webservice安全之cxf用wss4j加密

wss4j是在ws-security规范基础上对axis的安全应用。同样也可用于CXF上，本章讲在cxf上的使用，之后会讲解在axis上应用。

首先要生成公钥和密钥我在可以放在bat文件中放在项目中，此方式是自动生成的。

在项目中建立key文件夹，之后放入key.bat和serverKey.bat两个bat文件

key.bat内容如下：

rem @echooff
echo alias%1
echo keypass%2
echo keystoreName%3
echo KeyStorePass%4
echo keyName%5
echo keyName%5
keytool -genkey -alias %1 -keypass %2 -keystore %3 -storepass %4 -dname "cn=%1" -keyalg RSA
keytool -selfcert -alias %1 -keystore %3 -storepass %4 -keypass %2
keytool -export -alias %1 -file %5 -keystore %3 -storepass %4

serverKey.bat内容如下:注意一定将项目的工程空间加上

call workspace/cxfSecurity/key/key.bat serverAlias aliaspass workspace/cxfSecurity/key/serverStore.jks keystorePass workspace/cxfSecurity/key/serverKey.rsa
call workspace/cxfSecurity/key/keybat client-344-839　client344Password workspace/cxfSecurity/key/clientStore.jks keystorePass workspace/cxfSecurity/key/clientKey.rsa
keytool -import -alias serverAlias -file workspace/cxfSecurity/key/serverKey.rsa -keystore workspace/cxfSecurity/key/clientStore.jks -storepass keystorePass -noprompt
keytool -import -alias client-344-839 -file workspace/cxfSecurity/key/clientKey.rsa -keystore workspace/cxfSecurity/key/serverStore.jks -storepass keystorePass -noprompt

之后生成的clientStore.jks和serverStore.jks文件考到src目录下

建立两个outsecurity_sign.properties和server_insecurity_sign.propertues文件放在client的目录下和src目录下

内容如下：

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=keystorePass
org.apache.ws.security.crypto.merlin.alias.password=client344Password
org.apache.ws.security.crypto.merlin.keystore.alias=client-344-839
org.apache.ws.security.crypto.merlin.file=clientStore.jks

另一个

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=keystorePass
#org.apache.ws.security.crypto.merlin.alias.password=aliaspass
org.apache.ws.security.crypto.merlin.keystore.alias=serveralias
org.apache.ws.security.crypto.merlin.file=serverStore.jks

配置clientApplicationContext.xml文件

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"? xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws" xsi:schemaLocation="http://www.springframework.org/schema/beans?http://www.springframework.org/schema/beans/spring-beans.xsd??? ??http://cxf.apache.org/jaxws??? ??http://cxf.apache.org/schemas/jaxws.xsd">
?<bean id="client" factory-bean="clientFactory" factory-method="create"/>
?<bean id="clientFactory" value="jp.co.apm.service.TestService">
??</property>
??<property name="address" value="http://localhost:8088/services/test">
??</property>
??<property name="outInterceptors">
???<list>
????<bean value="Signature"/>
????<entry key="user" value="client-344-839"/>
????<entry key="passwordType" value="PasswordDigest"/>
????<entry key="signatureKeyIdentifier" value="IssuerSerial"/>
????<entry key="signaturePropFile" value="client/outsecurity_sign.properties"/>
????<entry>
?????<key>
??????<value>passwordCallbackRef</value>
?????</key>
?????<ref bean="passwordCallback"/>
????</entry>
???</map>
??</property>
?</bean>
?<bean id="passwordCallback" encoding="UTF-8"?>
<beans? xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws"? xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd? http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">

??<import resource="classpath:META-INF/cxf/cxf.xml"/>
??<import resource="classpath:META-INF/cxf/cxf-extension-soap.xml"/>
??<import resource="classpath:META-INF/cxf/cxf-servlet.xml"/>
??<jaxws:endpoint id="testservice" implementor="jp.co.apm.service.impl.TestServiceImpl" address="/test">
???<jaxws:features>
　　　　???<bean value="Signature"/>
?????<!--　
??　　　　　　　　<entrykey="user"value="client-344-839"/>
??　　　　　　　　<entrykey="passwordType"value="PasswordDigest"/>
??　　　　　　 -->
?????<entry key="signaturePropFile" value="server_insecurity_sign.properties"/>
?????<entry>
??????<key><value>passwordCallbackRef</value></key>
??????<ref bean="passwordCallback"/>
?????</entry>
????</map>
???</property>
??</bean>
??<bean id="passwordCallback" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
?<display-name>APM</display-name>
?<description>APM</description>
?<context-param>
??<param-name>contextConfigLocation</param-name>
??<param-value>WEB-INF/cxf-servlet.xml</param-value>
?</context-param>
?<listener>
??<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
?</listener>
?<servlet>
?<servlet-name>APM</servlet-name>
??<servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class>
??<load-on-startup>2</load-on-startup>
?</servlet>
?<servlet-mapping>
?<servlet-name>APM</servlet-name>
??<url-pattern>/services/*</url-pattern>
?</servlet-mapping>
?<session-config>
??<session-timeout>60</session-timeout>
?</session-config>
</web-app>

测试类如下

package client;

import javax.xml.ws.WebServiceException;

import jp.co.apm.service.TestService;

import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;

public class TestServiceClient {
?public static void main(String[] args) {
??ApplicationContext context = new ClassPathXmlApplicationContext(
????new String[] { "jp/co/apm/client/clientApplicationContext.xml" });
??TestService service = (TestService) context.getBean("client");
??try {
???System.out.println(service.sayHello());
??} catch (WebServiceException e) {
???e.printStackTrace();
??}
?}
}
这就完成了，最好跟着做一下，如果要源代码，可以留言

！
zdy_zyl1988@163.com 3 楼 lan175224490 2012-01-03 楼主，源代码也发一份，谢谢。
175224490@qq.com 4 楼 clean1981 2012-09-11 好东东，能给我一份吗？18170832@qq.com 5 楼 wangwang0925 昨天 好东西，给我也发一份嘛
623713375@qq.com 6 楼 wanghuanqiu 昨天 wangwang0925 写道好东西，给我也发一份嘛
623713375@qq.com

我加你吧