`
NoGrief
  • 浏览: 12357 次
  • 性别: Icon_minigender_1
  • 来自: 北京
社区版块
存档分类
最新评论

CXF使用X509证书的WS-Security进行验证

阅读更多
一、相关概念
提到x509,就不得不提到几个相关概念。
1、Private key
2、Public key
3、KeyStore
4、TrustStore
Private key和Public key很简单,字面意思就可以理解,就是常说的私钥和公钥。
KeyStore和TrustStore简单的说就是存储私钥和密钥的容器。二者从存储结构上面都是一样的,只不过对其概念上做个区分,KeyStore主要用来存储私钥(也可能是Chain),TrustStore是用来存储公钥的。
更详细的可以看另外一篇文章:http://lukejin.iteye.com/blog/605634
在CXF中,使用加密签名的方式作为安全策略,配置上还有些麻烦。
先来看个图:

简单解释一下
1、客户端发送soap到服务端
首先A(客户端)需要使用自己的私钥进行签名,使用B(服务端)的公钥进行加密,然后将soap传给B,B用私钥进行解密,用A的公钥进行验签。
2、服务端返回数据到客户端
首先B用自己的私钥进行签名,用A的公钥进行加密,然后将soap传回给A,A用私钥进行解密,用B的公钥进行验签。
只要搞清楚这个过程,再使用CXF就显得比较容易了。

二、搭建环境

下面我们就可以搭建CXF的环境了
首先用maven创建一个简单的java工程,可以先创建好包com.tongtech.ti.cxf.demo.security
然后上pom文件,将下面的pom文件覆盖你自己工程中的pom文件。
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
	<modelVersion>4.0.0</modelVersion>
	<groupId>ti-cxf</groupId>
	<artifactId>ti-cxf-security</artifactId>
	<version>0.0.1-SNAPSHOT</version>
	<packaging>jar</packaging>
	<name>Tongtech Demo for CXF Security with wss4j</name>
	<properties>
		<cxf.version>2.4.0-SNAPSHOT</cxf.version>
	</properties>
	<dependencies>
		<dependency>
			<groupId>org.apache.cxf</groupId>
			<artifactId>cxf-rt-frontend-jaxws</artifactId>
			<version>${cxf.version}</version>
		</dependency>
		<dependency>
			<groupId>org.apache.cxf</groupId>
			<artifactId>cxf-rt-transports-http</artifactId>
			<version>${cxf.version}</version>
		</dependency>
		<dependency>
			<groupId>org.apache.cxf</groupId>
			<artifactId>cxf-rt-ws-security</artifactId>
			<version>${cxf.version}</version>
		</dependency>
		<dependency>
			<groupId>org.apache.cxf</groupId>
			<artifactId>cxf-rt-transports-http-jetty</artifactId>
			<version>${cxf.version}</version>
		</dependency>
	</dependencies>

	<build>
		<plugins>
			<plugin>
				<groupId>org.apache.maven.plugins</groupId>
				<artifactId>maven-compiler-plugin</artifactId>
				<configuration>
					<source>1.6</source>
					<target>1.6</target>
				</configuration>
			</plugin>
			<plugin>
				<groupId>org.apache.cxf</groupId>
				<artifactId>cxf-codegen-plugin</artifactId>
				<version>${cxf.version}</version>
				<executions>
					<execution>
						<id>generate-sources-static</id>
						<phase>generate-sources</phase>
						<configuration>
							<sourceRoot>${basedir}/target/generate</sourceRoot>
							<wsdlOptions>
								<wsdlOption>
									<wsdl>${basedir}/src/main/java/com/tongtech/ti/cxf/demo/security/security.wsdl</wsdl>
									<extraargs>
										<extraarg>-db</extraarg>
										<extraarg>jaxb</extraarg>
										<extraarg>-p</extraarg>
										<extraarg>com.tongtech.ti.cxf.demo.security.service</extraarg>
										<extraarg>-all</extraarg>
									</extraargs>
								</wsdlOption>
							</wsdlOptions>
						</configuration>
						<goals>
							<goal>wsdl2java</goal>
						</goals>
					</execution>
				</executions>
			</plugin>
		</plugins>
	</build>

</project>


然后在上WSDL:
Security.wsdl
<?xml version="1.0" encoding="UTF-8"?>
<wsdl:definitions name="security"
	targetNamespace="http://demo.ti.tongtech.com/security/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
	xmlns:tns="http://demo.ti.tongtech.com/security/" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
	xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/">
	<wsdl:types>
		<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
			targetNamespace="http://demo.ti.tongtech.com/security/">
			<xsd:element name="input">
				<xsd:complexType>
					<xsd:sequence>
						<xsd:element name="in" type="xsd:string"></xsd:element>
					</xsd:sequence>
				</xsd:complexType>
			</xsd:element>
			<xsd:element name="inputResponse">
				<xsd:complexType>
					<xsd:sequence>
						<xsd:element name="out" type="xsd:string"></xsd:element>
					</xsd:sequence>
				</xsd:complexType>
			</xsd:element>
		</xsd:schema>
	</wsdl:types>
	<wsdl:message name="inputRequest">
		<wsdl:part name="parameters" element="tns:input"></wsdl:part>
	</wsdl:message>
	<wsdl:message name="inputResponse">
		<wsdl:part name="parameters" element="tns:inputResponse"></wsdl:part>
	</wsdl:message>
	<wsdl:portType name="ISecuriyDemo">
		<wsdl:operation name="input">
			<wsdl:input message="tns:inputRequest"></wsdl:input>
			<wsdl:output message="tns:inputResponse"></wsdl:output>
		</wsdl:operation>
	</wsdl:portType>
	<wsdl:binding name="ISecurityBinding" type="tns:ISecuriyDemo">
		<soap:binding style="document"
			transport="http://schemas.xmlsoap.org/soap/http" />
		<wsdl:operation name="input">
			<soap:operation soapAction="http://demo.ti.tongtech.com/security/input" />
			<wsdl:input>
				<soap:body use="literal" />
			</wsdl:input>
			<wsdl:output>
				<soap:body use="literal" />
			</wsdl:output>
		</wsdl:operation>
	</wsdl:binding>
	<wsdl:service name="ISecuriyService">
		<wsdl:port name="ISecuriyServicePort" binding="tns:ISecurityBinding">
			<soap:address location="http://localhost:8080/sec" />
		</wsdl:port>
	</wsdl:service>
</wsdl:definitions>

wsdl文件放在com.tongtech.ti.cxf.demo.security包下面。

下面执行mvn eclipse:myeclipse/eclipse:eclipse/idea:idea,maven会自动根据wsdl创建相关代码。代码生成后拷贝到com.tongtech.ti.cxf.demo.security.service下面。
三、编写代码
(一)生成证书
生成证书还是比较麻烦的,要用到jdk的一个工具——keytool
首先,创建客户端KeyStore和公钥
在命令行运行:
1、创建私钥和KeyStore:
keytool -genkey -alias clientprivatekey -keypass keypass -keystore Client_KeyStore.jks -storepass storepass -dname "CN=tongtech.com,C=CN" -keyalg RSA

创建KeyStore,文件名字为Client_KeyStore.jks,里面有个名为clientprivatekey的私钥。
2、给私钥进行自签名:
keytool -selfcert -keystore Client_KeyStore.jks -storepass storepass -alias clientprivatekey -keypass keypass

签名成功,无任何提示。
3、导出私钥
作用是导出的证书将作为公钥保存到TrustStore中。
keytool -export -alias clientprivatekey -file Client_PublicCert.cer -keystore Client_KeyStore.jks -storepass storepass

如果成功,可以看到提示:
保存在文件中的认证 <Client_PublicCert.cer>
然后创建服务端KeyStore
1、创建私钥和KeyStore
keytool -genkey -alias serverprivatekey -keypass keypass -keystore Server_KeyStore.jks -storepass storepass -dname "CN=tongtech.com,C=CN" -keyalg RSA

