当前位置: 首页 > 工具软件 > WSS4J > 使用案例 >

CXF使用WSS4J实现WS-Security规范之使用用户名令牌(转)

常业
2023-12-01

转自 http://blog.csdn.net/fhd001/archive/2010/09/05/5864413.aspx

 

pom.xml

 

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
	<modelVersion>4.0.0</modelVersion>
	<groupId>test.cxf</groupId>
	<artifactId>java_first_spring_support1</artifactId>
	<packaging>war</packaging>
	<name>java_first_spring_support1</name>
	<version>0.0.1-SNAPSHOT</version>
	<description>CXF使用WSS4J实现WS-Security规范之使用用户名令牌</description>
	<properties>
		<cxf.version>2.2.5</cxf.version>
	</properties>
	<build>
		<finalName>java_first_spring_support1</finalName>
		<plugins>
			<plugin>
				<artifactId>maven-compiler-plugin</artifactId>
				<configuration>
					<source>1.6</source>
					<target>1.6</target>
					<encoding>UTF-8</encoding>
				</configuration>
			</plugin>
			<plugin>
				<groupId>org.apache.maven.plugins</groupId>
				<artifactId>maven-resources-plugin</artifactId>
				<configuration>
					<encoding>UTF-8</encoding>
				</configuration>
			</plugin>
		</plugins>
	</build>
	<dependencies>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring</artifactId>
			<version>2.5.6</version>
		</dependency>
		<dependency>
			<groupId>org.apache.cxf</groupId>
			<artifactId>cxf-rt-frontend-jaxws</artifactId>
			<version>${cxf.version}</version>
		</dependency>
		<dependency>
			<groupId>org.apache.cxf</groupId>
			<artifactId>cxf-rt-transports-http</artifactId>
			<version>${cxf.version}</version>
		</dependency>
		<dependency>
			<groupId>org.apache.cxf</groupId>
			<artifactId>cxf-rt-ws-security</artifactId>
			<version>${cxf.version}</version>
		</dependency>
		<dependency>
			<groupId>junit</groupId>
			<artifactId>junit</artifactId>
			<version>4.8.1</version>
			<scope>test</scope>
		</dependency>
	</dependencies>
</project>

 

 

服务接口:

package cxf.server;
import javax.jws.WebService;
@WebService
public interface HelloWorld {
    String sayHi(String name);
}

 

接口实现:

package cxf.server;
import javax.jws.WebService;
@WebService(endpointInterface="cxf.server.HelloWorld")
public class HelloWorldImpl implements HelloWorld {
	@Override
	public String sayHi(String name) {
		
		System.out.println("server: say->" + name);
		return "say-->" + name;
	}
}

 服务端的spring配置:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws"
	xsi:schemaLocation="
	http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
	http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">
	<import resource="classpath:META-INF/cxf/cxf.xml" />
	<import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
	<import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
	<bean id="serverPasswordCallback" class="cxf.server.ServerPasswordCallback" />
	<jaxws:endpoint id="helloworld" implementor="cxf.server.HelloWorldImpl"
		address="/helloworld">
		<jaxws:inInterceptors>
			<bean class="org.apache.cxf.interceptor.LoggingInInterceptor" />
			<!-- SAAJInInterceptor只在CXF是2.0.X版本时或之前版本时才是必须的 -->
			<!-- <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"/> -->
			<bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
				<constructor-arg>
					<map>
						<entry key="action" value="UsernameToken" />
						<entry key="passwordType" value="PasswordText" />
						<entry key="user" value="FHDServer" />
						<entry key="passwordCallbackRef">
							<ref bean="serverPasswordCallback" />
						</entry>
					</map>
				</constructor-arg>
			</bean>
		</jaxws:inInterceptors>
	</jaxws:endpoint>
	<!-- 
		action:					UsernameToken				指使用用户名令牌 
    	passwordType:			PasswordText				指密码加密策略,这里直接文本 
    	user:					FHDServer					指别名 
    	passwordCallBackRef:	serverPasswordCallback		指消息验证 
	-->
</beans>

 

服务端的验证:

package cxf.server;
import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.ws.security.WSPasswordCallback;
public class ServerPasswordCallback implements CallbackHandler {
	@Override
	public void handle(Callback[] callbacks) throws IOException,
			UnsupportedCallbackException {
		WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
		String identifier = pc.getIdentifier();
		String password = pc.getPassword();
		if ("admin".equals(identifier) && "888888".equals(password)) {
			System.out.println("验证通过!");
			System.out.println("identifier = " + identifier);
			System.out.println("password = " + password);
		} else {
			throw new SecurityException("验证失败");
		}
	}
}

 

客户端的spring配置:

 

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws"
	xsi:schemaLocation="
	http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
	http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">
	<bean id="clientPasswordCallback" class="cxf.client.ClientPasswordCallback"/>
	<jaxws:client id="client"
		address="http://localhost:8080/java_first_spring_support1/service/helloworld"
		serviceClass="cxf.server.HelloWorld">
		<jaxws:outInterceptors>
			<bean class="org.apache.cxf.interceptor.LoggingOutInterceptor" />
			<!-- SAAJInInterceptor只在CXF是2.0.X版本时或之前版本时才是必须的 -->
			<!-- <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"/> -->
			<bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
				<constructor-arg>
					<map>
						<entry key="action" value="UsernameToken" />
						<entry key="passwordType" value="PasswordText" />
						<entry key="user" value="FHDClient" />
						<entry key="passwordCallbackRef">
							<ref bean="clientPasswordCallback" />
						</entry>
					</map>
				</constructor-arg>
			</bean>
		</jaxws:outInterceptors>
	</jaxws:client>
</beans>

 客户端的验证:

package cxf.client;
import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.ws.security.WSPasswordCallback;
public class ClientPasswordCallback implements CallbackHandler {
	@Override
	public void handle(Callback[] callbacks) throws IOException,
			UnsupportedCallbackException {
		WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
		pc.setPassword("888888");
		pc.setIdentifier("admin");
	}
}

 客户端调用代码:

package cxf.client;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import cxf.server.HelloWorld;
public final class Client {
    public static void main(String args[]) throws Exception {
    	
        ClassPathXmlApplicationContext context  = new ClassPathXmlApplicationContext(new String[] {"client-beans.xml"});
        HelloWorld client = (HelloWorld)context.getBean("client");
        String str = client.sayHi("fuhaidong");
        System.out.println("client: " + str);
    }
}

 web.xml:

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
	id="WebApp_ID" version="2.5">
	
	<display-name>java_first_spring_support1</display-name>
	
	<welcome-file-list>
		<welcome-file>index.jsp</welcome-file>
	</welcome-file-list>
	
	<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>classpath:beans.xml</param-value>
	</context-param>
	<listener>
		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
	</listener>
	<servlet>
		<servlet-name>CXFServlet</servlet-name>
		<servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class>
		<load-on-startup>1</load-on-startup>
	</servlet>
	<servlet-mapping>
		<servlet-name>CXFServlet</servlet-name>
		<url-pattern>/service/*</url-pattern>
	</servlet-mapping>
</web-app>
 

 

 类似资料: