加入收藏 | 设为首页 | 会员中心 | 我要投稿 李大同 (https://www.lidatong.com.cn/)- 科技、建站、经验、云计算、5G、大数据,站长网!
当前位置: 首页 > 综合聚焦 > 服务器 > 安全 > 正文

webService----wss4j+cxf实现WS-Security(基于UsernameToken)

发布时间:2020-12-16 21:42:47 所属栏目:安全 来源:网络整理
导读:分享一下wss4j+cxf基于UsernameToken的安全验证。名词解释:?????? ????? cxf???????? : apache下的一个开源项目,用于发布webservice。 ????? WSS4J? : Web Services Security for Java.? 废话少说,直接上代码。 ??? 1. 首先,需要导入cxf中的所有jar包,

分享一下wss4j+cxf基于UsernameToken的安全验证。名词解释:??????

????? cxf???????? : apache下的一个开源项目,用于发布webservice。
????? WSS4J? : Web Services Security for Java.?


废话少说,直接上代码。
??? 1. 首先,需要导入cxf中的所有jar包,及wss4j中的所有jar包与log4j.jar。
????????? (本例中使用的版本是:apache-cxf-2.7.3,wss4j-1.6.9)
??

? 2. 首先建立server 项目,发布一个简单的helloWorldService.?

?

目录结构图:



?

?
??? webservice接口代码:
???

Java代码??

  1. package?com.wss4j.server;??
  2. ??
  3. import?javax.jws.WebParam;??
  4. import?javax.jws.WebService;??
  5. ??
  6. @WebService??
  7. public?interface?HelloWorld?{??
  8. ????public?String?sayHello(@WebParam(name?=?"name")?String?name);??
  9. }??

?webservice实现类

?

?

Java代码??

  1. package?com.wss4j.server;??
  2. ??
  3. ??
  4. public?class?HelloWorldImpl?implements?HelloWorld?{??
  5. ??
  6. ????@Override??
  7. ????public?String?sayHello(String?name)?{??
  8. ????????return?"Hello?"?+?name?+?"?^_^?!";??
  9. ????}??
  10. ??
  11. }??

?

?

?接下来是服务端拦截器: ServerPasswordCallback.java

?

Java代码??

  1. package?com.wss4j.interceptor;??
  2. ??
  3. import?java.io.IOException;??
  4. ??
  5. import?javax.security.auth.callback.Callback;??
  6. import?javax.security.auth.callback.CallbackHandler;??
  7. import?javax.security.auth.callback.UnsupportedCallbackException;??
  8. ??
  9. import?org.apache.ws.security.WSPasswordCallback;??
  10. import?org.slf4j.Logger;??
  11. ??
  12. public?class?ServerPasswordCallback?implements?CallbackHandler?{??
  13. ??
  14. ????private?Logger?logger?=?org.slf4j.LoggerFactory.getLogger(ServerPasswordCallback.class);??
  15. ??
  16. ????@Override??
  17. ????public?void?handle(Callback[]?callbacks)?throws?IOException,??
  18. ????????????UnsupportedCallbackException?{??
  19. ????????WSPasswordCallback?pc?=?(WSPasswordCallback)?callbacks[0];??
  20. ????????//?标识符??
  21. ????????String?identifier?=?pc.getIdentifier();??
  22. ????????????????//?此处获取到的password为null,但是并不代表服务端没有拿到该属性。??
  23. ????????String?password?=?pc.getPassword();??
  24. ????????logger.info("identifier:"?+?identifier);??
  25. ????????logger.info("password:"?+?password);??
  26. ??????????
  27. ????????if?(identifier?!=?null?&&?identifier.equals("admin"))?{??
  28. ????????????/**??
  29. ?????????????*?此处应该这样做:?
  30. ?????????????????*?1.?查询数据库,得到数据库中该用户名对应密码?
  31. ?????????????????*?2.?设置密码,wss4j会自动将你设置的密码?与客户端传递的密码进行匹配?
  32. ?????????????????*?3.?如果相同,则放行,否则返回权限不足信息??
  33. ?????????????*??
  34. ?????????????*/??
  35. ????????????pc.setPassword("password");??
  36. ????????}else{??
  37. ????????????logger.info("未授权的用户");??
  38. ????????}??
  39. ????}??
  40. }??

?

?

server-beans.xml

?

Java代码??