2、给私钥进行自签名
keytool -selfcert -keystore Server_KeyStore.jks -storepass storepass -alias serverprivatekey -keypass keypass

3、导出私钥
keytool -export -alias serverprivatekey -file Server_PublicCert.cer -keystore Server_KeyStore.jks -storepass storepass

接下来,将客户端公钥导入到服务端TrustStore中,将服务端公钥导入到客户端TrustStore中。
在命令行中输入:
keytool -import -alias clientpublickey -file Client_PublicCert.cer -keystore Server_TrustStore.jks -storepass storepass

回车后会提示
引用
所有者:CN=tongtech.com, C=CN
签发人:CN=tongtech.com, C=CN
序列号:4cc7e86c
有效期: Wed Oct 27 16:53:00 CST 2010 至Tue Jan 25 16:53:00 CST 2011
证书指纹:
         MD5:FB:AB:71:9F:56:F3:CB:65:16:DC:52:E0:2D:27:FF:F6
         SHA1:06:A8:B1:B4:E2:42:9D:B2:F7:99:E7:70:34:08:96:52:E1:CD:4A:76
         签名算法名称:SHA1withRSA
         版本: 3
信任这个认证? [否]: 

打y即可,然后提示
引用
认证已添加至keystore中

同理,将服务端公钥导入到客户端TrustStore中
keytool -import -alias serverpublickey -file Server_PublicCert.cer -keystore Client_TrustStore.jks -storepass storepass

同样会出现提示,打y回车,提示成功就可以了。
到这里会有个疑问,为什么都叫keystore?在最上面已经提到,KeyStore和TrustStore是概念上的区分。

(二)编写代码
将上面生成好的maven工程导入到eclipse中,在src/main/java下建立新的包,起名叫cert,将刚刚生成好的KeyStore和TrustStore拷到cert包下。
1、创建配置文件
建立客户端加密/解密配置:Client_Encrypt.properties
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=storepass
org.apache.ws.security.crypto.merlin.keystore.alias=serverpublickey
org.apache.ws.security.crypto.merlin.file=cert/Client_TrustStore.jks

建立客户端验签/签名配置:Client_Sign.properties
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=storepass
org.apache.ws.security.crypto.merlin.keystore.alias=clientprivatekey
org.apache.ws.security.crypto.merlin.file=cert/Client_KeyStore.jks

建立服务端加密/解密配置:Server_Decrypt.properties
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=storepass
org.apache.ws.security.crypto.merlin.keystore.alias=serverprivatekey
org.apache.ws.security.crypto.merlin.file=cert/Server_KeyStore.jks

建立服务端验签/签名配置:Server_SignVerf.properties
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=storepass
org.apache.ws.security.crypto.merlin.keystore.alias=clientpublickey
org.apache.ws.security.crypto.merlin.file=cert/Server_TrustStore.jks

整理一下:
引用

可能说这里名字起的有些怪异,这些文件是我从cxf的example中拷贝过来,我想原意应该是客户端进行签名加密,服务器进行验签解密,并没有对返回数据进行签名加密的意图,所以名字起成这样,不过没关系,整理一下,思路会更清楚。
Client_Encrypt.properties————Client_TrustStore.jks————serverpublickey
Client_Sign.properties————Client_KeyStore.jks————clientprivatekey
Server_Decrypt.properties————Server_KeyStore.jks————serverprivatekey
Server_SignVerf.properties————Server_TrustStore.jks————clientpublickey

2、编写客户端、服务端以及各自的Callback
首先先将target/generate中将代码拷贝到com.tongtech.ti.cxf.demo.security.service中,然后在security目录下面建立X509.client和X509.server,分别把ISecuriyDemo_ISecuriyServicePort_Client.java和ISecuriyDemo_ISecuriyServicePort_Server.java改名成Client和Server并移动到X509.client和X509.server包下,然后在client包下建立UTPasswordClientCallBack.java类。
UTPasswordClientCallBack.java代码如下:
package com.tongtech.ti.cxf.demo.security.X509.client;

import java.io.IOException;

