我正在尝试为我的代理服务实现安全性。我已从此链接获取安全实施方面的帮助:http://evanthika.blogspot.in/2012/12/pox-security-with-wso2-esb-proxy.html。我的安全性已经实现,我可以通过尝试调用它,但我想通过客户端调用此服务,但如何做这个部分我无法找到。任何人都可以提供一个关于这个问题的样本吗?提前致谢
答案 0 :(得分:2)
更新
RampartConfigBuilder类:
package org.wso2.carbon.security.ws;
import org.apache.rampart.policy.model.RampartConfig;
import org.apache.rampart.policy.model.CryptoConfig;
import java.util.Properties;
import java.io.File;
/**
* This class is used to create Rampart Configurations for different security scenarios in WSAS
*/
public class RampartConfigBuilder {
public static RampartConfig createRampartConfig(int securityScenario) {
RampartConfig rampartConfig = null;
Properties merlinProp = new Properties();
merlinProp.put("org.apache.ws.security.crypto.merlin.keystore.type", "JKS");
merlinProp.put("org.apache.ws.security.crypto.merlin.file",
"src" + File.separator + "main" + File.separator + "resources" + File.separator + "wso2carbon.jks");
merlinProp.put("org.apache.ws.security.crypto.merlin.keystore.password", "wso2carbon");
CryptoConfig sigCryptoConfig = new CryptoConfig();
sigCryptoConfig.setProvider("org.apache.ws.security.components.crypto.Merlin");
sigCryptoConfig.setProp(merlinProp);
CryptoConfig encCryptoConfig = new CryptoConfig();
encCryptoConfig.setProvider("org.apache.ws.security.components.crypto.Merlin");
encCryptoConfig.setProp(merlinProp);
switch (securityScenario) {
/**
* Scenario : Username Token
* Rampart Config : username , password callback handler
*/
case 1:
rampartConfig = new RampartConfig();
rampartConfig.setUser("admin");
rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
break;
/**
* Scenario : Non-repudiation
* Rampart Config : signatureCrypto , Password Callback Hanlder , User certificate Alias ,
* Signature CryptoConfig
*/
case 2:
rampartConfig = new RampartConfig();
rampartConfig.setUserCertAlias("wso2carbon");
rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
rampartConfig.setSigCryptoConfig(sigCryptoConfig);
break;
/**
* Scenario : Integrity
* Rampart Config : Encryption user , Signature CryptoConfig
*/
case 3:
rampartConfig = new RampartConfig();
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setSigCryptoConfig(sigCryptoConfig);
break;
/**
* Scenario : Confidentiality :
* Rampart Config : Encryption user , Encryption CryptoConfig
*/
case 4:
rampartConfig = new RampartConfig();
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
break;
/**
* Scenario : Sign and encrypt - X509 Authentication
* Rampart Config : User cert alias , Encryption user , Sign. CryptoConfig , Enc. CryptoConfig ,
* Password Callback Handler
*/
case 5:
rampartConfig = new RampartConfig();
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setUserCertAlias("wso2carbon");
rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
rampartConfig.setSigCryptoConfig(sigCryptoConfig);
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
break;
/**
* Scenario : Sign and Encrypt - Anonymous clients
* Rampart Config : Encryption User , Sign. CryptoConfig | Encr. CryptoConfig
*/
case 6:
rampartConfig = new RampartConfig();
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
break;
/**
* Scenario : Encrypt only - Username Token Authentication
* Rampart Config : Username , PasswordCallbackHandler + Encryption User
* , Sign. CryptoConfig | Encr. CryptoConfig
*/
case 7:
rampartConfig = new RampartConfig();
rampartConfig.setUser("admin");
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
break;
/**
* Scenario : Sign and Encrypt - Username Token Authentication
* Rampart Config : Username + PasswordCallbackhandler , Encryption User ,
* Sign. CryptoConfig | Encr. CryptoConfig
*/
case 8:
rampartConfig = new RampartConfig();
rampartConfig.setUser("admin");
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
break;
/**
* Scenario : SecureConversation - Sign only - Service as STS - Bootstrap policy - Sign and Encrypt ,
* X509 Authentication
* Rampart Config : encryption user, User Cert. Alias, Password Callback Handler, Sign. CryptoConfig,
* Encr. CryptoConfig
*/
case 9:
rampartConfig = new RampartConfig();
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setUserCertAlias("wso2carbon");
rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
rampartConfig.setSigCryptoConfig(sigCryptoConfig);
break;
/**
* Scenario : SecureConversation - Encrypt only - Service as STS - Bootstrap policy - Sign and Encrypt ,
* X509 Authentication Provides Confidentiality. Multiple message exchange.Clients have X509 certificates.
