ws+xfire实现安全的web服务请求
配置信息初始化和文件环境的准备

public class RepositoryDataInitImpl implements RepositoryDataInit {public List initData(ServletContextEvent sce){RepositoryData repositoryData=new RepositoryDataImpl();List list=(List)repositoryData.getRepositoryData();List repositoryList=new ArrayList();for(int i=0;i<=list.size()-1;i++){RepositoryModel repositoryModel=new  RepositoryModel();Object[] o =(Object[])list.get(i);EBizOrg eBizOrg=(EBizOrg)o[0];EBizOrgService eBizOrgService=(EBizOrgService)o[1];repositoryModel.setOrgId(eBizOrg.getOrgId());repositoryModel.setPassWord(eBizOrg.getUserPwd());repositoryModel.setSecurityInfo(eBizOrg.getSecurityInfo());repositoryModel.setUrl(eBizOrg.getServeAddress()+eBizOrgService.getServiceInterface());repositoryModel.setUserName(eBizOrg.getAccessUser());repositoryModel.setServiceName(eBizOrgService.getId().getServiceName());repositoryModel.setServiceInterface(eBizOrgService.getServiceInterface());repositoryModel.setServiceClass(eBizOrgService.getServiceClass());repositoryModel.setKeyFile(eBizOrg.getKeyFile());repositoryModel.setJksPwd(eBizOrg.getJksPwd());repositoryList.add(repositoryModel);createProperties(repositoryModel,sce);//.properties文件产生(转移，导入？)createKeyFile(repositoryModel, sce);//.jks文件产生(转移，导入？)}return repositoryList;}public void createKeyFile(RepositoryModel repositoryModel,ServletContextEvent sce){String path=sce.getServletContext().getRealPath("/")+"WEB-INF\\classes\\com\\key\\xfire\\"; OutputStream out = null; InputStream fin=null; try { out = new FileOutputStream(path+repositoryModel.getOrgId().trim()+".jks");     fin = repositoryModel.getKeyFile().getBinaryStream();         System.out.println(repositoryModel.getOrgId().trim()+".jks" +":"+ fin.available());     int firstChar = fin.read();     int length = fin.available();                  //将其转换成二进制数据     byte[] data = new byte[length+1];     data[0] = (byte)firstChar;    int len=0;     while (( len= fin.read(data,1,length+1)) != -1)      {       out.write(data, 0, len+1);     }     fin.close();     out.flush();     out.close();} catch (FileNotFoundException e) {// TODO Auto-generated catch blocke.printStackTrace();} catch (SQLException e) {// TODO Auto-generated catch blocke.printStackTrace();} catch (IOException e) {// TODO Auto-generated catch blocke.printStackTrace();}}public void createProperties(RepositoryModel repositoryModel,ServletContextEvent sce){String path=sce.getServletContext().getRealPath("/")+"WEB-INF\\classes\\"+repositoryModel.getSecurityInfo();path=path.replaceAll("/", "\\\\");Properties prop=new Properties();        try{        File f=new File(path);        f.createNewFile();         FileInputStream in=new FileInputStream(path);         prop.load(in);         in.close();         prop.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");         prop.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");         prop.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", repositoryModel.getJksPwd().trim());         prop.setProperty("org.apache.ws.security.crypto.merlin.file", "com/key/xfire/"+repositoryModel.getOrgId().trim()+".jks");        try {         prop.store(new FileOutputStream(path), null);         } catch (IOException e) {}         }        catch(Exception e)        {             System.out.print(e.getMessage());        }}public Map initAccount(List list){Map<String, String> passwords= new HashMap<String, String>();for(int i=0;i<list.size();i++){RepositoryModel repositoryModel =(RepositoryModel)list.get(i);passwords.put(repositoryModel.getUserName().trim(), repositoryModel.getPassWord().trim());}return passwords;}public List setRepository(String key,ServletContextEvent sce){String[] temp=key.split("-");RepositoryData repositoryData=new RepositoryDataImpl();List list=(List)repositoryData.getNewRepositoryData(temp[0],temp[1]);List repositoryList=new ArrayList();for(int i=0;i<=list.size()-1;i++){RepositoryModel repositoryModel=new  RepositoryModel();Object[] o =(Object[])list.get(i);EBizOrg eBizOrg=(EBizOrg)o[0];EBizOrgService eBizOrgService=(EBizOrgService)o[1];repositoryModel.setOrgId(eBizOrg.getOrgId());repositoryModel.setPassWord(eBizOrg.getUserPwd());repositoryModel.setSecurityInfo(eBizOrg.getSecurityInfo());repositoryModel.setUrl(eBizOrg.getServeAddress()+eBizOrgService.getServiceInterface());repositoryModel.setUserName(eBizOrg.getAccessUser());repositoryModel.setServiceName(eBizOrgService.getId().getServiceName());repositoryModel.setServiceInterface(eBizOrgService.getServiceInterface());repositoryModel.setServiceClass(eBizOrgService.getServiceClass());repositoryModel.setKeyFile(eBizOrg.getKeyFile());repositoryModel.setJksPwd(eBizOrg.getJksPwd());repositoryList.add(repositoryModel);createProperties(repositoryModel,sce);createKeyFile(repositoryModel, sce);}return repositoryList;}public Map setAccount(List list){Map<String, String> passwords= new HashMap<String, String>();for(int i=0;i<list.size();i++){RepositoryModel repositoryModel =(RepositoryModel)list.get(i);passwords.put(repositoryModel.getUserName().trim(), repositoryModel.getPassWord().trim());}return passwords;}}

public class ObjectRepositoryImpl implements ObjectRepository{private static Map<String, Object> serviceContainer    = new HashMap<String, Object>();private static Map<String, String> passwords=new HashMap<String, String>();public List data;private static ServletContextEvent sce;public static Map<String, Object> getServiceContainer() {return serviceContainer;}public static void setServiceContainer(Map<String, Object> serviceContainer) {ObjectRepositoryImpl.serviceContainer = serviceContainer;}public List getData() {return data;}public void setData(List data) {this.data = data;}@SuppressWarnings("unchecked")public void init(ServletContextEvent sce){if (!ObjectRepositoryImpl.serviceContainer.isEmpty()){ObjectRepositoryImpl.serviceContainer.clear();}if (!ObjectRepositoryImpl.passwords.isEmpty()){ObjectRepositoryImpl.passwords.clear();}data=new ArrayList();RepositoryDataInit repositoryDataInit=new RepositoryDataInitImpl();data= repositoryDataInit.initData(sce);this.passwords=repositoryDataInit.initAccount(data);//data包括了.jks里面的storepassthis.sce=sce;}public void repository(){for (int i=0;i<data.size();i++){RepositoryModel repositoryModel=(RepositoryModel)data.get(i);createRepository(repositoryModel);}}public void createRepository(RepositoryModel repositoryModel) {try {String url=repositoryModel.getUrl();String userName=repositoryModel.getUserName();String path=repositoryModel.getSecurityInfo();String orgId=repositoryModel.getOrgId();String serviceName=repositoryModel.getServiceName();String serviceClass=repositoryModel.getServiceClass();//String serviceName="com.saleTicket.service.SaleTicketService";//产生对象引用Service srvcModel=null;XFireProxyFactory factory = new XFireProxyFactory(XFireFactory.newInstance().getXFire());Class cls = null;try {cls = Class.forName(serviceClass);} catch (ClassNotFoundException e) {// TODO Auto-generated catch blocke.printStackTrace();}srvcModel = new ObjectServiceFactory().create(cls);Object o=(Object)factory.create(srvcModel,url);Client client =null;client = ((XFireProxy)Proxy.getInvocationHandler(o)).getClient();regSecurity(client,userName,path);serviceContainer.put(orgId+"-"+serviceName,o);}catch (MalformedURLException e) {e.printStackTrace();}}public void regSecurity(Client client,String userName,String path){client.addOutHandler(new DOMOutHandler());Properties properties =new Properties();properties.setProperty(WSHandlerConstants.ACTION,WSHandlerConstants.SIGNATURE);    properties.setProperty(WSHandlerConstants.USER, userName);    properties.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS,PasswordHandler.class.getName());    properties.setProperty(WSHandlerConstants.SIG_PROP_FILE,path);    properties.setProperty(WSHandlerConstants.SIG_KEY_ID,"IssuerSerial");    client.addOutHandler(new WSS4JOutHandler(properties));        long timeout = 2000;HttpClientParams params = new HttpClientParams(); // 避免'Expect: 100-continue' handshake params.setParameter(HttpClientParams.USE_EXPECT_CONTINUE,Boolean.FALSE); //设置ws连接超时时间 params.setParameter(HttpClientParams.CONNECTION_MANAGER_TIMEOUT, timeout); //client.setTimeout(5000);client.setProperty(CommonsHttpMessageSender.HTTP_CLIENT_PARAMS,params); } public Object getService(String serviceId,boolean flag) { String key = serviceId; Object obj =serviceContainer.get(key); if (obj==null) { RepositoryDataInit repositoryDataInit=new RepositoryDataInitImpl(); List list= repositoryDataInit.setRepository(key,sce); for(int i=0 ;i<list.size();i++) { RepositoryModel repositoryModel=(RepositoryModel)list.get(i); createRepository( repositoryModel); } passwords.putAll(repositoryDataInit.initAccount(list)); obj =serviceContainer.get(key); }        return obj; } public static void setPasswords(Map<String, String> passwords) {ObjectRepositoryImpl.passwords = passwords;}public static Map<String, String> getPasswords() {return passwords;}}

public SaleTicketService getServiceHandle(String ycNo){ObjectRepositoryImpl objectRepositoryImpl=new ObjectRepositoryImpl();Object o=objectRepositoryImpl.getService(ycNo,true);SaleTicketService srvc=(SaleTicketService)o;return srvc;}