHandler());
//wsOut.setProperty(WSHandlerConstants.TTL_TIMESTAMP,"30");
wsOut.setProperty(WSHandlerConstants.ACTION, actions);
System.out.println(bookservice.echo("Client test msg"+actions));
client.close();
}
public void testClient2(String serviceName,String actions)
{
String SERVICE_URL="http://localhost:8080/TT/services/"+serviceName;
//建议采用此种方式进行创建服务(带有服务名,此例为"BookService")
service=new ObjectServiceFactory().create(BookService.class,serviceName,null,null);
try
{
bookservice=(BookService) new XFireProxyFactory().create(service, SERVICE_URL);
client = ((XFireProxy) Proxy.getInvocationHandler(bookservice)).getClient();
}}
} catch (MalformedURLException e)
Unknown macro: { e.printStackTrace();}
wsOut = new WSS4JOutHandler();
wsOut.setProperty(WSHandlerConstants.SIG_PROP_FILE, "META-INF/xfire/outsecurity.properties");
wsOut.setProperty(WSHandlerConstants.ENC_PROP_FILE, "META-INF/xfire/outsecurity.properties");
wsOut.setProperty(WSHandlerConstants.USER, "ws_security");
wsOut.setProperty("password", "keypassword");
wsOut.setProperty(WSHandlerConstants.PASSWORD_TYPE,WSConstants.PW_TEXT);
wsOut.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS,PasswordHandler.class.getName());
wsOut.setProperty(WSHandlerConstants.SIG_KEY_ID,"IssuerSerial");
client.addOutHandler(new DOMOutHandler());
client.addOutHandler(wsOut);
//client.addInHandler(new DOMInHandler());
//wsOut.setProperty(WSHandlerConstants.TTL_TIMESTAMP,"30");
wsOut.setProperty(WSHandlerConstants.ACTION, actions);
System.out.println(bookservice.echo("Client test msg "+actions));
client.close();
}
public static void main(String [] args)
Unknown macro: { TTTest
tt=new TTTest(); tt.testClientEcr();
tt.testClient2("BookServiceSign", WSHandlerConstants.SIGNATURE);
tt.testClient2("BookServiceUsernameToken",
WSHandlerConstants.USERNAME_TOKEN);
tt.testClient2("BookServiceTimestamp", WSHandlerConstants.TIMESTAMP);}
}
xfiire官方的文章:http://xfire.codehaus.org/WS-Security
WS-Security support is now included in the 1.1 release. XFire uses WSS4J
to provide WS-Security support. In addition to the documentation here,
you may find their site helpful as well. XFire also includes some
WS-Security examples in the distribution which you can try out.
Enabling WS-Security
Before enabling WS-Security module, you must make sure that you haveinstalled Unlimited Strength Jurisdiction Policy Files for your SDK
version ( bottom of the page http://java.sun.com/j2se/1.5.0/download.jsp or http://java.sun.com/j2se/1.4.2/download.html), and the Bouncy Castle security provider from http://BouncyCastle.org ( Here is short description of instalation process : http://docs.safehaus.org/display/PENROSE/Installing+Security+Provider ) . If you don't, you will probably receive an exception message about invalid algorithm or key size.
To enable WS-Security support you must add two handlers to the
incoming (inhandlers) and/or outgoing (outhandlers) handler chains ( If
your client sends secured data but does not expect to get such
response, its enough to only add security handlers to the client's
outHandlers and if your server takes secured messages but does not send
such, you can add handlers only to the server's inHandlers chain).
These handlers must be added to the inHandlers:
org.codehaus.xfire.security.wss4j.WSS4JInHandler - Performs the WS-Security related functions
org.codehaus.xfire.util.dom.DOMInHandler - Converts from StAX to DOM format for WS-Security
Note: DOMInHandler requires XML Transformer support which is
included in Xalan 2.7.0. This library is not included with XFire by
default.
