前3节中介绍了如何发布一个webservice和客户端如何调用,一切貌似都正常,但存在着安全隐患-这样导致任意的客户端都可以调用我们的webservice服务,接下来将介绍如何采用基于用户名和密码认证的方式来实现客户端调用
1.服务器端配置
a.在发布service的时候为该service添加一个WSS4JInInterceptor 拦截器
表示我们的service需要用户提供用户名和密码认证后才能调用
package com.crazycoder2010.webservice.cxf.server;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.ServletConfig;
import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.endpoint.Server;
import org.apache.cxf.frontend.ServerFactoryBean;
import org.apache.cxf.service.invoker.BeanInvoker;
import org.apache.cxf.transport.servlet.CXFNonSpringServlet;
import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.handler.WSHandlerConstants;
<SPAN><SPAN class=keyword></SPAN></SPAN>import com.crazycoder2010.webservice.cxf.server.HelloWorldServiceImpl;
public class WebServiceServlet extends CXFNonSpringServlet {
private static final long serialVersionUID = -5314312869027558456L;
@Override
protected void loadBus(ServletConfig servletConfig) {
super.loadBus(servletConfig);
System.out.println("#####################");
ServerFactoryBean svrFactory = new ServerFactoryBean();
svrFactory.setServiceClass(HelloWorldService.class);
svrFactory.setAddress("/passportService");
svrFactory.setInvoker(new BeanInvoker(new HelloWorldServiceImp()));
Server server = svrFactory.create();
Endpoint cxfEndpoint = server.getEndpoint();
Map<String, Object> inProps = new HashMap<String, Object>();
inProps.put(WSHandlerConstants.ACTION,
WSHandlerConstants.USERNAME_TOKEN);
inProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_DIGEST);
inProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
ServerPasswordHandler.class.getName());
cxfEndpoint.getInInterceptors().add(new WSS4JInInterceptor(inProps));
}
}
b.处理用户名和密码的逻辑
添加一个ServerPasswordHandler类,该类实现CallbackHandler接口,user='kevin',password='111111'为该service的访问用户名密码
public class ServerPasswordHandler implements CallbackHandler{
private String user = "kevin";
private String password = "111111";
@Override
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
if(user.equals(pc.getIdentifier())){
pc.setPassword(password);
}
}
}
2.客户端配置
a.配置WSS4JOutInterceptor拦截器,表示发出请求的时候将以提供的用户名和密码信息提交到服务器端认证
public class WebServiceFactory {
public static PassportService getHelloWorldService(){
Map<String,Object> outProps = new HashMap<String,Object>();
outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
outProps.put(WSHandlerConstants.USER, "kevin");//这个用户即服务器端配置的用户名
outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_DIGEST);
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, ClientPasswordHandler.class.getName());//这个类用来获取客户端认证用户名密码信息
JaxWsProxyFactoryBean bean = new JaxWsProxyFactoryBean();
bean.getInInterceptors().add(new LoggingInInterceptor());
bean.getInFaultInterceptors().add(new LoggingOutInterceptor());
bean.setServiceClass(PassportService.class);
bean.setAddress("http://localhost:8080/CXF-Server/webservice/helloWorldService");
HelloWorldService helloWorldService = (HelloWorldService)bean.create();
ClientProxy clientProxy = (ClientProxy)Proxy.getInvocationHandler(passportService);
Client client = clientProxy.getClient();
client.getOutInterceptors().add(new WSS4JOutInterceptor(outProps));//配置拦截器
return helloWorldService;
}
}
b.配置客户端认证信息类
public class ClientPasswordHandler implements CallbackHandler{
@Override
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
pc.setPassword("kevin");//这个地方的用户名和密码与服务器端保持一致
pc.setIdentifier("111111");
}
}
c.客户端调用
public class DemoClient {
public static void main(String[] args) {
<PRE class=java name="code"> HelloWorldService helloWorldService = WebServiceFactory.getHelloWorldService();
helloWorldService.sayHello("John");
}
}</PRE>
<PRE></PRE>
<P></P>
<PRE></PRE>
小结:
<P></P>
<P>这种方式利用服务器端与客户端共享同一用户名密码的方式实现了webservice的安全访问,流程图如下</P>
<P><IMG alt="" src="http://hi.csdn.net/attachment/201108/17/0_13135751629tGv.gif"></P>
<P>参考资料:<A href="http://cxf.apache.org/docs/ws-security.html" target=_blank>http://cxf.apache.org/docs/ws-security.html</A><BR>
</P>
<P><BR>
</P>
<BR>
分享到:
相关推荐
<import resource="classpath:META-INF/cxf/cxf.xml"/> <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml"/> <import resource="classpath:META-INF/cxf/cxf-servlet.xml"/>
geronimo-servlet_2.5_spec-1.1.2.jar geronimo-stax-api_1.0_spec-1.0.1.jar geronimo-ws-metadata_2.0_spec-1.1.3.jar h2-1.3.169.jar isorelax-20030108.jar jaxb-api-2.2.6.jar jaxb-impl-2.2.5.jar jaxb-xjc-...