  1. <beans?xmlns="http://www.springframework.org/schema/beans"??
  2. ????xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"?xmlns:cxf="http://cxf.apache.org/core"??
  3. ????xmlns:jaxws="http://cxf.apache.org/jaxws"??
  4. ????xsi:schemaLocation="http://www.springframework.org/schema/beans??
  5. ????????????????????????http://www.springframework.org/schema/beans/spring-beans.xsd??
  6. ????????????????????????http://cxf.apache.org/core?http://cxf.apache.org/schemas/core.xsd??
  7. ????????????????????????http://cxf.apache.org/jaxws??
  8. ????????????????????????http://cxf.apache.org/schemas/jaxws.xsd">??
  9. ??
  10. ????<!--?jar包中自带的cxf文件夹下的*.xml文件?-->??
  11. ??
  12. ????<import?resource="classpath:META-INF/cxf/cxf.xml"?/>??
  13. ??
  14. ????<import?resource="classpath:META-INF/cxf/cxf-extension-soap.xml"?/>??
  15. ??
  16. ????<import?resource="classpath:META-INF/cxf/cxf-servlet.xml"?/>??
  17. ????<bean?id="myPasswordCallback"?class="com.wss4j.interceptor.ServerPasswordCallback"?/>??
  18. ??
  19. ????<jaxws:endpoint?id="helloword"?implementor="com.wss4j.server.HelloWorldImpl"??
  20. ????????address="/helloService">??
  21. ????????<!--?添加拦截器?-->??
  22. ????????<jaxws:inInterceptors>??
  23. ????????????<bean?class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">??
  24. ????????????????<constructor-arg>??
  25. ????????????????????<map>??
  26. ????????????????????????<entry?key="action"?value="UsernameToken"?/>??
  27. ????????????????????????<entry?key="passwordType"?value="PasswordText"?/>??
  28. ????????????????????????<entry?key="signaturePropFile"?value="..."?/>??
  29. ????????????????????????<entry?key="user"?value="FHDServer"?/>??
  30. ????????????????????????<entry?key="passwordCallbackRef">??
  31. ????????????????????????????<ref?bean="myPasswordCallback"?/>??
  32. ????????????????????????</entry>??
  33. ????????????????????</map>??
  34. ????????????????</constructor-arg>??
  35. ????????????</bean>??
  36. ????????</jaxws:inInterceptors>??
  37. ????</jaxws:endpoint>??
  38. ??????
  39. </beans>??

?

?

beans.xml

?

Java代码??

  1. <?xml?version="1.0"?encoding="UTF-8"?>??
  2. <beans?xmlns="http://www.springframework.org/schema/beans"??
  3. ????xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"???
  4. ????xmlns:jaxws="http://cxf.apache.org/jaxws"??
  5. ????xsi:schemaLocation="http://www.springframework.org/schema/beans??
  6. ????????????????????????http://www.springframework.org/schema/beans/spring-beans.xsd??
  7. ????????????????????????http://cxf.apache.org/jaxws??
  8. ????????????????????????http://cxf.apache.org/schemas/jaxws.xsd">??
  9. ??
  10. ????<import?resource="../cxf/server-beans.xml"/>??
  11. </beans>??

?

?

web.xml

?

Java代码??

  1. <?xml?version="1.0"?encoding="UTF-8"?>??
  2. <web-app?xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"??
  3. ????xmlns="http://java.sun.com/xml/ns/javaee"?xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"??
  4. ????xsi:schemaLocation="http://java.sun.com/xml/ns/javaee?http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"??
  5. ????id="WebApp_ID"?version="3.0">??
  6. ????<display-name>wss4j001-cxf-server</display-name>??
  7. ????<welcome-file-list>??
  8. ????????<welcome-file>index.html</welcome-file>??
  9. ????????<welcome-file>index.htm</welcome-file>??
  10. ????????<welcome-file>index.jsp</welcome-file>??
  11. ????????<welcome-file>default.html</welcome-file>??
  12. ????????<welcome-file>default.htm</welcome-file>??
  13. ????????<welcome-file>default.jsp</welcome-file>??
  14. ????</welcome-file-list>??
  15. ????<context-param>??
  16. ????????<param-name>contextConfigLocation</param-name>??
  17. ????????<param-value>classpath:spring/beans.xml</param-value>??
  18. ????</context-param>??
  19. ????<listener>??
  20. ????????<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>??
  21. ????</listener>??
  22. ????<servlet>??
  23. ????????<servlet-name>CXFServlet</servlet-name>??
  24. ????????<servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class>??
  25. ????????<load-on-startup>2</load-on-startup>??
  26. ????</servlet>??
  27. ????<servlet-mapping>??
  28. ????????<servlet-name>CXFServlet</servlet-name>??
  29. ????????<url-pattern>/ws/*</url-pattern>??
  30. ????</servlet-mapping>??
  31. </web-app>??

?

?

  此时,我们的server端就已经搞定了。

?????? 访问链接:http://localhost:8080/wss4j001-cxf-server/ws/helloService?wsdl

  即可看到刚刚发布的webservice的wsdl文件。但是不能直接访问方法,因为我们为其增加了安全校验。

?

接下来,创建client 端 项目。

   

具体项目结构如下:



?

HelloWorldClient.java

?

Java代码??

  1. package?com.wss4j.client;??
  2. ??
  3. import?org.springframework.context.support.ClassPathXmlApplicationContext;??
  4. ??
  5. import?com.wss4j.server.HelloWorld;??
  6. ??
  7. public?class?HelloWorldClient?{??
  8. ????public?static?void?main(String[]?args)?{??
  9. ????????ClassPathXmlApplicationContext?context?=?new?ClassPathXmlApplicationContext(??
  10. ????????????????new?String[]?{?"cxf/client-beans.xml"?});??
  11. ????????HelloWorld?client?=?(HelloWorld)?context.getBean("client");??
  12. ????????String?response?=?client.sayHello("Dan");??
  13. ????????System.out.println("Response:?"?+?response);??
  14. ????????System.exit(0);??
  15. ????}??
  16. ??
  17. }??