and the handlers below to outHandlers:
org.codehaus.xfire.security.wss4j.WSS4JOutHandler - Performs the WS-Security related functions
org.codehaus.xfire.util.dom.DOMOutHandler - Converts from DOM to StAX format for WS-Security
Server side configuration :
<tns:inHandlers> <tns:handler handlerClass="org.codehaus.xfire.util.dom.DOMInHandler" /> <bean id="org.codehaus.xfire.security.wss4j.WSS4JInHandler" class="org.codehaus.xfire.security.wss4j.WSS4JInHandler"> <!-- security configuration goes here --> .... </bean> </tns:inHandlers> <tns:outHandlers> <tns:handler handlerClass="org.codehaus.xfire.util.dom.DOMOutHandler" /> <bean id="org.codehaus.xfire.security.wss4j.WSS4JOutHandler" class="org.codehaus.xfire.security.wss4j.WSS4JOutHandler"> <!-- security configuration goes here --> .... </bean> </tns:outHandlers>
Client side configuration :
Service serviceModel = new ObjectServiceFactory().create( .. ) // Create service client IBook service = (IBook) new XFireProxyFactory().create( ...); Client client = Client.getInstance(service); client.addOutHandler(new DOMOutHandler()); Properties outProperties = new Properties(); // CONFIGURE OUTGOING SECURITY HERE (outProperties) <-- client.addOutHandler(new WSS4JOutHandler(outProperties)); client.addInHandler(new DOMInHandler()); Properties inProperties = new Properties(); // CONFIGURE INCOMMING SECURITY HERE (inProperties) <-- client.addInHandler(new WSS4JInHandler(inProperties)); // Execute service
Building keys
You can generate a key pair for the development environment via thefollowing steps. Keep in mind these will not be signed by an external
authority like Verisign.
1. Creating private key with given alias and password like "myAlias"/"myAliasPassword" in keystore (protected by password for
security reasons)
keytool -genkey -alias myAlias -keypass myAliasPassword -keystore privatestore.jks / -storepass keyStorePassword -dname "cn=myAlias" -keyalg RSA
In this instance we are using the RSA algorithm.
2. Self-sign our certificate (in production environment this will be done by a company like Verisign).
keytool -selfcert -alias myAlias -keystore privatestore.jks -storepass keyStorePassword -keypass myAliasPassword
3. Export the public key from our private keystore to file named key.rsa
keytool -export -alias myAlias -file key.rsa -keystore privatestore.jks -storepass keyStorePassword
4. Import the public key to new keystore:
keytool -import -alias myAlias -file key.rsa -keystore publicstore.jks -storepass keyStorePassword
So now we have two keystores containing our keys - a public one
(publicstore.jks) and a private one (privatestore.jks). Both of them
have keystore password set to keyStorePass (this not recommended for
production but ok for development) and alias set to myAlias. The file
key.rsa can removed from filesystem, since it used only temporarily.
Storing keys in keystores is strongly advised because a keystore is
protected by a password.
A more detailed description of key generation can be found here:
http://www.churchillobjects.com/c/11201e.html
http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html
How to create a production certificate can be found here:
http://support.globalsign.net/en/objectsign/java.cfm
User Token Authentication
This WS-Security scenario adds username and password values to themessage header. A password can be sent as plain text or in hashed form
(depending on "passwordType" property).
Client side configuration :
protected void configureOutProperties(Properties config)
{
// Action to perform : user token
config.setProperty(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
// Password type : plain text
config.setProperty(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
// for hashed password use:
//properties.setProperty(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_DIGEST);
// User name to send
config.setProperty(WSHandlerConstants.USER, "serveralias");
// Callback used to retrive password for given user.
config.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS, PasswordHandler.class.getName());
}The PasswordHandler class is responsible for finding the password for given user name and must implement the org.apache.ws.security.WSPasswordCallback interface.
You can also specify an existing handler instance, using the
WSHandlerConstants.PW_CALLBACK_REF property on the client/service
instance or MessageContext ( e.g. client.setProperty(new PasswordHandler())).
The WSHandlerConstants.PASSWORD_TYPE property determines how the
password will be sent. If it is set to WSConstants.PW_TEXT, the
password will be sent as plain text. If the value is
WSConstants.PW_DIGEST, a password digest will be sent. If no value is
set, a digest is used by default..