webservice-helloworld 视频 两台机器访问,一个是虚拟机。
webservice-helloworld 视频 两台机器访问,一个是虚拟机。 高清
apache-cxf-2.7.6.rar webservice
webservice cxf apache-cxf-2.2.6 开发包
CXF WebService整合Spring示例工程代码demo可以直接导入eclipse。参照网页http://www.cnblogs.com/hoojo/archive/2011/03/30/1999563.html 完成的webService服务提供。 大致步骤: 1.引入cxf和其他需要的jar包,(本...
这时干净的cxf的核心配置文件·
spring 4.2.0 集成的cxf3.1.18的jar包,cxf-core-3.1.18.jar、cxf-rt-bindings-soap-3.1.18.jar、cxf-rt-databinding-jaxb-3.1.18.jar、cxf-rt-frontend-jaxws-3.1.18.jar、cxf-rt-frontend-simple-3.1.18.jar、cxf-...
赠送jar包:cxf-rt-frontend-simple-3.0.1.jar; 赠送原API文档:cxf-rt-frontend-simple-3.0.1-javadoc.jar; 赠送源代码:cxf-rt-frontend-simple-3.0.1-sources.jar; 赠送Maven依赖信息文件:cxf-rt-frontend-...
内含java调用cxf发布的webserice接口的极简案例,同时压缩包中有 cxf-core-3.0.0.jar,cxf-rt-bindings-soap-3.0.0.jar,cxf-rt-databinding-jaxb-3.0.0.jar,cxf-rt-frontend-jaxws-3.0.0.jar,cxf-rt-frontend-...
springboot+cxf实现webservice示例 <groupId>org.springframework.boot <artifactId>spring-boot-starter <groupId>org.springframework.boot <artifactId>spring-boot-starter-web <!-- CXF ...
cxf-rt-frontend-jaxws-3.0.16.jar jar包下载3.0.16版本下载
利用Apache CXF开发webservice接口需要用到的jar集合 cxf-core-3.0.15.jar cxf-rt-bindings-soap-3.0.15.jar cxf-rt-bindings-xml-3.0.15.jar cxf-rt-databinding-jaxb-3.0.15.jar cxf-rt-frontend-jaxws-3.0.15.jar...
2、把web.xml里的spring的监听器注释掉,保证WEB-INF下有cxf-servlet.xml,然后发布到WEB服务器即可 3、web.xml里配置spring监听器,及其加载的beans.xml,把cxf-servlet.xml删掉,发布到WEB服务器即可,注意这种方式...
WebService-CXF.ppt
cxf-2.1.jar cxf-2.1.jar cxf-2.1.jar cxf-2.1.jar
赠送jar包:cxf-rt-bindings-soap-3.0.1.jar; 赠送原API文档:cxf-rt-bindings-soap-3.0.1-javadoc.jar; 赠送源代码:cxf-rt-bindings-soap-3.0.1-sources.jar; 赠送Maven依赖信息文件:cxf-rt-bindings-soap-...
赠送jar包:cxf-rt-transports-http-3.0.1.jar; 赠送原API文档:cxf-rt-transports-http-3.0.1-javadoc.jar; 赠送源代码:cxf-rt-transports-http-3.0.1-sources.jar; 赠送Maven依赖信息文件:cxf-rt-transports-...
1. 发布和调用WebService: 使用CXF2.4(http://cxf.apache.org)和spring 2. 调用安全性: 使用简单的USERNAME_TOKEN 3. 服务程序中取得调用者身份 ------------------------- 接口 ------------------------- intf....