俄罗斯美女视频在线,范冰冰快乐大本营视频

實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J)

浮石 >《XFire》

2010.03.04

關(guān)注

[WebService Server端配置]
第一，創(chuàng)建一個基本的BookService

public interface BookService {

/**

* 按書名模糊查詢圖書

*/

List findBooksByName(String name);

/**

* 查找目錄下的所有圖書

*

* @param categoryId 如果category為null或“all”，列出所有圖書。

*/

List findBooksByCategory(String categoryId);

/**

* 列出所有分類.

*

* @return List<Category>，或是null。

*/

List getAllCategorys();

}

第二，接口擴(kuò)展，即Extend基本的BookService，在XFire中，不同的WSS4J策略需要針對不同的ServiceClass，否則<inHandlers>里面的定義會Overlap。

public interface BookServiceWSS4JEnc extends BookService {

}

public interface BookServiceWSS4JSign extends BookService {

}

第三，配置Spring的ApplicationContext文件

</bean>

<value>

/BookService=bookService

/BookServiceWSS4J=bookServiceWSS4J

/BookServiceWSS4JEnc=bookServiceWSS4JEnc

/BookServiceWSS4JSign=bookServiceWSS4JSign

</value>

</property>

</bean>

</bean>

<list>

</list>

</property>

</bean>

<props>

<prop key="action">UsernameToken</prop>

<prop key="passwordCallbackClass">org.springside.bookstore.plugins.xfire.wss4j.PasswordHandler</prop>

</props>

</property>

</bean>

<list>

</list>

</property>

</bean>

<props>

<prop key="action">Encrypt</prop>

<prop key="decryptionPropFile">org/springside/bookstore/plugins/xfire/wss4j/insecurity_enc.properties</prop>

<prop key="passwordCallbackClass">org.springside.bookstore.plugins.xfire.wss4j.PasswordHandler</prop>

</props>

</property>

</bean>

<list>

</list>

</property>

</bean>

<props>

<prop key="action">Signature</prop>

<prop key="signaturePropFile">org/springside/bookstore/plugins/xfire/wss4j/insecurity_sign.properties</prop>

<prop key="passwordCallbackClass">org.springside.bookstore.plugins.xfire.wss4j.PasswordHandler</prop>

</props>

</property>

</bean>

</beans>

第四，配置insecurity_enc.properties和insecurity_sign.properties兩個密鑰庫配置文件
insecurity_enc.properties：

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=SpringSide
org.apache.ws.security.crypto.merlin.alias.password=SpringSide
org.apache.ws.security.crypto.merlin.keystore.alias=david
org.apache.ws.security.crypto.merlin.file=org/springside/bookstore/plugins/xfire/wss4j/springside_private.jks

outsecurity_sign.properties：

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=SpringSide
org.apache.ws.security.crypto.merlin.keystore.alias=david
org.apache.ws.security.crypto.merlin.file=org/springside/bookstore/plugins/xfire/wss4j/springside_public.jks

第五，使用SecureX生成了兩個keystore文件
springside_private.jks

別名名稱： david
創(chuàng)建日期： 2006-8-6
輸入類型：KeyEntry
認(rèn)證鏈長度： 1
認(rèn)證 [1]:
Owner: CN=david, OU=SpringSide, O=org, L=gz, ST=gd, C=cn
發(fā)照者： CN=david, OU=SpringSide, O=org, L=gz, ST=gd, C=cn
序號： 44d4cdcd
有效期間： Sun Aug 06 00:56:45 CST 2006 至： Mon Aug 06 00:56:45 CST 2007
認(rèn)證指紋：
MD5： CF:97:13:0C:70:D0:4D:B6:B4:27:0F:1A:0B:CF:D9:F2
SHA1： 8E:8E:E8:BC:64:39:C8:43:E4:F7:1B:3B:CE:48:1D:6B:A0:2B:58:B5

springside_public.jks

別名名稱： david

創(chuàng)建日期： 2006-8-6

輸入類型： trustedCertEntry

Owner: CN=david, OU=SpringSide, O=org, L=gz, ST=gd, C=cn

發(fā)照者： CN=david, OU=SpringSide, O=org, L=gz, ST=gd, C=cn

序號： 44d4cdcd

有效期間： Sun Aug 06 00:56:45 CST 2006 至： Mon Aug 06 00:56:45 CST 2007

認(rèn)證指紋：

MD5： CF:97:13:0C:70:D0:4D:B6:B4:27:0F:1A:0B:CF:D9:F2

SHA1： 8E:8E:E8:BC:64:39:C8:43:E4:F7:1B:3B:CE:48:1D:6B:A0:2B:58:B5

第五，新版本SpringSide需要
http://www.bouncycastle.org/download/bcprov-jdk15-133.jar
并且要配置java.security
另外,還要使用jdk加密增強(qiáng)策略
http://www.blogjava.net/openssl/archive/2006/03/08/34381.html

用戶要使用WSS4J，需要配置Bouncycastle這個SecurityProvider，否則
運(yùn)行Enc模式的XFire認(rèn)證的時候，會拋出異常：
org.apache.ws.security.WSSecurityException: An unsupported signature or encryption algorithm was used unsupported key
配合java.security也是非常簡單:
在最后加入BouncycastleProvider。
security.provider.1=sun.security.provider.Sun
security.provider.2=com.sun.net.ssl.internal.ssl.Provider
security.provider.3=com.sun.rsajca.Provider
security.provider.4=com.sun.crypto.provider.SunJCE
security.provider.5=sun.security.jgss.SunProvider
security.provider.6=org.bouncycastle.jce.provider.BouncyCastleProvider

[WebService Client端配置]
1，Encrypt模式的Client是在客戶端用david的公鑰加密Soap里面的usernameToken，然后發(fā)送到Web服務(wù)，Web服務(wù)用david的私鑰來驗(yàn)證。這種模式需要客戶端預(yù)先知道服務(wù)器端的公鑰。

在Encrypt模式中，需要這樣配置ClientHandler：

Service serviceModel = new ObjectServiceFactory().create(BookServiceWSS4JEnc.class);

XFireProxyFactory factory = new XFireProxyFactory(getXFire());

BookService service = (BookService) factory.create(serviceModel, "xfire.local://BookServiceWSS4JEnc");

Client client = ((XFireProxy) Proxy.getInvocationHandler(service)).getClient();

//掛上WSS4JOutHandler，提供認(rèn)證

client.addOutHandler(new DOMOutHandler());

Properties properties = new Properties();

configureOutProperties(properties);

client.addOutHandler(new WSS4JOutHandler(properties));

List list = service.getAllCategorys();

configureOutProperties函數(shù)負(fù)責(zé)指定Client使用何種安全策略，沒錯，使用outsecurity_enc.properties，這個properties是跟Server端的insecurity_enc.properties一起使用的。

    protected void configureOutProperties(Properties config) {
        config.setProperty(WSHandlerConstants.ACTION, WSHandlerConstants.ENCRYPT);
        config.setProperty(WSHandlerConstants.USER, "david");
        //config.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS, PasswordHandler.class.getName());
        //Configuration of public key used to encrypt message goes to properties file.
        config.setProperty(WSHandlerConstants.ENC_PROP_FILE,
                               "org/springside/bookstore/plugins/xfire/outsecurity_enc.properties");
    }

outsecurity_enc.properties：

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin

org.apache.ws.security.crypto.merlin.keystore.type=jks

org.apache.ws.security.crypto.merlin.keystore.password=SpringSide

org.apache.ws.security.crypto.merlin.keystore.alias=david

org.apache.ws.security.crypto.merlin.file=org/springside/bookstore/plugins/xfire/wss4j/springside_public.jks

2, Sign模式的Client同樣也是很簡單，這種模式是Client端用自己的私鑰為usernameToken簽名，服務(wù)器端用Client的公鑰來驗(yàn)證簽名，因此，服務(wù)器端需要預(yù)先知道客戶端的公鑰。
對應(yīng)于Encrypt模式，這里的configureOutProperties需要這樣來配置：

    protected void configureOutProperties(Properties properties) {
        properties.setProperty(WSHandlerConstants.ACTION,WSHandlerConstants.SIGNATURE);
        // User in keystore
        properties.setProperty(WSHandlerConstants.USER, "david");
        // This callback is used to specify password for given user for keystore
        properties.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS, PasswordHandler.class.getName());
        // Configuration for accessing private key in keystore
        properties.setProperty(WSHandlerConstants.SIG_PROP_FILE,"org/springside/bookstore/plugins/xfire/outsecurity_sign.properties");
        properties.setProperty(WSHandlerConstants.SIG_KEY_ID,"IssuerSerial");
    }

outsecurity_sign.properties：

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=SpringSide
org.apache.ws.security.crypto.merlin.alias.password=SpringSide
org.apache.ws.security.crypto.merlin.keystore.alias=david
org.apache.ws.security.crypto.merlin.file=org/springside/bookstore/plugins/xfire/wss4j/springside_private.jks

本站僅提供存儲服務(wù)，所有內(nèi)容均由用戶發(fā)布，如發(fā)現(xiàn)有害或侵權(quán)內(nèi)容，請點(diǎn)擊舉報。

打開APP，閱讀全文并永久保存查看更多類似文章

XFire中實(shí)現(xiàn)WS-Security完整編

SSL &WS-Security--Web Service安全保障 - cenwenchu...

簡單CXF方式的webService客戶端調(diào)用范例

国产一级a片免费看高清,亚洲熟女中文字幕在线视频,黄三级高清在线播放,免费黄色视频在线看