xfire的webservice安全机制之签名

xfire的webservice安全机制之签名 服务端配置修改点： applicationContext-webservice.xml文件： <property name="inHandlers"> <list> ?? <ref bean="domInHandler" /> ?? <ref bean="wss4jInHandlerSign"/>? ?? <ref bean="validateUserTokenHandler" /> </list> </property> <bean id="wss4jInHandlerSign" class="org.codehaus.xfire.security.wss4j.WSS4JInHandler"> <property name="properties"> ?? <props> ??? <prop key="action">Signature</prop> ??? <prop key="signaturePropFile"> ???? insecurity_sign.properties ??? </prop> ?? </props> </property> </bean> 新增配置文件insecurity_sign.properties: org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=jks org.apache.ws.security.crypto.merlin.keystore.password=dv110.com org.apache.ws.security.crypto.merlin.file=tianyi_public.jks 客户端配置文件： 只需要修改XFireClientFactory.java文件： //签名 getSign(obj); public void getSign(Object service){ ?? Client client = ((XFireProxy) Proxy.getInvocationHandler(service)).getClient(); ?? //挂上WSS4JOutHandler，提供认证 ?? client.addOutHandler(new DOMOutHandler()); ?? Properties properties = new Properties(); ?? properties.setProperty(WSHandlerConstants.ACTION,WSHandlerConstants.SIGNATURE); ?? // User in keystore ?? properties.setProperty(WSHandlerConstants.USER,"safedv"); ?? // This callback is used to specify password for given user for keystore ?? properties.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS,PasswordHandler.class.getName()); ?? // Configuration for accessing private key in keystore ?? properties.setProperty(WSHandlerConstants.SIG_PROP_FILE,"outsecurity_sign.properties"); ?? properties.setProperty(WSHandlerConstants.SIG_KEY_ID,"IssuerSerial"); ?? client.addOutHandler(new WSS4JOutHandler(properties)); } 客户端增加配置文件，outsecurity_sign.properties org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=jks org.apache.ws.security.crypto.merlin.keystore.password=dv110.com org.apache.ws.security.crypto.merlin.file=tianyi_private.jks 附录，生成签名的各个KEY，其实就是和ENC反过来操作，私匙签名，公匙解 1、通过别名和密码创建私密钥到keystore： C:&;keytool -genkey -alias safedv -keypass safedv -keystore tianyi_private.jks -storepass dv110.com -dname "cn=dv110" -keyalg RSA 2、证书： C:&;keytool -selfcert -alias safedv -keystore tianyi_private.jks -storepass dv110.com -keypass safedv 3、导出公钥到key.rsa： C:&;keytool -export -alias safedv -file safedv.rsa -keystore tianyi_private.jks -storepass dv110.com 4、导入公钥到新的keystore中： C:&;keytool -import -alias safedv -file safedv.rsa -keystore tianyi_public.jks -storepass dv110.com