apache cfx 安全认证的两种方式
具体看文档,
Apache Cxf 安全认证
1. 方法一:密码验证 实例查看 apacheCxf_密码.zip
??????client-beans.xml
<jaxws:outInterceptors>
<bean class="org.apache.cxf.interceptor.LoggingOutInterceptor" /> <bean class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" /> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<constructor-arg> <map>
<entry key="action" value="UsernameToken" />
<entry key="passwordType" value="PasswordDigest" /> <entry key="user" value="user_name" />
<entry key="passwordCallbackRef">
<ref bean="clientPasswordCallback" /> </entry>
</map> </constructor-arg>
</bean> </jaxws:outInterceptors>
在客户端发送请求时,使用一个拦截器,通过 ClientPasswordCallback 类加载用 户账号密码。
??????beans.xml
<jaxws:inInterceptors>
<bean class="org.apache.cxf.interceptor.LoggingInInterceptor" /> <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" /> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
???
??????<map>
<entry key="action" value="UsernameToken" />
<entry key="passwordType" value="PasswordDigest" /> <entry key="passwordCallbackRef">
<ref bean="serverPasswordCallback" /> </entry>
</map> </constructor-arg>
</bean> </jaxws:inInterceptors>
在服务端接受请求时,使用一个拦截器,通过 ServerPasswordCallback 得到 用户密码,进行验证。
???2. 方法二:CA 证书验证
实例查看 apacheCxf_SSL.zip,或者文档 apache CXF ssl 安全认证教程.pdf
???????UserServiceFactory
/**
* 取得信任证书管理器
*
* @return
* @throws IOException */
private static TrustManager[] getTrustManagers() throws IOException { try {
String alg = TrustManagerFactory.getDefaultAlgorithm(); TrustManagerFactory factory = TrustManagerFactory.getInstance(alg); InputStream fp = UserServiceFactory.class.getResourceAsStream(trustStore); KeyStore ks = KeyStore.getInstance("JKS");
ks.load(fp, trustStorePass.toCharArray());
fp.close();
factory.init(ks);
TrustManager[] tms = factory.getTrustManagers();
return tms;
} catch (NoSuchAlgorithmException e) { e.printStackTrace();
} catch (KeyStoreException e) { e.printStackTrace();
} catch (CertificateException e) { e.printStackTrace();
???
??????}
return null; }
/**
* 取得个人证书管理器 * @return *
* @throws IOException
*/
private static KeyManager[] getKeyManagers() throws IOException { try {
String alg = KeyManagerFactory.getDefaultAlgorithm(); KeyManagerFactory factory = KeyManagerFactory.getInstance(alg); InputStream fp = UserServiceFactory.class.getResourceAsStream(keyStore); KeyStore ks = KeyStore.getInstance("JKS");
ks.load(fp, keyStorePass.toCharArray());
fp.close();
factory.init(ks, keyStorePass.toCharArray());
KeyManager[] keyms = factory.getKeyManagers();
return keyms;
} catch (NoSuchAlgorithmException e) { e.printStackTrace();
} catch (KeyStoreException e) { e.printStackTrace();
} catch (CertificateException e) { e.printStackTrace();
} catch (UnrecoverableKeyException e) { e.printStackTrace();
}
return null; }
static {
// 得到实例
ApplicationContext context = new ClassPathXmlApplicationContext(new String[] { "Test/client-beans.xml" });
us = (UserService) context.getBean("client");
Client client = ClientProxy.getClient(us);
HTTPConduit httpConduit = (HTTPConduit) client.getConduit(); TLSClientParameters tlsParams = httpConduit.getTlsClientParameters(); if (tlsParams == null)
tlsParams = new TLSClientParameters(); tlsParams.setSecureSocketProtocol("SSL"); tlsParams.setDisableCNCheck(true);
???
??????try {
tlsParams.setKeyManagers(getKeyManagers()); tlsParams.setTrustManagers(getTrustManagers());
} catch (IOException e) { e.