最近研究了下webservice,今天和大家分享一下wss4j+cxf基于UsernameToken的安全驗證。名詞解釋:
cxf : apache下的一個開源項目,用于釋出webservice。
WSS4J : Web Services Security for Java.
廢話少說,直接上代碼。
1. 首先,需要導入cxf中的所有jar包,及wss4j中的所有jar包與log4j.jar。
(本例中使用的版本是:apache-cxf-2.7.3,wss4j-1.6.9)
2. 首先建立server 項目,釋出一個簡單的helloWorldService.
目錄結構圖:
webservice接口代碼:
package com.wss4j.server;
import javax.jws.WebParam;
import javax.jws.WebService;
@WebService
public interface HelloWorld {
public String sayHello(@WebParam(name = "name") String name);
}
webservice實作類
package com.wss4j.server;
public class HelloWorldImpl implements HelloWorld {
@Override
public String sayHello(String name) {
return "Hello " + name + " ^_^ !";
}
}
接下來是服務端攔截器: ServerPasswordCallback.java
package com.wss4j.interceptor;
import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.ws.security.WSPasswordCallback;
import org.slf4j.Logger;
public class ServerPasswordCallback implements CallbackHandler {
private Logger logger = org.slf4j.LoggerFactory.getLogger(ServerPasswordCallback.class);
@Override
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
// 辨別符
String identifier = pc.getIdentifier();
// 此處擷取到的password為null,但是并不代表服務端沒有拿到該屬性。
String password = pc.getPassword();
logger.info("identifier:" + identifier);
logger.info("password:" + password);
if (identifier != null && identifier.equals("admin")) {
/**
* 此處應該這樣做:
* 1. 查詢資料庫,得到資料庫中該使用者名對應密碼
* 2. 設定密碼,wss4j會自動将你設定的密碼 與用戶端傳遞的密碼進行比對
* 3. 如果相同,則放行,否則傳回權限不足資訊
*
*/
pc.setPassword("password");
}else{
logger.info("未授權的使用者");
}
}
}
server-beans.xml
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:cxf="http://cxf.apache.org/core"
xmlns:jaxws="http://cxf.apache.org/jaxws"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd">
<!-- jar包中自帶的cxf檔案夾下的*.xml檔案 -->
<import resource="classpath:META-INF/cxf/cxf.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
<import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
<bean id="myPasswordCallback" class="com.wss4j.interceptor.ServerPasswordCallback" />
<jaxws:endpoint id="helloword" implementor="com.wss4j.server.HelloWorldImpl"
address="/helloService">
<!-- 添加攔截器 -->
<jaxws:inInterceptors>
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
<map>
<entry key="action" value="UsernameToken" />
<entry key="passwordType" value="PasswordText" />
<entry key="signaturePropFile" value="..." />
<entry key="user" value="FHDServer" />
<entry key="passwordCallbackRef">
<ref bean="myPasswordCallback" />
</entry>
</map>
</constructor-arg>
</bean>
</jaxws:inInterceptors>
</jaxws:endpoint>
</beans>
beans.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jaxws="http://cxf.apache.org/jaxws"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd">
<import resource="../cxf/server-beans.xml"/>
</beans>
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
id="WebApp_ID" version="3.0">
<display-name>wss4j001-cxf-server</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring/beans.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>CXFServlet</servlet-name>
<servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>CXFServlet</servlet-name>
<url-pattern>/ws/*</url-pattern>
</servlet-mapping>
</web-app>
此時,我們的server端就已經搞定了。
通路連結:http://localhost:8080/wss4j001-cxf-server/ws/helloService?wsdl
即可看到剛剛釋出的webservice的wsdl檔案。但是不能直接通路方法,因為我們為其增加了安全校驗。
接下來,建立client 端 項目。
具體項目結構如下:
HelloWorldClient.java
package com.wss4j.client;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import com.wss4j.server.HelloWorld;
public class HelloWorldClient {
public static void main(String[] args) {
ClassPathXmlApplicationContext context = new ClassPathXmlApplicationContext(
new String[] { "cxf/client-beans.xml" });
HelloWorld client = (HelloWorld) context.getBean("client");
String response = client.sayHello("Dan");
System.out.println("Response: " + response);
System.exit(0);
}
}
用戶端添加使用者認證攔截器 ClientPasswordCallback.java
package com.wss4j.interceptor;
import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.ws.security.WSPasswordCallback;
public class ClientPasswordCallback implements CallbackHandler {
@Override
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
String ident = "admin";
String passwd = "password";
pc.setPassword(passwd);
pc.setIdentifier(ident);
}
}
client-beans.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:cxf="http://cxf.apache.org/core"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd">
<bean id="clientPasswordCallback" class="com.wss4j.interceptor.ClientPasswordCallback" />
<jaxws:client id="client" serviceClass="com.wss4j.server.HelloWorld"
address="http://localhost:8080/wss4j001-cxf-server/ws/helloService">
<jaxws:outInterceptors>
<bean class="org.apache.cxf.interceptor.LoggingOutInterceptor" />
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<constructor-arg>
<map>
<entry key="action" value="UsernameToken" />
<entry key="passwordType" value="PasswordText" />
<entry key="user" value="FHDClient" />
<entry key="passwordCallbackRef">
<ref bean="clientPasswordCallback" />
</entry>
</map>
</constructor-arg>
</bean>
</jaxws:outInterceptors>
</jaxws:client>
</beans>
接下來,我們需要通過wsdl 生成服務端webservice的用戶端java檔案。這裡使用cxf的wsdl2java指令。
打開cmd指令行:
1. 進入到 \apache-cxf-2.7.3\apache-cxf-2.7.3\bin 目錄下
2. 執行指令:
wsdl2ava -client http://localhost:8080/wss4j001-cxf-server/ws/helloService?wsdl
3. 生成的java檔案就在 \apache-cxf-2.7.3\apache-cxf-2.7.3\bin 目錄下,名為com的檔案夾。複制檔案夾至client項目的src下。
接下來,首先将server項目添加到伺服器中,啟動伺服器。然後執行 HelloWorldClient.java中的main方法,就可以通路服務端的webservice了,是不是so easy ^_^ ..
有問題請咨詢:
QQ :269223361