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;

import org.apache.ws.security.WSPasswordCallback;

public class UTPasswordClientCallBack implements CallbackHandler {

	public void handle(Callback[] callbacks) throws IOException,
			UnsupportedCallbackException {
		WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
		pc.setPassword("keypass");
		System.out.println("Client Identifier=" + pc.getIdentifier());
		System.out.println("Client Password=" + pc.getPassword());
	}

}


在server包下建立UTPasswordServerCallBack.java
UTPasswordServerCallBack.java代码如下:
package com.tongtech.ti.cxf.demo.security.X509.server;

import java.io.IOException;

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;

import org.apache.ws.security.WSPasswordCallback;

public class UTPasswordServerCallBack implements CallbackHandler {

	public void handle(Callback[] callbacks) throws IOException,
			UnsupportedCallbackException {
		WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
		pc.setPassword("keypass");
		System.out.println("Server Identifier=" + pc.getIdentifier());
		System.out.println("Server Password=" + pc.getPassword());
	}
}

这两个类中,pc.setPassword方法参数都是keypass,因为我们生成的所有密钥的密码均是keypass,如果密钥密码不同,在这里需要对密钥的Identifier(等同于alias)进行判断,从而设置不同的密码。

接下来将要编写客户端和服务端了。
首先打开Client.java类,将如下代码完整复制,覆盖进去
package com.tongtech.ti.cxf.demo.security.X509.client;

/**
 * Please modify this class to meet your needs
 * This class is not complete
 */

import java.net.URL;
import java.util.HashMap;
import java.util.Map;

import javax.xml.namespace.QName;

import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.frontend.ClientProxy;
import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
import org.apache.ws.security.handler.WSHandlerConstants;

import com.tongtech.ti.cxf.demo.security.service.ISecuriyDemo;
import com.tongtech.ti.cxf.demo.security.service.ISecuriyService;

/**
 * This class was generated by Apache CXF 2.4.0-SNAPSHOT Tue Oct 26 16:45:43 CST
 * 2010 Generated source version: 2.4.0-SNAPSHOT
 * 
 */

public final class Client {

	private static final QName SERVICE_NAME = new QName(
			"http://demo.ti.tongtech.com/security/", "ISecuriyService");

	private Client() {
	}

	public static void main(String args[]) throws Exception {
		URL wsdlURL = ISecuriyService.WSDL_LOCATION;

		ISecuriyService ss = new ISecuriyService(wsdlURL, SERVICE_NAME);
		ISecuriyDemo port = ss.getISecuriyServicePort();
		org.apache.cxf.endpoint.Client client = ClientProxy.getClient(port);
		Endpoint cxfEp = client.getEndpoint();

		// Clint Out
		Map<String, Object> outProp = new HashMap<String, Object>();
		outProp.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP
				+ " " + WSHandlerConstants.SIGNATURE + " "
				+ WSHandlerConstants.ENCRYPT);
		outProp.put(WSHandlerConstants.USER, "clientprivatekey");
		outProp.put(WSHandlerConstants.ENCRYPTION_USER, "serverpublickey");
		outProp.put(WSHandlerConstants.PW_CALLBACK_CLASS,
				UTPasswordClientCallBack.class.getName());
		outProp.put(WSHandlerConstants.SIG_PROP_FILE,
				"cert/Client_Sign.properties");
		outProp.put(WSHandlerConstants.ENC_PROP_FILE,
				"cert/Client_Encrypt.properties");
		cxfEp.getOutInterceptors().add(new WSS4JOutInterceptor(outProp));

		// Client In(Return)
		Map<String, Object> inProp = new HashMap<String, Object>();
		inProp.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP
				+ " " + WSHandlerConstants.SIGNATURE + " "
				+ WSHandlerConstants.ENCRYPT);
		inProp.put(WSHandlerConstants.PW_CALLBACK_CLASS,
				UTPasswordClientCallBack.class.getName());
		inProp.put(WSHandlerConstants.DEC_PROP_FILE,
				"cert/Client_Sign.properties");
		inProp.put(WSHandlerConstants.SIG_PROP_FILE,
				"cert/Client_Encrypt.properties");
		cxfEp.getInInterceptors().add(new WSS4JInInterceptor(inProp));

		{
			System.out.println("Invoking input...");
			java.lang.String _input_in = "Input Value!";
			java.lang.String _input__return = port.input(_input_in);
			System.out.println("input.result=" + _input__return);
		}

		System.exit(0);
	}

}


打开Server.java,同理将下面代码完整复制并完整覆盖:
package com.tongtech.ti.cxf.demo.security.X509.server;

import java.util.HashMap;
import java.util.Map;

import javax.xml.ws.Endpoint;

import org.apache.cxf.jaxws.EndpointImpl;
import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
import org.apache.ws.security.handler.WSHandlerConstants;

import com.tongtech.ti.cxf.demo.security.service.ISecuriyDemoImpl;

/**
 * This class was generated by Apache CXF 2.4.0-SNAPSHOT Tue Oct 26 16:45:43 CST
 * 2010 Generated source version: 2.4.0-SNAPSHOT
 * 
 */

public class Server {

	protected Server() throws Exception {
		System.out.println("Starting Server");
		Object implementor = new ISecuriyDemoImpl();
		String address = "http://localhost:8080/sec";
		EndpointImpl ep = (EndpointImpl) Endpoint.publish(address, implementor);
		org.apache.cxf.endpoint.Endpoint cxfEp = ep.getServer().getEndpoint();

		// ///////////////////////////////////////////////////////////////

		Map<String, Object> inProp = new HashMap<String, Object>();
		inProp.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP
				+ " " + WSHandlerConstants.SIGNATURE + " "
				+ WSHandlerConstants.ENCRYPT);
		inProp.put(WSHandlerConstants.PW_CALLBACK_CLASS,
				UTPasswordServerCallBack.class.getName());
		inProp.put(WSHandlerConstants.SIG_PROP_FILE,
				"cert/Server_SignVerf.properties");
		inProp.put(WSHandlerConstants.DEC_PROP_FILE,
				"cert/Server_Decrypt.properties");
		cxfEp.getInInterceptors().add(new WSS4JInInterceptor(inProp));

		// /////////////////////////////////////////////////////////////////

		Map<String, Object> outProp = new HashMap<String, Object>();
		outProp.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP
				+ " " + WSHandlerConstants.SIGNATURE + " "
				+ WSHandlerConstants.ENCRYPT);
		outProp.put(WSHandlerConstants.USER, "serverprivatekey");
		outProp.put(WSHandlerConstants.PW_CALLBACK_CLASS,
				UTPasswordServerCallBack.class.getName());
		outProp.put(WSHandlerConstants.ENCRYPTION_USER, "clientpublickey");
		outProp.put(WSHandlerConstants.SIG_PROP_FILE,
				"cert/Server_Decrypt.properties");// 私钥
		outProp.put(WSHandlerConstants.ENC_PROP_FILE,
				"cert/Server_SignVerf.properties");// 公钥
		cxfEp.getOutInterceptors().add(new WSS4JOutInterceptor(outProp));
	}

	public static void main(String args[]) throws Exception {
		new Server();
		System.out.println("Server ready...");

		Thread.sleep(60 * 60 * 1000);
		System.out.println("Server exiting");
		System.exit(0);
	}
}


复制完成后,运行服务端和客户端进行测试即可。没有出以外的话,客户端能够顺利收到返回信息。

如果要看soap内容,打开service包下的ISecuriyDemo.java,加入如下标注代码:
@WebService(targetNamespace = "http://demo.ti.tongtech.com/security/", name = "ISecuriyDemo")
@XmlSeeAlso({ObjectFactory.class})
//====加入如下代码====
@InInterceptors(interceptors = { "org.apache.cxf.interceptor.LoggingInInterceptor" })
@OutInterceptors(interceptors = { "org.apache.cxf.interceptor.LoggingOutInterceptor" })
//====加入代码结束====
public interface ISecuriyDemo {

