带有WSS4JOutInterceptor

时间:2015-06-18 19:59:18

标签: java web-services spring-security cxf

我对CXF安全性有疑问。 我尝试在密钥库中实现带有身份验证的Web服务,但在Internet身份验证中找到的示例中,我只是逐个看到它。

我有一个以该模式运行的项目,但我指定一个客户端,因为将私钥定义为公钥。

例如,如果您需要此服务来连接10个不同的客户端,我知道我必须创建10个私钥和10个公钥。

但是当我在应用服务器上设置时?

我将线条留在我对此项目的当前设置下方。

server_decrypt.properties 

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=storepassword
org.apache.ws.security.crypto.merlin.keystore.alias=serverx509v1
org.apache.ws.security.crypto.merlin.file=server-keystore.jks

server_sign.properties 

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=storepassword
org.apache.ws.security.crypto.merlin.keystore.alias=clientx509v1
org.apache.ws.security.crypto.merlin.file=server-truststore.jks

cxf_context.xml 

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws"
    xmlns:beans="http://cxf.apache.org/configuration/beans" xmlns:context="http://www.springframework.org/schema/context"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
        http://cxf.apache.org/configuration/beans http://cxf.apache.org/schemas/configuration/cxf-beans.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
        http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">

    <import resource="classpath:META-INF/cxf/cxf.xml" />
    <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
    <import resource="classpath:META-INF/cxf/cxf-servlet.xml" />

    <bean id="logIn" class="org.apache.cxf.interceptor.LoggingInInterceptor" />
    <bean id="logOut" class="org.apache.cxf.interceptor.LoggingOutInterceptor" />

    <bean id="PasswordCallback" class="com.pruebas.app.seguridad.PasswordCallback" />
    <bean class="com.pruebas.app.servicios.ConsultaImpl" id="ConsultaImpl" />
    <jaxws:endpoint address="/ConsultaImplWS" id="ConsultaImplWS"
        implementor="#ConsultaImpl">
        <jaxws:properties>
            <entry key="schema-validation-enabled" value="true" />
        </jaxws:properties>

        <jaxws:outInterceptors>
            <bean class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />
            <ref bean="TimestampSignEncrypt_Response" />
        </jaxws:outInterceptors>

        <jaxws:inInterceptors>
            <ref bean="TimestampSignEncrypt_Request" />
            <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
        </jaxws:inInterceptors>

    </jaxws:endpoint>

    <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"
        id="TimestampSignEncrypt_Response">
        <constructor-arg>
            <map>
                <entry key="action" value="Timestamp Signature Encrypt" />
                <entry key="user" value="serverx509v1" />
                <entry key="encryptionUser" value="clientx509v1"/>
                <entry key="signaturePropFile"  value="server_decrypt.properties" />
                <entry key="encryptionPropFile" value="server_sign.properties" />
                <entry key="passwordCallbackClass" value="com.pruebas.app.seguridad.PasswordCallback" />
                <entry key="signatureParts"
                    value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body" />
                <entry key="encryptionParts"
                    value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body" />

            </map>

        </constructor-arg>
    </bean>

    <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"
        id="TimestampSignEncrypt_Request">
        <constructor-arg>
            <map>
                <entry key="action" value="Timestamp Signature Encrypt" />
                <entry key="signaturePropFile"  value="server_sign.properties" />
                <entry key="decryptionPropFile" value="server_decrypt.properties" />
                <entry key="passwordCallbackClass" value="com.pruebas.app.seguridad.PasswordCallback" />
            </map>
        </constructor-arg>

    </bean>
</beans>

并且PasswordCallback是:

package com.pruebas.app.seguridad;

import java.io.IOException;

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;

import org.apache.ws.security.WSPasswordCallback;

public class PasswordCallback implements CallbackHandler {

    public void handle(Callback[] callbacks) throws IOException,
            UnsupportedCallbackException {
        System.out.println("*******");
        WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
        String usuario = "serverx509v1";
        String password = "storepassword";
        System.out.println("** pc.getIdentifier() " + pc.getIdentifier());
        System.out.println("** pc.getPassword() " + pc.getPassword());
        if (usuario.equals(pc.getIdentifier())) {
            // set the password on the callback. This will be compared to the
            // password which was sent from the client.

        }
        pc.setPassword(password);
    }
}

显然,我在resources文件夹(src / main / resources)中有server-server-truststore.jks和keystore.jks文件。 正如您所看到的那样,这可以设置为单个客户。我怎么能让多个客户端连接?

0 个答案:

没有答案
相关问题
最新问题