Vikings
          

          

          



          
	
					
	
          
		
          
			實(shí)施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 
		
          
		轉(zhuǎn)自:
          
http://www.aygfsteel.com/security/archive/2006/08/08/xfire_wss4j.html
          

          
thanks for springside
          

          
鑒于很多系統(tǒng)需要實(shí)施WS-Security的標(biāo)準(zhǔn),我們?cè)赟pringSide中提供了XFire+WSS4J的Demo,本文介紹SpringSide中Spring+XFire+WSS4J的基本配置
          

          
[WebService Server端配置]
          
第一,創(chuàng)建一個(gè)基本的BookService
          

          public interface BookService {
          
              /** *//**
          
     * 按書名模糊查詢圖書
          
               */
          
    List findBooksByName(String name);
          

          
              /** *//**
          
     * 查找目錄下的所有圖書
          
     *
          
     *           @param categoryId 如果category為null或“all”, 列出所有圖書。
          
               */
          
    List findBooksByCategory(String categoryId);
          

          
              /** *//**
          
     * 列出所有分類.
          
     *
          
     *           @return List<Category>,或是null。
          
               */
          
    List getAllCategorys();
          
}
          
第二,接口擴(kuò)展,即Extend基本的BookService,在XFire中,不同的WSS4J策略需要針對(duì)不同的ServiceClass,否則<inHandlers>里面的定義會(huì)Overlap。 
          

          

          

             <!--BookService 基類-->
          
              <bean id="baseWebService" class="org.codehaus.xfire.spring.remoting.XFireExporter" abstract="true">
          
                  <property name="serviceFactory" ref="xfire.serviceFactory"/>
          
                  <property name="xfire" ref="xfire"/>
          
              </bean>
          

          
              <bean class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
          
                  <property name="mappings">
          
                      <value>
          
                /BookService=bookService
          
                /BookServiceWSS4J=bookServiceWSS4J
          
                /BookServiceWSS4JEnc=bookServiceWSS4JEnc
          
                /BookServiceWSS4JSign=bookServiceWSS4JSign
          
                      </value>
          
                  </property>
          
              </bean>
          

          
             <!--(1)BookWebService 不需要認(rèn)證-->
          
              <bean id="bookService" class="org.codehaus.xfire.spring.remoting.XFireExporter">
          
                  <property name="serviceFactory" ref="xfire.serviceFactory"/>
          
                  <property name="xfire" ref="xfire"/>
          
                  <property name="serviceBean" ref="bookManager"/>
          
                  <property name="serviceClass" value="org.springside.bookstore.plugins.xfire.service.BookService"/>
          
              </bean>
          

          
              <!--  (3)BookWebService 使用 WSS4J驗(yàn)證-->
          
              <bean id="bookServiceWSS4J" class="org.codehaus.xfire.spring.remoting.XFireExporter">
          
                  <property name="serviceBean" ref="bookManager"/>
          
                  <property name="serviceClass" value="org.springside.bookstore.plugins.xfire.service.BookServiceWSS4J"/>
          
                  <property name="inHandlers">
          
                      <list>
          
                          <ref bean="domInHandler"/>
          
                          <ref bean="wss4jInHandler"/>
          
                          <ref bean="validateUserTokenHandler"/>
          
                      </list>
          
                  </property>
          
              </bean>
          

          
              <bean id="domInHandler" class="org.codehaus.xfire.util.dom.DOMInHandler"/>
          

          
              <bean id="wss4jInHandler" class="org.codehaus.xfire.security.wss4j.WSS4JInHandler">
          
                  <property name="properties">
          
                      <props>
          
                          <prop key="action">UsernameToken</prop>
          
                          <prop key="passwordCallbackClass">org.springside.bookstore.plugins.xfire.wss4j.PasswordHandler</prop>
          
                      </props>
          
                  </property>
          
              </bean>
          

          
              <bean id="validateUserTokenHandler" class="org.springside.bookstore.plugins.xfire.wss4j.WSS4JTokenHandler"/>
          
    
          