    @WebResult(name = "out", targetNamespace = "")
    @RequestWrapper(localName = "input", targetNamespace = "http://demo.ti.tongtech.com/security/", className = "com.tongtech.ti.cxf.demo.security.service.Input")
    @WebMethod(action = "http://demo.ti.tongtech.com/security/input")
    @ResponseWrapper(localName = "inputResponse", targetNamespace = "http://demo.ti.tongtech.com/security/", className = "com.tongtech.ti.cxf.demo.security.service.InputResponse")
    public java.lang.String input(
        @WebParam(name = "in", targetNamespace = "")
        java.lang.String in
    );
}


最后以客户端为例,简单讲解一下出入站配置:
客户端包括:
		org.apache.cxf.endpoint.Client client = ClientProxy.getClient(port);
		Endpoint cxfEp = client.getEndpoint();

		// Clint Out
		Map<String, Object> outProp = new HashMap<String, Object>();
		outProp.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP
				+ " " + WSHandlerConstants.SIGNATURE + " "
				+ WSHandlerConstants.ENCRYPT);
		outProp.put(WSHandlerConstants.USER, "clientprivatekey");
		outProp.put(WSHandlerConstants.ENCRYPTION_USER, "serverpublickey");
		outProp.put(WSHandlerConstants.PW_CALLBACK_CLASS,
				UTPasswordClientCallBack.class.getName());
		outProp.put(WSHandlerConstants.SIG_PROP_FILE,
				"cert/Client_Sign.properties");
		outProp.put(WSHandlerConstants.ENC_PROP_FILE,
				"cert/Client_Encrypt.properties");
		cxfEp.getOutInterceptors().add(new WSS4JOutInterceptor(outProp));

		// Client In(Return)
		Map<String, Object> inProp = new HashMap<String, Object>();
		inProp.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP
				+ " " + WSHandlerConstants.SIGNATURE + " "
				+ WSHandlerConstants.ENCRYPT);
		inProp.put(WSHandlerConstants.PW_CALLBACK_CLASS,
				UTPasswordClientCallBack.class.getName());
		inProp.put(WSHandlerConstants.DEC_PROP_FILE,
				"cert/Client_Sign.properties");
		inProp.put(WSHandlerConstants.SIG_PROP_FILE,
				"cert/Client_Encrypt.properties");
		cxfEp.getInInterceptors().add(new WSS4JInInterceptor(inProp));

第一行,使用CXF的Client代理(ClientProxy)来获得Endpoint,然后将WSS4J的Intercepter加入到Endpoint中。
需要加入两个WSS4J的Intercepter,WSS4JOutInterceptor和WSS4JInInterceptor,outIntercepter是客户端向服务端请求时,作为客户端出站(OutBound)的Intercepter,需要配置WSS4J相关属性:
WSHandlerConstants.ACTION,WSHandlerConstants.USER,WSHandlerConstants.ENCRYPTION_USER,WSHandlerConstants.PW_CALLBACK_CLASS,WSHandlerConstants.SIG_PROP_FILE,WSHandlerConstants.ENC_PROP_FILE,将这些属性放入map中,传入WSS4JOutInterceptor中。
对于客户端出站来说,签名需要客户端私钥(Client_Sign.properties)进行签名,加密需要服务端公钥(Client_Encrypt.properties)进行加密,属性中WSHandlerConstants.SIG_PROP_FILE为签名配置文件,WSHandlerConstants.ENC_PROP_FILE为加密配置文件。
入站则相反,验签需要服务端公钥(Client_Encrypt.properties),解密需要客户端私钥(Client_Sign.properties)。
服务器端与客户端相反,意思和客户端相同。
8
1
分享到:
评论
5 楼 jackyrong 2018-06-20  
您好 能否给我提供一下源码 谢谢?1809772@qq.com
4 楼 wangyudong 2017-11-27  
由CXF实现的微服务需要有比较好的工具去测试RESTful API,很多REST Client是不支持自动化测试RESTful API,也不支持自动生成API文档.
之前习惯用一款名字为 WisdomTool REST Client,支持自动化测试RESTful API,输出精美的测试报告,并且自动生成精美的RESTful API文档。
轻量级的工具,功能却很精悍哦!

https://github.com/wisdomtool/rest-client

Most of REST Client tools do not support automated testing.