* Rampart Config : encryption user, User Cert. Alias, Password Callback Handler, Sign. CryptoConfig,
* Encr. CryptoConfig
*/
case 10:
rampartConfig = new RampartConfig();
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setUserCertAlias("wso2carbon");
rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
rampartConfig.setSigCryptoConfig(sigCryptoConfig);
break;
/**
* Scenario : SecureConversation - Sign and Encrypt - Service as STS - Bootstrap policy - Sign and Encrypt,
* X509 Authentication
* Rampart Config : encryption user, User Cert. Alias, Password Callback Handler, Sign. CryptoConfig,
* Encr. CryptoConfig
*/
case 11:
rampartConfig = new RampartConfig();
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setUserCertAlias("wso2carbon");
rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
rampartConfig.setSigCryptoConfig(sigCryptoConfig);
break;
/**
* Scenario : SecureConversation - Sign Only - Service as STS - Bootstrap policy - Sign and Encrypt ,
* Anonymous clients
* Rampart Config : Encryption User, enc. crypto config
*/
case 12:
rampartConfig = new RampartConfig();
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
break;
/**
* Scenario : SecureConversation - Encrypt Only - Service as STS - Bootstrap policy - Sign and Encrypt ,
* Anonymous clients
* Rampart Config : Encryption User, enc. crypto config
*/
case 13:
rampartConfig = new RampartConfig();
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
break;
/**
* Scenario : SecureConversation - Encrypt Only - Service as STS - Bootstrap policy - Sign and Encrypt ,
* Username Token Authentication
* Rampart Config : Username, encryption user, Password Callback Handler, enc. crypto config
*/
case 14:
rampartConfig = new RampartConfig();
rampartConfig.setUser("admin");
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
break;
/**
* Scenario : SecureConversation - Sign and Encrypt - Service as STS - Bootstrap policy - Sign and Encrypt,
* Username Token Authentication
* Rampart Config : Username, encryption user, Password Callback Handler, Encryption Crypto Config
*/
case 15:
rampartConfig = new RampartConfig();
rampartConfig.setUser("admin");
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
break;
}
return rampartConfig;
}
}
PasswordCallbackHandler类:
package org.wso2.carbon.security.ws;
import org.apache.ws.security.WSPasswordCallback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;
import java.io.IOException;
public class PasswordCallbackHandler implements CallbackHandler{
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
String id = pwcb.getIdentifer();
if("admin".equals(id)) {
pwcb.setPassword("admin");
} else if("wso2carbon".equals(id)) {
pwcb.setPassword("wso2carbon");
}
}
}
}
原件:
以下Java代码允许您调用安全服务。您可以使用15个默认安全方案调用可以保护的服务[1]。您需要将“/ path / to / keystore”更改为指向默认情况下随wso2esb一起提供的wso2carbon.jks的位置(ESB_HOME / repository / resources / security / wso2carbon.jks)。 还要将/ path / to / repo更改为指向客户端axis2存储库。文件结构如下。 EPR是硬编码的。因此,您可能希望更改与您的服务相匹配的内容。
repository/
└── modules
├── addressing-1.6.1-wso2v1.mar
├── rahas-1.6.1-wso2v1.mar
└── rampart-1.6.1-wso2v1.mar
[1] http://docs.wso2.org/wiki/display/AS510/QoS+-+Security+and+Reliable+Messaging
package org.wso2.carbon.security.ws;
import org.apache.axis2.addressing.EndpointReference;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.axis2.context.ConfigurationContextFactory;
import org.apache.axis2.description.AxisBinding;
import org.apache.axis2.description.AxisEndpoint;
import org.apache.axis2.rpc.client.RPCServiceClient;
import org.apache.neethi.Policy;
import javax.xml.namespace.QName;
import java.io.BufferedReader;
import java.io.File;
import java.io.InputStreamReader;
import java.net.URL;
import java.util.Map;
public class HelloServiceClient {
static {
System.setProperty("javax.net.ssl.trustStore", "/path/to/keystore" + File.separator+ "wso2carbon.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "wso2carbon");
}
public static void main(String[] args) {
try {
int securityScenario = getSecurityScenario();
String repository = "/path/to/repo" + File.separator + "repository";
ConfigurationContext confContext =
ConfigurationContextFactory.