Server side configuration :
<!-- ============= User Token with Plain Pasword ============= --> <service> <!-- --> <name>BookServiceUTPP</name> <namespace>http://xfire.codehaus.org/BookService</namespace> <serviceClass>org.codehaus.xfire.demo.BookService</serviceClass> <inHandlers> <handler handlerClass="org.codehaus.xfire.util.dom.DOMInHandler" /> <bean class="org.codehaus.xfire.security.wss4j.WSS4JInHandler" xmlns=""> <property name="properties"> <map xmlns="" > <entry key="passwordCallbackRef" xmlns=""> <bean xmlns="" class="org.codehaus.xfire.demo.PasswordHandler" id="passHandler" name="passHandler"/> </entry> <entry key="action" value="UsernameToken" /> </map> <!-- props> <prop key="action">UsernameToken</prop> <prop key="passwordCallbackClass">org.codehaus.xfire.demo.PasswordHandler</prop> </props --> </property> </bean> <handler handlerClass="org.codehaus.xfire.demo.ValidateUserTokenHandler" /> </inHandlers> </service>
The "action" property contains an action to perform.
The "passwordCallbackClass"
property contains the handler class name which will process the
password sent with the SOAP message. If the password is in plain form,
the callback class can authenticate the user or just ignore the
password and let the XFire handler perform the authentication with a
data set on the MessageContext by security handler. In the case of a
hashed password, the callback class MUST return the same password as
used on client side. If a null value is returned or the password
doesn't match the orignal password, an exception will be thrown.
Security processing ( like username/password from usertoken header )
can be retrieved from MessageContext with the following code :
public class ValidateUserTokenHandler
extends AbstractHandler
{
public void invoke(MessageContext context)
throws Exception
{
Vector result = (Vector) context.getProperty(WSHandlerConstants.RECV_RESULTS);
for (int i = 0; i < result.size(); i++)
{
WSHandlerResult res = (WSHandlerResult) result.get(i);
for (int j = 0; j < res.getResults().size(); j++)
{
WSSecurityEngineResult secRes = (WSSecurityEngineResult) res.getResults().get(j);
int action = secRes.getAction();
// USER TOKEN
if( (action & WSConstants.UT )>0 ){
WSUsernameTokenPrincipal principal = (WSUsernameTokenPrincipal) secRes
.getPrincipal();
// Set user property to user from UT to allow response encryption
context.setProperty(WSHandlerConstants.ENCRYPTION_USER,principal.getName());
System.out.print("User : " + principal.getName() + " password : "
+ principal.getPassword() + "/n");
}
// SIGNATURE
if( ( action & WSConstants.SIGN ) > 0 ){
X509Certificate cert = secRes.getCertificate();
X500Name principal = (X500Name) secRes.getPrincipal();
// Do something whith cert
System.out.print("Signature for : " + principal.getCommonName());
}
}
}
}
}Timestamps
Timestamps specify how long the security data remains valid.Client side configuration:
protected void configureOutProperties(Properties properties)
{
properties.setProperty(WSHandlerConstants.ACTION,WSHandlerConstants.TIMESTAMP);
// How long ( in seconds ) message is valid since send.
properties.setProperty(WSHandlerConstants.TTL_TIMESTAMP,"15");
// if you want to use millisecond precision use this
//properties.setProperty(WSHandlerConstants.TIMESTAMP_PRECISION,"true");
}The WSHandlerConstants.TTL_TIMESTAMP property specifies the number of seconds or milliseconds for which the message is considered valid .
The WSHandlerConstants.TIMESTAMP_PRECISION property determines the time unit for the time stamp ( seconds or miliseconds). If not specified, seconds are used.
Server side configuration:
<!-- ============= TimeStamp ============= --> <service> <name>BookServiceTS</name> <namespace>http://xfire.codehaus.org/BookService</namespace> <serviceClass>org.codehaus.xfire.demo.BookService</serviceClass> <inHandlers> <handler handlerClass="org.codehaus.xfire.util.dom.DOMInHandler" /> <bean class="org.codehaus.xfire.security.wss4j.WSS4JInHandler" xmlns=""> <property name="properties"> <props> <prop key="action">Timestamp</prop> </props> </property> </bean> </inHandlers> </service>
Encryption
Allows one to encrypt the message body ( or only its part ) usingthe given crypthography algorithm. For performance reasons, message
data is encrypted using a symmetric key and then the symmetic key is
encrypted with the receiver's public key.
Client side configuration:
protected void configureOutProperties(Properties properties)
{
properties.setProperty(WSHandlerConstants.ACTION, WSHandlerConstants.ENCRYPT);
properties.setProperty(WSHandlerConstants.USER, "serveralias");
//Configuration of public key used to encrypt message goes to properties file.
properties.setProperty(WSHandlerConstants.ENC_PROP_FILE,
"org/codehaus/xfire/client/outsecurity_enc.properties");
}WSHandlerConstants.ENC_PROP_FILE - contains path to file with details of encryption configuration.
WSHandlerConstants.ENC_SYM_ALGO - specify symmetric algorithm used to encrypt message data. Allowed values are : WSConstants.TRIPLE_DES,WSConstants.AES_128 ( default ), WSConstants.AES_256, and WSConstants.AES_192
The file can look like the following :
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=jks org.apache.ws.security.crypto.merlin.keystore.password=keystorePass org.apache.ws.security.crypto.merlin.alias.password=aliaspass org.apache.ws.security.crypto.merlin.keystore.alias=alias org.apache.ws.security.crypto.merlin.file=META-INF/xfire/myPublicstore.jks
org.apache.ws.security.crypto.provider - implementation class for security provider ( must be set to org.apache.ws.security.components.crypto.Merlin )
org.apache.ws.security.crypto.merlin.keystore.type - keystore type ( jks/pkcs12 )
org.apache.ws.security.crypto.merlin.keystore.password - keystore passphrase
org.apache.ws.security.crypto.merlin.keystore.alias - alias of key inside keystore
org.apache.ws.security.crypto.merlin.alias.password - password for private key inside keystore stored under given alias ( not used for encryption )
org.apache.ws.security.crypto.merlin.file - path to keystore
Server side configuration:
<!-- ============= Encryption ============= --> <service> <name>BookServiceENC</name> <namespace>http://xfire.codehaus.org/BookService</namespace> <serviceClass>org.codehaus.xfire.demo.BookService</serviceClass> <inHandlers> <handler handlerClass="org.codehaus.xfire.util.dom.DOMInHandler" /> <bean class="org.codehaus.xfire.security.wss4j.WSS4JInHandler" xmlns=""> <property name="properties"> <props> <prop key="action">Encrypt</prop> <prop key="decryptionPropFile">META-INF/xfire/insecurity_enc.properties</prop> <prop key="passwordCallbackClass">org.codehaus.xfire.demo.PasswordHandler</prop> </props> </property> </bean> </inHandlers> </service>
Signature
Allows one to send along with the message a digital signature of it,which assures that no one modified the message content between the
sender and receiver. This action creates a digest of the message and
encrypts it with sender private key. The receiver must have the
sender's public key to verify this signature.
Client side configuration:
protected void configureOutProperties(Properties properties)
{
properties.setProperty(WSHandlerConstants.ACTION,WSHandlerConstants.SIGNATURE);
// User in keystore
properties.setProperty(WSHandlerConstants.USER, "client-344-839");
// This callback is used to specify password for given user for keystore
properties.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS, org.codehaus.xfire.demo.PasswordHandler.class.getName());
// Configuration for accessing private key in keystore
properties.setProperty(WSHandlerConstants.SIG_PROP_FILE,"org/codehaus/xfire/client/outsecurity_sign.properties");
properties.setProperty(WSHandlerConstants.SIG_KEY_ID,"IssuerSerial");
}WSHandlerConstants.SIG_KEY_ID specify what key identifier should be used ( possible values are : "IssuerSerial" ( recommended ) and "DirectReference" ).
WSHandlerConstants.SIG_PROP_FILE contains path to file with details of signature configuration.