Once used a tool called WisdomTool REST Client supports automated testing, output exquisite report, and automatically generating RESTful API document.

Lightweight tool with very powerful features!

https://github.com/wisdomtool/rest-client
3 楼 jiangsong12374 2012-01-04  
您好 能否给我提供一下源码 谢谢?js-java@163.com
2 楼 ljz0898 2011-07-13  
你好  我按照你的说法来实现的 出现以下的问题 希望得到你的解答 谢谢 

证书我已经点击安装了  是不是还需要规定放在什么目录下面???

2011-7-13 9:25:39 org.apache.cxf.service.factory.ReflectionServiceFactoryBean buildServiceFromWSDL
信息: Creating Service {http://copy.com/}HellowordService from WSDL: http://localhost:9090/hello?wsdl
Invoking input...
Client Identifier=clientprivatekey
Client Password=keypass
2011-7-13 9:25:40 org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage
警告: Request does not contain Security header, but it's a fault.
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: General security error (No certificates were found for decryption (KeyId))
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:146)
at $Proxy25.sayHi(Unknown Source)
at com.client.copy.Client.main(Client.java:74)
Caused by: org.apache.cxf.binding.soap.SoapFault: General security error (No certificates were found for decryption (KeyId))
at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75)
at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46)
at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:104)
at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)
at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:762)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1582)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1467)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1375)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:623)
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:510)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:440)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:343)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:295)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
... 2 more
1 楼 ljz0898 2011-07-06  
您好 能否给我提供一下源码 谢谢?ljz0898@126.com

相关推荐

    CXFWS-Security

    1)参考: ...2)CXFWS工程是基于WS-Security规范,实现X.509身份验证的,同时实现签名和加密 keytool 工具的使用参考 http://hi.baidu.com/qianshuifanchuan/blog/item/6291b8510009ad3c42a75b8e.html ...

    cxf-rt-ws-addr-3.0.1-API文档-中文版.zip

    赠送jar包:cxf-rt-ws-addr-3.0.1.jar; 赠送原API文档:cxf-rt-ws-addr-3.0.1-javadoc.jar; 赠送源代码:cxf-rt-ws-addr-3.0.1-sources.jar; 赠送Maven依赖信息文件:cxf-rt-ws-addr-3.0.1.pom; 包含翻译后的API...

    纯java调用ws-security+CXF实现的webservice安全接口

    纯java调用ws-security+CXF实现的webservice安全接口

    Cxf 和wss4j实现ws-security的demo

    CXF使用WSS4J实现WS-Security规范,本例的配置是Timestamp Signature Encrypt,具体使用可以参考我的博客http://blog.csdn.net/wangchsh2008/article/details/6708270

    cxf-rt-ws-policy-3.0.1-API文档-中文版.zip

    赠送jar包:cxf-rt-ws-policy-3.0.1.jar; 赠送原API文档:cxf-rt-ws-policy-3.0.1-javadoc.jar; 赠送源代码:cxf-rt-ws-policy-3.0.1-sources.jar; 赠送Maven依赖信息文件:cxf-rt-ws-policy-3.0.1.pom; 包含...

    cxf+ws-security-JAR

    cxf结合ws-security实现webservice 用户名/密码身份认证安全调用,依赖包

    cxf-rt-transports-http-3.0.1-API文档-中文版.zip

    赠送jar包:cxf-rt-transports-http-3.0.1.jar; 赠送原API文档:cxf-rt-transports-http-3.0.1-javadoc.jar; 赠送源代码:cxf-rt-transports-http-3.0.1-sources.jar; 赠送Maven依赖信息文件:cxf-rt-transports-...

    cxf ws-Security的实现

    cxf ws-Security的实现 WS-SecurityPolicy 安全配置指定在客户机和服务之间交换的消息所需的安全处理。在大多数情况下,Web 服务堆栈还需要更多信息,才能对消息交换应用安全措施。 里面有2个project,分别server ...

