CXF 入门:创建一个基于WS-Security标准的安全验证(CXF回调函数使用,)
注意:以下客户端调用代码中获取服务端ws实例,都是通过CXF 入门: 远程接口调用方式实现
?
直入正题!以下是服务端配置
========================================================
一,web.xml配置,具体不在详述<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"><web-app><context-param><param-name>contextConfigLocation</param-name><!--ws-context.xml(必须)是cxf配置文件, wssec.xml可选,作用可以打印出加密信息类容 --><param-value>WEB-INF/ws-context.xml,WEB-INF/wssec.xml</param-value></context-param><listener><listener-class>org.springframework.web.context.ContextLoaderListener</listener-class></listener><servlet><servlet-name>CXFServlet</servlet-name><display-name>CXF Servlet</display-name><servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class><load-on-startup>0</load-on-startup></servlet><servlet-mapping><servlet-name>CXFServlet</servlet-name><url-pattern>/services/*</url-pattern></servlet-mapping></web-app>?二,ws具体代码
简单的接口
?
import javax.jws.WebService;@WebService()public interface WebServiceSample {String say(String name);}?
?
接口具体实现类?
public class WebServiceSampleImpl implements WebServiceSample {public String say(String name) {return "你好," + name;}}??
?
三,ws回调函数,必须实现javax.security.auth.callback.CallbackHandler从cxf2.4.x后校验又cxf内部实现校验,所以不必自己校验password是否相同,但客户端必须设置,详情请参考:http://cxf.apache.org/docs/24-migration-guide.html的Runtime ?Changes片段
?
回调函数WsAuthHandler代码,校验客户端请求是否合法,合法就放行,否则拒绝执行任何操作
?
import java.io.IOException;import javax.security.auth.callback.Callback;import javax.security.auth.callback.CallbackHandler;import javax.security.auth.callback.UnsupportedCallbackException;import org.apache.cxf.interceptor.Fault;import org.apache.ws.security.WSPasswordCallback;import org.apache.xmlbeans.impl.soap.SOAPException;public class WsAuthHandler implements CallbackHandler {public void handle(Callback[] callbacks) throws IOException,UnsupportedCallbackException {for (int i = 0; i < callbacks.length; i++) {WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];String identifier = pc.getIdentifier();int usage = pc.getUsage();if (usage == WSPasswordCallback.USERNAME_TOKEN) {// 密钥方式USERNAME_TOKEN// username token pwd...// ▲这里的值必须和客户端设的值相同,从cxf2.4.x后校验方式改为cxf内部实现校验,不必自己比较password是否相同// 请参考:http://cxf.apache.org/docs/24-migration-guide.html的Runtime// Changes片段pc.setPassword("testPassword");// ▲【这里非常重要】▲// ▲PS 如果和客户端不同将抛出org.apache.ws.security.WSSecurityException:// The// security token could not be authenticated or// authorized异常,服务端会认为客户端为非法调用} else if (usage == WSPasswordCallback.SIGNATURE) {// 密钥方式SIGNATURE// set the password for client's keystore.keyPassword// ▲这里的值必须和客户端设的值相同,从cxf2.4.x后校验方式改为cxf内部实现校验,不必自己比较password是否相同;// 请参考:http://cxf.apache.org/docs/24-migration-guide.html的Runtime// Changes片段pc.setPassword("testPassword");// //▲【这里非常重要】▲// ▲PS:如果和客户端不同将抛出org.apache.ws.security.WSSecurityException:The// security token could not be authenticated or// authorized异常,服务端会认为客户端为非法调用}//不用做其他操作}}}??
四,CXF配置ws-context.xml:?
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws"xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsdhttp://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd"><import resource="classpath:META-INF/cxf/cxf.xml" /><import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" /><import resource="classpath:META-INF/cxf/cxf-servlet.xml" /><!-- 以上未基本配置,必须,位置在cxf jar中 --><jaxws:endpoint id="webServiceSample" address="/WebServiceSample"implementor="com.service.impl.WebServiceSampleImpl"><!--inInterceptors表示被外部调用时,调用此拦截器 --><jaxws:inInterceptors><bean /><bean value="UsernameToken" /><!-- 设置密码类型为明文 --><entry key="passwordType" value="PasswordText" /><!--<entry key="action" value="UsernameToken Timestamp" /> 设置密码类型为加密<entry key="passwordType" value="PasswordDigest" /> --><entry key="passwordCallbackClass" value="com.service.handler.WsAuthHandler" /></map></constructor-arg></bean></jaxws:inInterceptors></jaxws:endpoint></beans>
?
?
CXF配置wssec.xml(可选),用于配置输出校验的具体信息?
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:cxf="http://cxf.apache.org/core"xmlns:wsa="http://cxf.apache.org/ws/addressing" xmlns:http="http://cxf.apache.org/transports/http/configuration"xmlns:wsrm-policy="http://schemas.xmlsoap.org/ws/2005/02/rm/policy"xmlns:wsrm-mgr="http://cxf.apache.org/ws/rm/manager"xsi:schemaLocation=" http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://schemas.xmlsoap.org/ws/2005/02/rm/policy http://schemas.xmlsoap.org/ws/2005/02/rm/wsrm-policy.xsd http://cxf.apache.org/ws/rm/manager http://cxf.apache.org/schemas/configuration/wsrm-manager.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd"><cxf:bus><cxf:features><cxf:logging /><wsa:addressing /></cxf:features></cxf:bus></beans>
?
服务端代码及配置到此结束!!!
?
=========================================================
=========================================================
以下是客户端配置,主要是回调函数,在客户端调用服务端前被调用,负责安全信息的设置----------------------------------------------------
?
?
一,先实现回调函数WsClinetAuthHandler,同样必须实现javax.security.auth.callback.CallbackHandlerimport java.io.IOException;import javax.security.auth.callback.Callback;import javax.security.auth.callback.CallbackHandler;import javax.security.auth.callback.UnsupportedCallbackException;import org.apache.ws.security.WSPasswordCallback;public class WsClinetAuthHandler implements CallbackHandler {public void handle(Callback[] callbacks) throws IOException,UnsupportedCallbackException {for (int i = 0; i < callbacks.length; i++) {WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];System.out.println("identifier: " + pc.getIdentifier());// 这里必须设置密码,否则会抛出:java.lang.IllegalArgumentException: pwd == null// but a password is neededpc.setPassword("testPassword");// ▲【这里必须设置密码】▲}}}?二,客户端调用代码:?
import java.util.ArrayList;import java.util.HashMap;import java.util.Map;import org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor;import org.apache.cxf.jaxws.JaxWsProxyFactoryBean;import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;import org.apache.ws.security.WSConstants;import org.apache.ws.security.handler.WSHandlerConstants;import test.saa.client.WebServiceSample;import test.saa.handler.WsClinetAuthHandler;public class TestClient {public static void main(String[] args) {// 以下和服务端配置类似,不对,应该说服务端和这里的安全验证配置一致Map<String, Object> outProps = new HashMap<String, Object>();outProps.put(WSHandlerConstants.ACTION,WSHandlerConstants.USERNAME_TOKEN);outProps.put(WSHandlerConstants.USER, "admin");outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);// 指定在调用远程ws之前触发的回调函数WsClinetAuthHandler,其实类似于一个拦截器outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,WsClinetAuthHandler.class.getName());ArrayList list = new ArrayList();// 添加cxf安全验证拦截器,必须list.add(new SAAJOutInterceptor());list.add(new WSS4JOutInterceptor(outProps));JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();// WebServiceSample服务端接口实现类,这里并不是直接把服务端的类copy过来,具体请参考http://learning.iteye.com/blog/1333223factory.setServiceClass(WebServiceSample.class);// 设置ws访问地址factory.setAddress("http://localhost:8080/cxf-wssec/services/WebServiceSample"); //注入拦截器,用于加密安全验证信息factory.getOutInterceptors().addAll(list);WebServiceSample service = (WebServiceSample) factory.create();String response = service.say("2012");System.out.println(response);}}?客户端到此结束!!!!
========================================================================
#######################################################################
?
PS:客户端的另一种调用方式,主要通过配置文件,不过需要spring bean的配置文件(第一种就不用牵扯到spring的配置,比较通用吧!)?
一,回调函数WsClinetAuthHandler不变,和上面一样二,client-beans.xml安全验证配置文件,具体信息看注释,如下:
?
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws"xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsdhttp://cxf.apache.org/jaxws http://cxf.apache.org/schema/jaxws.xsd"><!--这里无非是通过配置来替代JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean()创建代理并实例化一个ws--><bean id="client" factory-method="create" /><!-- 通过代理创建ws实例 --><bean id="clientFactory" value="test.saa.client.WebServiceSample" /><!-- ws地址,也可以是完整的wsdl地址 --><property name="address"value="http://localhost:8080/cxf-wssec/services/WebServiceSample" /><!--outInterceptors表示调用外部指定ws时,调用此拦截器 --><property name="outInterceptors"><list><bean /><ref bean="wss4jOutConfiguration" /></list></property></bean><bean id="wss4jOutConfiguration" value="UsernameToken" /><entry key="user" value="admin" /><!-- 设置密码为明文 ,服务端需要和这里的设置保持一致--><entry key="passwordType" value="PasswordText" /><!-- <entry key="action" value="UsernameToken Timestamp" /> <entry key="user" value="adminTest" /> 设置密码类型为加密方式,服务端需要和这里的设置保持一致<entry key="passwordType" value="PasswordDigest" /> --><entry key="passwordCallbackRef"><ref bean="passwordCallback" /></entry></map></property></bean><bean id="passwordCallback" /></beans>?
三,具体调用服务端代码:
?
import org.springframework.context.ApplicationContext;import org.springframework.context.support.ClassPathXmlApplicationContext;import test.saa.client.WebServiceSample;public final class Client {public static void main(String args[]) throws Exception {//加载配置ApplicationContext context = new ClassPathXmlApplicationContext(new String[] { "test/saa/client-beans.xml" }); //获取ws实例WebServiceSample client = (WebServiceSample) context.getBean("client");String response = client.say("2012");System.out.println("Response: " + response);}}?到此客户端第二种实现方式结束
GOOD LUCKY!!!
如有不明,请指教!!!