CXF使用WSS4J实现WS-Security规范之使用用户名令牌
2012-10-21 23:07
393 查看
CXF使用WSS4J实现WS-Security规范之使用用户名令牌
这个示例是一个简单的UsernameToken,它仅仅包装明文用户名和密码.pom.xml:
www.ishang123.com 复制内容到剪贴板折叠XML/HTML 代码
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>test.cxf</groupId>
<artifactId>java_first_spring_support1</artifactId>
<packaging>war</packaging>
<name>java_first_spring_support1</name>
<version>0.0.1-SNAPSHOT</version>
<description>CXF使用WSS4J实现WS-Security规范之使用用户名令牌</description>
<properties>
<cxf.version>2.2.5</cxf.version>
</properties>
<build>
<finalName>java_first_spring_support1</finalName>
<plugins>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>1.6</source>
<target>1.6</target>
<encoding>UTF-8</encoding>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-resources-plugin</artifactId>
<configuration>
<encoding>UTF-8</encoding>
</configuration>
</plugin>
</plugins>
</build>
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring</artifactId>
<version>2.5.6</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-jaxws</artifactId>
<version>${cxf.version}</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-transports-http</artifactId>
<version>${cxf.version}</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-ws-security</artifactId>
<version>${cxf.version}</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.8.1</version>
<scope>test</scope>
</dependency>
</dependencies>
</project>
服务接口:
www.ishang123.com 复制内容到剪贴板折叠Java 代码
package cxf.server;
import javax.jws.WebService;
@WebService
public interface HelloWorld {
String sayHi(String name);
}
接口实现:
www.ishang123.com 复制内容到剪贴板折叠Java 代码
package cxf.server;
import javax.jws.WebService;
@WebService(endpointInterface="cxf.server.HelloWorld")
public class HelloWorldImpl implements HelloWorld {
@Override
public String sayHi(String name) {
System.out.println("server: say->" + name);
return "say-->" + name;
}
}
服务端的spring配置:
www.ishang123.com 复制内容到剪贴板折叠XML/HTML 代码
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">
<import resource="classpath:META-INF/cxf/cxf.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
<import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
<bean id="serverPasswordCallback" class="cxf.server.ServerPasswordCallback" />
<jaxws:endpoint id="helloworld" implementor="cxf.server.HelloWorldImpl"
address="/helloworld">
<jaxws:inInterceptors>
<bean class="org.apache.cxf.interceptor.LoggingInInterceptor" />
<!-- SAAJInInterceptor只在CXF是2.0.X版本时或之前版本时才是必须的 -->
<!-- <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"/> -->
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
<map>
<entry key="action" value="UsernameToken" />
<entry key="passwordType" value="PasswordText" />
<entry key="user" value="FHDServer" />
<entry key="passwordCallbackRef">
<ref bean="serverPasswordCallback" />
</entry>
</map>
</constructor-arg>
</bean>
</jaxws:inInterceptors>
</jaxws:endpoint>
<!--
action: UsernameToken 指使用用户名令牌
passwordType: PasswordText 指密码加密策略,这里直接文本
user: FHDServer 指别名
passwordCallBackRef: serverPasswordCallback 指消息验证
-->
</beans>
服务端的验证:
www.ishang123.com 复制内容到剪贴板折叠Java 代码
package cxf.server;
import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.ws.security.WSPasswordCallback;
public class ServerPasswordCallback implements CallbackHandler {
@Override
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
String identifier = pc.getIdentifier();
String password = pc.getPassword();
if ("admin".equals(identifier) && "888888".equals(password)) {
System.out.println("验证通过!");
System.out.println("identifier = " + identifier);
System.out.println("password = " + password);
} else {
throw new SecurityException("验证失败");
}
}
}
客户端的spring配置:
www.ishang123.com 复制内容到剪贴板折叠XML/HTML 代码
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">
<bean id="clientPasswordCallback" class="cxf.client.ClientPasswordCallback"/>
<jaxws:client id="client"
address="http://localhost:8080/java_first_spring_support1/service/helloworld"
serviceClass="cxf.server.HelloWorld">
<jaxws:outInterceptors>
<bean class="org.apache.cxf.interceptor.LoggingOutInterceptor" />
<!-- SAAJInInterceptor只在CXF是2.0.X版本时或之前版本时才是必须的 -->
<!-- <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"/> -->
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<constructor-arg>
<map>
<entry key="action" value="UsernameToken" />
<entry key="passwordType" value="PasswordText" />
<entry key="user" value="FHDClient" />
<entry key="passwordCallbackRef">
<ref bean="clientPasswordCallback" />
</entry>
</map>
</constructor-arg>
</bean>
</jaxws:outInterceptors>
</jaxws:client>
</beans>
客户端的验证:
www.ishang123.com 复制内容到剪贴板折叠Java 代码
package cxf.client;
import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.ws.security.WSPasswordCallback;
public class ClientPasswordCallback implements CallbackHandler {
@Override
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
pc.setPassword("888888");
pc.setIdentifier("admin");
}
}
客户端调用代码:
www.ishang123.com 复制内容到剪贴板折叠XML/HTML 代码
package cxf.client;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import cxf.server.HelloWorld;
public final class Client {
public static void main(String args[]) throws Exception {
ClassPathXmlApplicationContext context = new ClassPathXmlApplicationContext(new String[] {"client-beans.xml"});
HelloWorld client = (HelloWorld)context.getBean("client");
String str = client.sayHi("fuhaidong");
System.out.println("client: " + str);
}
}
web.xml:
www.ishang123.com 复制内容到剪贴板折叠XML/HTML 代码
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>java_first_spring_support1</display-name>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:beans.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>CXFServlet</servlet-name>
<servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>CXFServlet</servlet-name>
<url-pattern>/service/*</url-pattern>
</servlet-mapping>
</web-app>
转自:http://www.ishang123.com/jishubowen/java/2012-08-22/161.html
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- CXF使用WSS4J实现WS-Security规范之使用用户名令牌
- 使用gSOAP开发实例(8) -- 自定义header实现用户名令牌认证(Usernametoken Authentication)
- 使用gSOAP开发实例(8) Phase 1 完结篇 自定义header实现用户名令牌认证(Usernametoken Authentication)
- JAX_WS 2.2 规范的webservices客户端实现(Axis2,Cxf)
- 基于SOAP的Web安全调用机制-----Axis2+Rampart(WSS4J)实现UsernameToken认证方式的WS-Security【未试验】
- 在JAVA中通过WSS4J实现WS-Security
- cxf+spring实现ws-security的数字证书验证方式的记录(包括生成证书步骤)
- CXF 入门:创建一个基于WS-Security标准的安全验证(CXF回调函数使用)(转)
- 使用gSOAP开发实例(8) Phase 1 完结篇 自定义header实现用户名令牌认证(Usernametoken Authentication)
- 浅谈spingmvc 整合CXF +ws-security 实现webservice安全验证
- 浅谈spingmvc 整合CXF +ws-security 实现webservice安全验证
- wss4j和axis2实现WS-Security
- wss4j和axis2实现WS-Security
- wss4j和axis2实现WS-Security
- CXF全接触(一) --- WS-Security的实现
- CXF 入门:创建一个基于WS-Security标准的安全验证(CXF回调函数使用,)
- CXF系列之JAX-WS规范的java实现方式
- 使用策略集构建符合 WS-security 安全规范的 JAX-WS Web Service 客户端
- Axis2+Rampart(WSS4J)实现UsernameToken认证方式的WS-Security(基于SOAP的Web安全调用机制)
- 服务使用CXF框架客户端使用Axis2框架的webservice实现方案