    CXF WS-Security WSS4J 例子

    CXF WS-Security WSS4J 例子 可以运行,运行的时候只要运行client就行,重点是运行完之后要关掉第一个控制台,才能看到结果。一定要记得改一下client的路径名

    cxf-rt-frontend-simple-3.0.1-API文档-中文版.zip

    赠送jar包:cxf-rt-frontend-simple-3.0.1.jar; 赠送原API文档:cxf-rt-frontend-simple-3.0.1-javadoc.jar; 赠送源代码:cxf-rt-frontend-simple-3.0.1-sources.jar; 赠送Maven依赖信息文件:cxf-rt-frontend-...

    cxf-rt-bindings-soap-3.0.1-API文档-中文版.zip

    赠送jar包:cxf-rt-bindings-soap-3.0.1.jar; 赠送原API文档:cxf-rt-bindings-soap-3.0.1-javadoc.jar; 赠送源代码:cxf-rt-bindings-soap-3.0.1-sources.jar; 赠送Maven依赖信息文件:cxf-rt-bindings-soap-...

    我的cxf与ws-security

    经过了几天的努力与查询不少的资料与调试,头都大了,终于给CXF加上了一把密码锁,希望进步;

    Web 服务规范_第 4 部分:WS-Security源码

    了解 Web 服务规范_第 4 部分:WS-Security源码

    cxfWebservice客户端全部jar包及极简调用方法.rar

    udp-3.0.11.jar,cxf-rt-wsdl-3.0.0.jar,cxf-rt-ws-security-3.0.0.jar,neethi-3.0.3.jar,slf4j-api-1.7.7.jar,stax2-api-3.1.4.jar,woodstox-core-asl-4.4.1.jar,wsdl4j-1.6.3.jar,wss4j-bindings-2.0.9.jar,xml...

    cxf-rt-frontend-jaxws-3.0.1-API文档-中文版.zip

    赠送jar包:cxf-rt-frontend-jaxws-3.0.1.jar; 赠送原API文档:cxf-rt-frontend-jaxws-3.0.1-javadoc.jar; 赠送源代码:cxf-rt-frontend-jaxws-3.0.1-sources.jar; 赠送Maven依赖信息文件:cxf-rt-frontend-jaxws...

    cxf-rt-rs-extension-providers-3.0.1-API文档-中文版.zip

    赠送jar包:cxf-rt-rs-extension-providers-3.0.1.jar; 赠送原API文档:cxf-rt-rs-extension-providers-3.0.1-javadoc.jar; 赠送源代码:cxf-rt-rs-extension-providers-3.0.1-sources.jar; 赠送Maven依赖信息...

    cxf-rt-rs-client-3.0.1-API文档-中文版.zip

    赠送jar包:cxf-rt-rs-client-3.0.1.jar; 赠送原API文档:cxf-rt-rs-client-3.0.1-javadoc.jar; 赠送源代码:cxf-rt-rs-client-3.0.1-sources.jar; 赠送Maven依赖信息文件:cxf-rt-rs-client-3.0.1.pom; 包含...

    cxf-rt-bindings-xml-3.0.1-API文档-中文版.zip

    赠送jar包:cxf-rt-bindings-xml-3.0.1.jar; 赠送原API文档:cxf-rt-bindings-xml-3.0.1-javadoc.jar; 赠送源代码:cxf-rt-bindings-xml-3.0.1-sources.jar; 赠送Maven依赖信息文件:cxf-rt-bindings-xml-3.0.1....

    cxf-rt-frontend-jaxws-3.0.16.jar 下载

    cxf-rt-frontend-jaxws-3.0.16.jar jar包下载3.0.16版本下载

    CXF(WS_Security)证书加密

    对WebServcie进行双层加密,自己写的一个小例子。

Global site tag (gtag.js) - Google Analytics