cxf + spring 的WS Security示例

WSPasswordCallbackpasswordType 属性和 password 属性都为null,你只能获得用户名(identifier),一般这里的逻辑是使用这个用户名到数据库中查询其密码,然后再设置到 password 属性,WSS4J会自动比较客户端传来的值和你设置的这个值。你可能会问为什么这里CXF不把客户端提交的密码传入让我们在 ServerPasswordCallbackHandler 中比较呢?这是因为客户端提交过来的密码在SOAP消息中已经被加密为MD5的字符串,如果我们要在回调方法中作比较,那么第一步要做的就是把服务端准备好的密码加密为MD5字符串,由于MD5算法参数不同结果也会有差别,另外,这样的工作CXF 替我们完成不是更简单吗?

根据上面说的,我获取的 passwordnull ,所以这里就不用自己判断密码了,只要验证用户名后,在设置密码就可以自动验证了,代码如下:

public class ServerPasswordCallback implements CallbackHandler {      public void handle(Callback[] callbacks) throws IOException,        UnsupportedCallbackException {        WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];        String pw = pc.getPassword();        String idf = pc.getIdentifier();        System.out.println("password:"+pw);        System.out.println("identifier:"+idf);      if(idf.endsWith("admin")){     pc.setPassword("admin");    }   }      }  

以下是源代码:

HelloWorld.java

package com.mms.webservice; import javax.jws.WebService; @WebService public interface HelloWorld {      String sayHi(String text);  } 

HelloWorldImpl.java

package com.mms.webservice; import javax.annotation.Resource; import javax.jws.WebService; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import javax.xml.ws.WebServiceContext; import javax.xml.ws.handler.MessageContext; import org.apache.cxf.transport.http.AbstractHTTPDestination;   @WebService public class HelloWorldImpl implements HelloWorld {      public String sayHi(String text) {  return "Hello " + text;     } } 

ServerPasswordCallback.java

package com.mms.webservice.test; import java.io.IOException; import java.util.HashMap; import java.util.Map; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.UnsupportedCallbackException; import org.apache.ws.security.WSPasswordCallback; import org.apache.ws.security.WSSecurityException; public class ServerPasswordCallback implements CallbackHandler {  private Map passwords = new HashMap();  public ServerPasswordCallback() {  passwords.put("admin", "admin");  passwords.put("test", "test");  }  public void handle(Callback[] callbacks) throws IOException,   UnsupportedCallbackException {  System.out.println("server:callbacks.length-"+callbacks.length);  for (int i = 0; i < callbacks.length; i++) {   WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];   if (!passwords.containsKey(pc.getIdentifier()))   try {    throw new WSSecurityException("user not match");   } catch (WSSecurityException e) {    e.printStackTrace();   }   String pass = passwords.get(pc.getIdentifier());   pc.setPassword(pass);  }  } }  

ClientPasswordCallback.java

package com.mms.client; import java.io.IOException; import java.util.HashMap; import java.util.Map; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.UnsupportedCallbackException; import org.apache.ws.security.WSPasswordCallback; import org.apache.ws.security.WSSecurityException; public class ClientPasswordCallback implements CallbackHandler {  private Map passwords = new HashMap();  public ClientPasswordCallback() {  passwords.put("admin", "admin");  passwords.put("test", "test");  }  public void handle(Callback[] callbacks) throws IOException,   UnsupportedCallbackException {  System.out.println("client:callbacks.length-"+callbacks.length);  for (int i = 0; i < callbacks.length; i++) {   WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];   int usage = pc.getUsage();   if (!passwords.containsKey(pc.getIdentifier()))   try {    throw new WSSecurityException("user not exists ");   } catch (WSSecurityException e) {    e.printStackTrace();   }   String pass = passwords.get(pc.getIdentifier());   if (usage == WSPasswordCallback.USERNAME_TOKEN && pass != null) {   System.out.println("client:pass"+pass);   pc.setPassword(pass);   return;   }  }  } }  

web.xml

 XMLSchema-instance"  xsi:schemaLocation="http://java.sun.com/xml/ns/javaee   http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">   <>list>  index.jsp        contextConfigLocation  <>value>   classpath:server.xml classpath:client.xml           org.springframework.web.context.ContextLoaderListener        CXFServlet     org.apache.cxf.transport.servlet.CXFServlet      <>mapping>  CXFServlet  /*     

客户端spring配置文件:client.xml

               <>structor-arg>      key="action" value="UsernameToken" />                                                

服务器spring配置文件:server.xml

                                                                       

测试Client.java

package com.mms.client; import org.springframework.context.ApplicationContext; import org.springframework.context.support.ClassPathXmlApplicationContext; import com.mms.webservice.HelloWorld; public final class Client {  private Client() {  }  public static void main(String args[]) throws Exception {   ApplicationContext  context = new ClassPathXmlApplicationContext(   new String[] { "client.xml" });  HelloWorld client = (HelloWorld) context.getBean("client");  String response = client.sayHi("hello test!");  System.out.println("Response: " + response);  } }  
本站部分文章源于互联网,本着传播知识、有益学习和研究的目的进行的转载,为网友免费提供。如有着作权人或出版方提出异议,本站将立即删除。如果您对文章转载有任何疑问请告之我们,以便我们及时纠正。

PS:推荐一个微信公众号: askHarries 或者qq群:474807195,里面会分享一些资深架构师录制的视频录像:有Spring,MyBatis,Netty源码分析,高并发、高性能、分布式、微服务架构的原理,JVM性能优化这些成为架构师必备的知识体系。还能领取免费的学习资源,目前受益良多

转载请注明原文出处:Harries Blog? ? cxf + spring 的WS Security示例

赞 (0)
分享到:更多 ()

评论 0

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址