Spring+XFire+WSS4J的基本配置

34.??????? <property name="serviceFactory" ref="xfire.serviceFactory"/>??
35.??????? <property name="xfire" ref="xfire"/>??
36.??? </bean>??
37.??
38.??? <bean ref="xfire.serviceFactory"/>??
52.??????? <property name="xfire" ref="xfire"/>??
53.??????? <property name="serviceBean" ref="bookManager"/>??
54.??????? <property name="serviceClass" value="org.springside.bookstore.plugins.xfire.service.BookService"/>??
55.??? </bean>??
56.??
57.??? <!--? (3)BookWebService 使用 WSS4J验证-->??
58.??? <bean id="bookServiceWSS4J" ref="bookManager"/>??
60.??????? <property name="serviceClass" value="org.springside.bookstore.plugins.xfire.service.BookServiceWSS4J"/>??
61.??????? <property name="inHandlers">??
62.??????????? <list>??
63.??????????????? <ref bean="domInHandler"/>??
64.??????????????? <ref bean="wss4jInHandler"/>??
65.??????????????? <ref bean="validateUserTokenHandler"/>??
66.??????????? </list>??
67.??????? </property>??
68.??? </bean>??
69.??
70.??? <bean id="domInHandler" ref="bookManager"/>??
86.??????? <property name="serviceClass" value="org.springside.bookstore.plugins.xfire.service.BookServiceWSS4JEnc"/>??
87.??????? <property name="inHandlers">??
88.??????????? <list>??
89.??????????????? <ref bean="domInHandler"/>??
90.??????????????? <ref bean="wss4jInHandlerEnc"/>??
91.??????????????? <ref bean="validateUserTokenHandler"/>??
92.??????????? </list>??
93.??????? </property>??
94.??? </bean>??
95.??????????
96.??? <bean id="wss4jInHandlerEnc" ref="bookManager"/>??
109.??????? <property name="serviceClass" value="org.springside.bookstore.plugins.xfire.service.BookServiceWSS4JSign"/>??
110.??????? <property name="inHandlers">??
111.??????????? <list>??
112.??????????????? <ref bean="domInHandler"/>??
113.??????????????? <ref bean="wss4jInHandlerSign"/>??
114.??????????????? <ref bean="validateUserTokenHandler"/>??
115.??????????? </list>??
116.??????? </property>??
117.??? </bean>??
118.??????
119.??? <bean id="wss4jInHandlerSign" class="org.codehaus.xfire.security.wss4j.WSS4JInHandler">??
120.??????? <property name="properties">??
121.????????? <props>??
122.??????????? <prop key="action">Signature</prop>??
123.??????????? <prop key="signaturePropFile">org/springside/bookstore/plugins/xfire/wss4j/insecurity_sign.properties</prop>??
124.??????????? <prop key="passwordCallbackClass">org.springside.bookstore.plugins.xfire.wss4j.PasswordHandler</prop>??
125.????????? </props>??
126.??????? </property>??
127.??? </bean>??
128.??????
129.</beans>??
130.??
131.第四，配置insecurity_enc.properties和insecurity_sign.properties两个密钥库配置文件??
132.insecurity_enc.properties：??
133.org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin??
134.org.apache.ws.security.crypto.merlin.keystore.type=jks??
135.org.apache.ws.security.crypto.merlin.keystore.password=SpringSide??
136.org.apache.ws.security.crypto.merlin.alias.password=SpringSide??
137.org.apache.ws.security.crypto.merlin.keystore.alias=david??
138. org.apache.ws.security.crypto.merlin.file=org/springside/bookstore/plugins/xfire/wss4j/springside_private.jks??
139.outsecurity_sign.properties：??
140.org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin??
141.org.apache.ws.security.crypto.merlin.keystore.type=jks??
142.org.apache.ws.security.crypto.merlin.keystore.password=SpringSide??
143.org.apache.ws.security.crypto.merlin.keystore.alias=david??
144. org.apache.ws.security.crypto.merlin.file=org/springside/bookstore/plugins/xfire/wss4j/springside_public.jks??
145.第五，使用SecureX生成了两个keystore文件??
146.springside_private.jks??
147.别名名称： david??
148.创建日期： 2006-8-6??
149.输入类型：KeyEntry??
150.认证链长度： 1??
151.认证 [1]:??
152.Owner: CN=david, OU=SpringSide, O=org, L=gz, ST=gd, C=cn??
153.发照者： CN=david, OU=SpringSide, O=org, L=gz, ST=gd, C=cn??
154.序号： 44d4cdcd??
155.有效期间： Sun Aug 06 00:56:45 CST 2006 至： Mon Aug 06 00:56:45 CST 2007??
156.认证指纹：??
157.???????? MD5：? CF:97:13:0C:70:D0:4D:B6:B4:27:0F:1A:0B:CF:D9:F2??
158.???????? SHA1： 8E:8E:E8:BC:64:39:C8:43:E4:F7:1B:3B:CE:48:1D:6B:A0:2B:58:B5??
159.springside_public.jks??
160.别名名称： david??
161.创建日期： 2006-8-6??
162.输入类型： trustedCertEntry??
163.??
164.Owner: CN=david, OU=SpringSide, O=org, L=gz, ST=gd, C=cn??
165.发照者： CN=david, OU=SpringSide, O=org, L=gz, ST=gd, C=cn??
166.序号： 44d4cdcd??
167.有效期间： Sun Aug 06 00:56:45 CST 2006 至： Mon Aug 06 00:56:45 CST 2007??
168.认证指纹：??
169.???????? MD5：? CF:97:13:0C:70:D0:4D:B6:B4:27:0F:1A:0B:CF:D9:F2??
170.???????? SHA1： 8E:8E:E8:BC:64:39:C8:43:E4:F7:1B:3B:CE:48:1D:6B:A0:2B:58:B5??
171.第五，新版本SpringSide需要??
172.http://www.bouncycastle.org/download/bcprov-jdk15-133.jar??
173.并且要配置java.security??
174.另外,还要使用jdk加密增强策略??
175.http://www.blogjava.net/openssl/archive/2006/03/08/34381.html??
176.??
177.用户要使用WSS4J，需要配置Bouncycastle这个SecurityProvider，否则??
178.运行Enc模式的XFire认证的时候，会抛出异常：??
179.org.apache.ws.security.WSSecurityException: An unsupported signature or encryption algorithm was used unsupported key??
180.配合java.security也是非常简单:??
181.在最后加入BouncycastleProvider。??
182.security.provider.1=sun.security.provider.Sun??
183.security.provider.2=com.sun.net.ssl.internal.ssl.Provider??
184.security.provider.3=com.sun.rsajca.Provider??
185.security.provider.4=com.sun.crypto.provider.SunJCE??
186.security.provider.5=sun.security.jgss.SunProvider??
187.security.provider.6=org.bouncycastle.jce.provider.BouncyCastleProvider??
188.??
189.[WebService Client端配置]??
190.1，Encrypt模式的Client是在客户端用david的公钥加密Soap里面的usernameToken，然后发送到Web服务，Web服务用david的私钥来验证。这种模式需要客户端预先知道服务器端的公钥。??
191.??
192.在Encrypt模式中，需要这样配置ClientHandler：??
193.??????? Service serviceModel = new ObjectServiceFactory().create(BookServiceWSS4JEnc.class);??
194.??????? XFireProxyFactory factory = new XFireProxyFactory(getXFire());??
195.??
196.??????? BookService service = (BookService) factory.create(serviceModel, "xfire.local://BookServiceWSS4JEnc");??
197.??
198.??????? Client client = ((XFireProxy) Proxy.getInvocationHandler(service)).getClient();??
199.??????? //挂上WSS4JOutHandler，提供认证??
200.??????? client.addOutHandler(new DOMOutHandler());??
201.??????? Properties properties = new Properties();??
202.??????? configureOutProperties(properties);??
203.??????? client.addOutHandler(new WSS4JOutHandler(properties));??
204.??
205.??????? List list = service.getAllCategorys(); configureOutProperties函数负责指定Client使用何种安全策略，没错，使用 outsecurity_enc.properties，这个properties是跟Server端的 insecurity_enc.properties一起使用的。??
206.??? protected void configureOutProperties(Properties config) {??
207.??????? config.setProperty(WSHandlerConstants.ACTION, WSHandlerConstants.ENCRYPT);??
208.??????? config.setProperty(WSHandlerConstants.USER, "david");??
209.??????? //config.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS, PasswordHandler.class.getName());??
210.??????? //Configuration of public key used to encrypt message goes to properties file.??
211.??????? config.setProperty(WSHandlerConstants.ENC_PROP_FILE,??
212.?????????????????????????????? "org/springside/bookstore/plugins/xfire/outsecurity_enc.properties");??
213.??? }??
214.??
215.outsecurity_enc.properties：??
216.org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin??
217.org.apache.ws.security.crypto.merlin.keystore.type=jks??
218.org.apache.ws.security.crypto.merlin.keystore.password=SpringSide??
219.org.apache.ws.security.crypto.merlin.keystore.alias=david??
220. org.apache.ws.security.crypto.merlin.file=org/springside/bookstore/plugins/xfire/wss4j/springside_public.jks??
221.??
222.2, Sign模式的Client同样也是很简单，这种模式是Client端用自己的私钥为usernameToken签名，服务器端用Client的公钥来验证签名，因此，服务器端需要预先知道客户端的公钥。??
223.对应于Encrypt模式，这里的configureOutProperties需要这样来配置：??
224.??? protected void configureOutProperties(Properties properties) {??
225.??????? properties.setProperty(WSHandlerConstants.ACTION,WSHandlerConstants.SIGNATURE);??
226.??????? // User in keystore??
227.??????? properties.setProperty(WSHandlerConstants.USER, "david");??
228.??????? // This callback is used to specify password for given user for keystore??
229.??????? properties.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS, PasswordHandler.class.getName());??
230.??????? // Configuration for accessing private key in keystore??
231.??????? properties.setProperty(WSHandlerConstants.SIG_PROP_FILE,"org/springside/bookstore/plugins/xfire/outsecurity_sign.properties");??
232.??????? properties.setProperty(WSHandlerConstants.SIG_KEY_ID,"IssuerSerial");??
233.??? }??
234.??
235.??
236.outsecurity_sign.properties：??
237.org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin??
238.org.apache.ws.security.crypto.merlin.keystore.type=jks??
239.org.apache.ws.security.crypto.merlin.keystore.password=SpringSide??
240.org.apache.ws.security.crypto.merlin.alias.password=SpringSide??
241.org.apache.ws.security.crypto.merlin.keystore.alias=david??
242. org.apache.ws.security.crypto.merlin.file=org/springside/bookstore/plugins/xfire/wss4j/springside_private.jks??