Configuration file can look like:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=jks org.apache.ws.security.crypto.merlin.keystore.password=keystorePass org.apache.ws.security.crypto.merlin.alias.password=aliaspass org.apache.ws.security.crypto.merlin.keystore.alias=alias org.apache.ws.security.crypto.merlin.file=META-INF/xfire/myPrivatestore.jks
Inserting a certicate in the signing message : http://ws.apache.org/wss4j/cert.html
Server side configuration:
<!-- ============= Signature ============= --> <service> <name>BookServiceSign</name> <namespace>http://xfire.codehaus.org/BookService</namespace> <serviceClass>org.codehaus.xfire.demo.BookService</serviceClass> <inHandlers> <handler handlerClass="org.codehaus.xfire.util.dom.DOMInHandler" /> <bean class="org.codehaus.xfire.security.wss4j.WSS4JInHandler" xmlns=""> <property name="properties"> <props> <prop key="action">Signature</prop> <prop key="signaturePropFile">META-INF/xfire/insecurity_sign.properties</prop> <prop key="passwordCallbackClass">org.codehaus.xfire.demo.PasswordHandler</prop> </props> </property> </bean> </inHandlers> </service>
The file insecurity_sign.properties:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=jks org.apache.ws.security.crypto.merlin.keystore.password=keystorePass org.apache.ws.security.crypto.merlin.keystore.alias=alias org.apache.ws.security.crypto.merlin.file=META-INF/xfire/myPublicstore.jks
Using WS-Security with JSR 181 Annotations
This blog entry shows how to configure WS-Security using JSR 181 Annotations and InHandlers.Using encrypted passwords in configuration files
XFire allows you to use encrypted passwords in WS-Security configuration files.To use this feature you must add following two lines:
org.apache.ws.security.crypto.provider=org.codehaus.xfire.security.wss4j.crypto.SecuredCrypto xfire.encrypter.class= <YOUR_CUSTOME_ENCRYPTED>
Custom Encrypter is a simple class (which extend AbstractDecrypter ) implementing any algorithm used to decrypt passwords.
org.apache.ws.security.crypto.provider=org.codehaus.xfire.security.wss4j.crypto.SecuredCrypto xfire.encrypter.class=org.codehaus.xfire.client.XORDecrypter org.apache.ws.security.crypto.merlin.keystore.type=jks #org.apache.ws.security.crypto.merlin.keystore.password=keystorePass org.apache.ws.security.crypto.merlin.keystore.password=PRI6OxgKIyoUIAQ+ #org.apache.ws.security.crypto.merlin.alias.password=client344Password org.apache.ws.security.crypto.merlin.alias.password=NRsqLQIRYntwERY+NyYXPCA= org.apache.ws.security.crypto.merlin.keystore.alias=client-344-839 org.apache.ws.security.crypto.merlin.file=org/codehaus/xfire/client/clientStore.jks
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- XFire中实现WS-Security时出现的异常及原因
- XFire中实现WS-Security时出现的异常及原因
- XFire中实现WS-Security
- Cxf+wss4j的WS-Security实现
- cxf+spring实现ws-security的数字证书验证方式的记录(包括生成证书步骤)
- Java 与 .NET 的基于 WS-Security的Web Services集成实现(上)
- 浅谈spingmvc 整合CXF +ws-security 实现webservice安全验证
- 在JAVA中通过WSS4J实现WS-Security
- WebService -- 在AXIS下实现WS-Security
- Java 与 .NET 的基于 WS-Security的Web Services集成实现(下)
- wss4j和axis2实现WS-Security
- 基于SOAP的Web安全调用机制-----Axis2+Rampart(WSS4J)实现UsernameToken认证方式的WS-Security【未试验】
- 浅谈spingmvc 整合CXF +ws-security 实现webservice安全验证
- CXF使用WSS4J实现WS-Security规范之使用用户名令牌
- XFire 与 JAX-WS的区别 GlassFish是Java EE 5的开源实现其中包括JAX-WS
- wss4j和axis2实现WS-Security
- Cxf+wss4j的WS-Security实现【未验证】
- wss4j和axis2实现WS-Security
- 实现 WS-Security(两个WEB服务在因特网上通信时不应该被第三方看到)
- Axis2+Rampart(WSS4J)实现UsernameToken认证方式的WS-Security(基于SOAP的Web安全调用机制)