              <!--  (4)BookWebService 使用 WSS4J驗(yàn)證 Encrypt模式-->
          
              <bean id="bookServiceWSS4JEnc" class="org.codehaus.xfire.spring.remoting.XFireExporter">
          
                  <property name="serviceBean" ref="bookManager"/>
          
                  <property name="serviceClass" value="org.springside.bookstore.plugins.xfire.service.BookServiceWSS4JEnc"/>
          
                  <property name="inHandlers">
          
                      <list>
          
                          <ref bean="domInHandler"/>
          
                          <ref bean="wss4jInHandlerEnc"/>
          
                          <ref bean="validateUserTokenHandler"/>
          
                      </list>
          
                  </property>
          
              </bean>
          
        
          
              <bean id="wss4jInHandlerEnc" class="org.codehaus.xfire.security.wss4j.WSS4JInHandler">
          
                  <property name="properties">
          
                    <props>
          
                      <prop key="action">Encrypt</prop>
          
                      <prop key="decryptionPropFile">org/springside/bookstore/plugins/xfire/wss4j/insecurity_enc.properties</prop>
          
                      <prop key="passwordCallbackClass">org.springside.bookstore.plugins.xfire.wss4j.PasswordHandler</prop>
          
                    </props>
          
                  </property>
          
              </bean>
          
    
          
              <!--  (5)BookWebService 使用 WSS4J驗(yàn)證 Signature模式-->
          
              <bean id="bookServiceWSS4JSign" class="org.codehaus.xfire.spring.remoting.XFireExporter">
          
                  <property name="serviceBean" ref="bookManager"/>
          
                  <property name="serviceClass" value="org.springside.bookstore.plugins.xfire.service.BookServiceWSS4JSign"/>
          
                  <property name="inHandlers">
          
                      <list>
          
                          <ref bean="domInHandler"/>
          
                          <ref bean="wss4jInHandlerSign"/>
          
                          <ref bean="validateUserTokenHandler"/>
          
                      </list>
          
                  </property>
          
              </bean>
          
    
          
              <bean id="wss4jInHandlerSign" class="org.codehaus.xfire.security.wss4j.WSS4JInHandler">
          
                  <property name="properties">
          
                    <props>
          
                      <prop key="action">Signature</prop>
          
                      <prop key="signaturePropFile">org/springside/bookstore/plugins/xfire/wss4j/insecurity_sign.properties</prop>
          
                      <prop key="passwordCallbackClass">org.springside.bookstore.plugins.xfire.wss4j.PasswordHandler</prop>
          
                    </props>
          
                  </property>
          
              </bean>
          
    
          
          </beans>
          

          

          

		
          
			posted on 2008-10-29 01:55 Vikings 閱讀(389) 評(píng)論(0)  編輯  收藏  
		
          
	
          
	
	





          
	    
    




          





          


          

	
          
		
          
				
		
	
		
          
		
		
          只有注冊(cè)用戶登錄后才能發(fā)表評(píng)論。
          
		
          
			
		
          
			
		
          
		
		
          
		


          

		          		
		
          
		
          			
		
		
		
		
          
		
          
		
		
          
		
          
			網(wǎng)站導(dǎo)航:
		
		
          
		
          
			
		
          	
		
          
			 
		
          
		
          
			
		
          
		
          
			
				
		
          		
	
          	

          



          

				

          



    







          
        
	




主站蜘蛛池模板:
苍南县|
若羌县|
东安县|
新竹县|
会宁县|
宣城市|
余庆县|
泊头市|
云梦县|
精河县|
永康市|
巴彦县|
铜鼓县|
章丘市|
琼海市|
兴安县|
临高县|
湘潭县|
天峨县|
宜州市|
娄底市|
商水县|
如东县|
长兴县|
新晃|
收藏|
南江县|
奉化市|
安塞县|
阜南县|
潞西市|
始兴县|
石柱|
邵阳县|
卢湾区|
巴塘县|
宜黄县|
双柏县|
奉贤区|
贵州省|
宝坻区|