?

?

?

客户端添加用户认证拦截器 ClientPasswordCallback.java

?

Java代码??

  1. package?com.wss4j.interceptor;??
  2. ??
  3. import?java.io.IOException;??
  4. ??
  5. import?javax.security.auth.callback.Callback;??
  6. import?javax.security.auth.callback.CallbackHandler;??
  7. import?javax.security.auth.callback.UnsupportedCallbackException;??
  8. ??
  9. import?org.apache.ws.security.WSPasswordCallback;??
  10. ??
  11. public?class?ClientPasswordCallback?implements?CallbackHandler?{??
  12. ????@Override??
  13. ????public?void?handle(Callback[]?callbacks)?throws?IOException,??
  14. ????????????UnsupportedCallbackException?{??
  15. ????????WSPasswordCallback?pc?=?(WSPasswordCallback)?callbacks[0];??
  16. ????????String?ident?=?"admin";??
  17. ????????String?passwd?=?"password";??
  18. ????????pc.setPassword(passwd);??
  19. ????????pc.setIdentifier(ident);??
  20. ??
  21. ????}??
  22. }??

?

?

client-beans.xml

?

Java代码??

  1. <?xml?version="1.0"?encoding="UTF-8"?>??
  2. <beans?xmlns="http://www.springframework.org/schema/beans"??
  3. ????xmlns:jaxws="http://cxf.apache.org/jaxws"?xmlns:cxf="http://cxf.apache.org/core"??
  4. ????xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"??
  5. ????xsi:schemaLocation="??
  6. ??????????http://www.springframework.org/schema/beans???
  7. ??????????http://www.springframework.org/schema/beans/spring-beans.xsd??
  8. ??????????http://cxf.apache.org/core?http://cxf.apache.org/schemas/core.xsd??
  9. ??????????http://cxf.apache.org/jaxws???
  10. ??????????http://cxf.apache.org/schemas/jaxws.xsd">??
  11. ????<bean?id="clientPasswordCallback"?class="com.wss4j.interceptor.ClientPasswordCallback"?/>??
  12. ??????
  13. ????<jaxws:client?id="client"?serviceClass="com.wss4j.server.HelloWorld"??
  14. ????????address="http://localhost:8080/wss4j001-cxf-server/ws/helloService">??
  15. ????????<jaxws:outInterceptors>??
  16. ????????????<bean?class="org.apache.cxf.interceptor.LoggingOutInterceptor"?/>??
  17. ????????????<bean?class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">??
  18. ????????????????<constructor-arg>??
  19. ????????????????????<map>??
  20. ????????????????????????<entry?key="action"?value="UsernameToken"?/>??
  21. ????????????????????????<entry?key="passwordType"?value="PasswordText"?/>??
  22. ????????????????????????<entry?key="user"?value="FHDClient"?/>??
  23. ????????????????????????<entry?key="passwordCallbackRef">??
  24. ????????????????????????????<ref?bean="clientPasswordCallback"?/>??
  25. ????????????????????????</entry>??
  26. ????????????????????</map>??
  27. ????????????????</constructor-arg>??
  28. ????????????</bean>??
  29. ????????</jaxws:outInterceptors>??
  30. ????</jaxws:client>??
  31. ??
  32. </beans>??

?

?

接下来,我们需要通过wsdl 生成服务端webservice的客户端java文件。这里使用cxf的wsdl2java命令。

?

打开cmd命令行:

????? 1. 进入到 apache-cxf-2.7.3apache-cxf-2.7.3bin 目录下

?????

?????? 2. 执行命令:

?????????????? wsdl2ava? -client http://localhost:8080/wss4j001-cxf-server/ws/helloService?wsdl? ????????

?

???? 3. 生成的java文件就在 apache-cxf-2.7.3apache-cxf-2.7.3bin 目录下,名为com的文件夹。复制文件夹至client项目的src下。

?

?

  接下来,首先将server项目添加到服务器中,启动服务器。然后执行 HelloWorldClient.java中的main方法,就可以访问服务端的webservice了,是不是so easy? ^_^ ..

(编辑:李大同)

【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容!
    相关内容
      推荐文章
        站长推荐
        热点阅读

          【免责声明】本站内容转载自互联网,其发布内容言论不代表本站观点,如果其链接、内容的侵犯您的权益,烦请提交相关链接至邮箱bqsm@foxmail.com我们将及时予以处理。

          建议您使用1920×1080分辨率、谷歌浏览器Google Chrome、Microsoft Edge以获得本站的最佳浏览效果

          Copygight © 2008-2022 https://www.lidatong.com.cn/ All Rights Reserved. 李大同