createConfigurationContextFromFileSystem(repository, null);
String endPoint = "HelloServiceHttpSoap12Endpoint";
if(securityScenario == 1){
endPoint = "HelloServiceHttpsSoap12Endpoint"; // scenario 1 uses HelloServiceHttpsSoap12Endpoint
}
RPCServiceClient dynamicClient =
new RPCServiceClient(confContext,
new URL("http://127.0.0.1:9763/services/HelloService?wsdl"),
new QName("http://www.wso2.org/types", "HelloService"),
endPoint);
//Engage Modules
dynamicClient.engageModule("rampart");
dynamicClient.engageModule("addressing");
//TODO : Change the port to monitor the messages through TCPMon
if(securityScenario != 1){
dynamicClient.getOptions().setTo(new EndpointReference("http://127.0.0.1:9763/services/HelloService/"));
}
//Get the policy from the binding and append the rampartconfig assertion
Map endPoints = dynamicClient.getAxisService().getEndpoints();
AxisBinding axisBinding = ((AxisEndpoint) endPoints.values().iterator().next()).getBinding();
Policy policy = axisBinding.getEffectivePolicy();
policy.addAssertion(RampartConfigBuilder.createRampartConfig(securityScenario));
axisBinding.applyPolicy(policy);
//Invoke the service
Object[] returnArray = dynamicClient.invokeBlocking(new QName("http://www.wso2.org/types","greet"),
new Object[]{"Alice"},
new Class[]{String.class});
System.out.println((String) returnArray[0]);
} catch (Exception ex) {
ex.printStackTrace();
}
}
private static int getSecurityScenario() {
int scenarioNumber = 0;
while (scenarioNumber < 1 || scenarioNumber > 15) {
System.out.print("Insert the security scenario no : ");
String inputString = readOption();
try {
scenarioNumber = new Integer(inputString);
} catch (Exception e) {
System.out.println("invalid input, insert a integer between 1 and 15");
}
if(scenarioNumber < 1 || scenarioNumber > 15){
System.out.println("Scenario number should be between 1 and 15");
}
}
return scenarioNumber;
}
private static String readOption() {
try {
BufferedReader console = new BufferedReader(new InputStreamReader(System.in));
String str;
while ((str = console.readLine()).equals("")) {
}
return str;
} catch (Exception e) {
return null;
}
}
}
答案 1 :(得分:0)
几乎所有IDE(我个人使用WSO2开发人员工作室进行WSO2开发)都有能力从WSDL文件生成存根,在ESB中还有一个实用工具(在工具选项卡下)从WSDL生成java代码。您可以选择两种方式来生成Java代码。从wsdl生成java存根并调用Echo服务(我只是在你的情况下说),你可以将Web服务端点切换到代理服务URL。
您可以在此处找到WSO2 developer Studio,它是一个Eclipse包:
有关从客户端调用Axis2 Web服务的详细信息,您可以看到: