posts - 198, comments - 37, trackbacks - 0

XFire中實現WS-Security完整編

在1.1中已經支持ws-security了。XFire通過wss4j提供ws-security支持。

一、?前提條件：

前提條件要安裝Unlimited Strength Jurisdiction Policy（可以在http://java.sun.com/j2se/1.5.0/download.jsp或http://java.sun.com/j2se/1.4.2/download.html下載）和Bouncy Castle（來自http://BouncyCastle.org）。否則會出現無效算法(algorithm)或Key大小(KeySize)

為了能支持WS-Security必須添加兩個Handler：inhandlers、outhandlers。

以下必須添加到inHandlers

1、?org.codehaus.xfire.security.wss4j.WSS4JInHandler：執行WS-Security相關的函數；
2、?org.codehaus.xfire.util.dom.DOMInHandler：為WS-Security從StAX轉換成DOM格式。

注：DOMInHandler必須引入Xalan 2.7.0，XFire默認沒有引入(下載地址為：http://www.apache.org/dyn/closer.cgi/xml/xalan-j)。

以下添加到outHandlers：

1、?org.codehaus.xfire.security.wss4j.WSS4JOutHandler：執行WS-Security相關的函數；
2、?org.codehaus.xfire.util.dom.DOMOutHandler：為WS-Security從StAX轉換成DOM格式。

二、?安裝Unlimited Strength Jurisdiction Policy和Bouncy Castle

1、?安裝Unlimited Strength Jurisdiction Policy：把local_policy.jar和US_export_policy.jar兩個文件拷貝到：C:\j2re1.4.2\lib\security\下；（如果JRE安裝在C:\j2re1.4.2）。

2、?安裝Bouncy Castle：

（1）、把下載的bcprov-jdk14-119.jar文件拷貝到兩個地方：

一個在你安裝的JDK目錄中，比如：C:\j2sdk1.4.0-rc\jre\lib\ext。另一個在你的JDK運行環境中，比如：C:\Program Files\Java\j2re1.4.0-rc\lib\ext；

（2）、還要在對兩個java.security進行修改：

我的在 C:\j2sdk1.4.0-rc\jre\lib\security\java.security；C:\Program Files\Java\j2re1.4.0-rc\lib\security\java.security;在java.security中加入security.provider.6=org.bouncycastle.jce.provider.BouncyCastleProvider
三、?創建密鑰：
1、?通過別名和密碼創建私密鑰到keystore：
keytool -genkey -alias ws_security -keypass keypassword -keystore privatestore.jks -storepass keyStorePassword -dname "cn=ws_security" -keyalg RSA

?采用RSA算法進行處理。

2、?證書：
keytool -selfcert -alias ws_security -keystore privatestore.jks -storepass keyStorePassword -keypass keypassword
3、?導出公鑰到key.rsa：
keytool -export -alias ws_security -file key.rsa -keystore privatestore.jks -storepass keyStorePassword
4、?導入公鑰到新的keystore中：
keytool -import -alias ws_security? -file key.rsa -keystore publicstore.jks -storepass keyStorePassword
5、?創建insecurity.properties:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=keyStorePassword
org.apache.ws.security.crypto.merlin.alias.password=keypassword
org.apache.ws.security.crypto.merlin.keystore.alias=ws_security
org.apache.ws.security.crypto.merlin.file=META-INF/xfire/publicstore.jks
6、?創建outsecurity.properties：
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=keyStorePassword
org.apache.ws.security.crypto.merlin.alias.password=keypassword
org.apache.ws.security.crypto.merlin.keystore.alias=ws_security
org.apache.ws.security.crypto.merlin.file=META-INF/xfire/privatestore.jks
7、?把文件insecurity，outsecurity.properties，privatestore.jks和publicstore.jks復制到META-INF/xfire/下。

有關keytool的使用說明，請查看以下資料：
http://www.churchillobjects.com/c/11201e.html
http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html
http://support.globalsign.net/en/objectsign/java.cfm
四、?實例：
1、?創建服務接口：
package example.services;
public interface BookService

Unknown macro: { public String echo(String msg);}

2、?創建服務實現類：

?package example.services; public class BookServiceImpl implements BookService

Unknown macro: { ??public String echo(String msg){ ??return msg; ?}

}

3、?配制webservices.xml文件：
?<beans xmlns="http://xfire.codehaus.org/config/1.0">
?<service>
??<name>BookServiceSign</name>
<serviceClass>example.services.BookService</serviceClass>
??<implementationClass>
???example.services.BookServiceImpl
??</implementationClass>
??<style>wrapped</style>
??<use>literal</use>
??<scope>application</scope>
??<inHandlers>
???<handler handlerClass="org.codehaus.xfire.util.dom.DOMInHandler" />
???<bean?class="org.codehaus.xfire.security.wss4j.WSS4JInHandler" xmlns="">
????<property name="properties">
?????<props>
??????<prop key="action">Signature</prop>
??????<prop key="signaturePropFile">
???????META-INF/xfire/insecurity.properties
??????</prop>
??????<prop key="decryptionPropFile">
???????META-INF/xfire/insecurity.properties
??????</prop>
??????<prop key="passwordCallbackClass">example.ws_security.PasswordHandler
??????</prop>
?????</props>
????</property>
???</bean>
??</inHandlers>
?</service>
?
?<service>
??<name>BookServiceUsernameToken</name>
<serviceClass>example.services.BookService</serviceClass>
??<implementationClass>
???example.services.BookServiceImpl
??</implementationClass>
??<style>wrapped</style>
??<use>literal</use>
??<scope>application</scope>
??<inHandlers>
???<handler?handlerClass="org.codehaus.xfire.util.dom.DOMInHandler" />
???<bean?class="org.codehaus.xfire.security.wss4j.WSS4JInHandler" xmlns="">
????<property name="properties">
?????<props>
??????<prop key="action">UsernameToken</prop>
??????<prop key="signaturePropFile">
???????META-INF/xfire/insecurity.properties
??????</prop>
??????<prop key="decryptionPropFile">
???????META-INF/xfire/insecurity.properties
??????</prop>
??????<prop key="passwordCallbackClass">example.ws_security.PasswordHandler
??????</prop>
?????</props>
????</property>
???</bean>
???</inHandlers>
?</service>
?
?<service>
??<name>BookServiceTimestamp</name>
<serviceClass>example.services.BookService</serviceClass>
??<implementationClass>
???example.services.BookServiceImpl
??</implementationClass>
??<style>wrapped</style>
??<use>literal</use>
??<scope>application</scope>
??<inHandlers>
???<handler? handlerClass="org.codehaus.xfire.util.dom.DOMInHandler" />
???<bean?class="org.codehaus.xfire.security.wss4j.WSS4JInHandler" xmlns="">
????<property name="properties">
?????<props>
??????<prop key="action">Timestamp</prop>
??????<prop key="signaturePropFile">
???????META-INF/xfire/insecurity.properties
??????</prop>
??????<prop key="decryptionPropFile">
???????META-INF/xfire/insecurity.properties
??????</prop>
??????<prop key="passwordCallbackClass">example.ws_security.PasswordHandler
??????</prop>
?????</props>
????</property>
???</bean>
????</inHandlers>
?</service>
?
?<service>
??<name>BookServiceEnc</name><serviceClass>example.services.BookService</serviceClass>
??<implementationClass>
???example.services.BookServiceImpl
??</implementationClass>
??<style>wrapped</style>
??<use>literal</use>
??<scope>application</scope>
??<inHandlers>
???<handler?handlerClass="org.codehaus.xfire.util.dom.DOMInHandler" />
???<bean class="org.codehaus.xfire.security.wss4j.WSS4JInHandler" xmlns="">
????<property name="properties">
?????<props>
??????<prop key="action">Encrypt</prop>
??????<prop key="encryptPropFile">
???????META-INF/xfire/outsecurity.properties
??????</prop>
??????<prop key="decryptionPropFile">
???????META-INF/xfire/outsecurity.properties
??????</prop>
??????<prop key="passwordCallbackClass">
???????example.ws_security.PasswordHandler
??????</prop>
?????</props>
????</property>
???</bean>
???</inHandlers>
?</service>
</beans>

4、?創建：
package example.ws_security;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.ws.security.WSPasswordCallback;
public class PasswordHandler implements CallbackHandler
{
private Map passwords = new HashMap();
?public PasswordHandler()

Unknown macro: {??passwords.put("ws_security", "keypassword");}

?public void handle(Callback[] callbacks) throws IOException,UnsupportedCallbackException

Unknown macro: {??System.out.println("Handling Password!"); ??WSPasswordCallback pc = (WSPasswordCallback) callbacks [0]; ??String id = pc.getIdentifer(); ??System.out.println("id}

}
5、?客戶端實現：
package example.test;

import java.lang.reflect.Proxy;
import java.net.MalformedURLException;

import org.apache.ws.security.WSConstants;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.codehaus.xfire.client.Client;
import org.codehaus.xfire.client.XFireProxy;
import org.codehaus.xfire.client.XFireProxyFactory;
import org.codehaus.xfire.security.wss4j.WSS4JOutHandler;
import org.codehaus.xfire.service.Service;
import org.codehaus.xfire.service.binding.ObjectServiceFactory;
import org.codehaus.xfire.util.dom.DOMOutHandler;

import example.services.BookService;
import example.ws_security.PasswordHandler;

public class TTTest
{
??? private WSS4JOutHandler wsOut;
??? private Service service;
??? private BookService bookservice;
??? private Client client;
??? public TTTest(){}
??? public void testClientEcr()
??

Unknown macro: { ??? ?String serviceName="BookServiceEnc"; ??? ?String actions=WSHandlerConstants.ENCRYPT; ??? ?String SERVICE_URL ="http}

catch (MalformedURLException e)?

Unknown macro: {?e.printStackTrace(); ??}

??????? wsOut = new WSS4JOutHandler();???????
??????? wsOut.setProperty(WSHandlerConstants.SIG_PROP_FILE, "META-INF/xfire/insecurity.properties");
??????? wsOut.setProperty(WSHandlerConstants.ENC_PROP_FILE, "META-INF/xfire/insecurity.properties");
??????? wsOut.setProperty(WSHandlerConstants.USER, "ws_security");
??????? wsOut.setProperty("password", "keypassword");
??????? wsOut.setProperty(WSHandlerConstants.PASSWORD_TYPE,WSConstants.PW_TEXT);
??????? wsOut.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS,PasswordHandler.class.getName());
??????? wsOut.setProperty(WSHandlerConstants.SIG_KEY_ID,"IssuerSerial");?
??????? client.addOutHandler(new DOMOutHandler());
??????? client.addOutHandler(wsOut);
??????? //client.addInHandler(new DOMInHandler());
??????? //wsOut.setProperty(WSHandlerConstants.TTL_TIMESTAMP,"30");
??????? wsOut.setProperty(WSHandlerConstants.ACTION, actions);
??????? System.out.println(bookservice.echo("Client test msg"+actions));
??????? client.close();
??? }
??? public void testClient2(String serviceName,String actions)
??? {
??? ?String SERVICE_URL="http://localhost:8080/TT/services/"+serviceName;
??? ?//建議采用此種方式進行創建服務（帶有服務名，此例為"BookService"）
??? ?service=new ObjectServiceFactory().create(BookService.class,serviceName,null,null);
??? ?try
??? ?{
???bookservice=(BookService) new XFireProxyFactory().create(service, SERVICE_URL);
???client = ((XFireProxy) Proxy.getInvocationHandler(bookservice)).getClient();
??}}
?} catch (MalformedURLException e)

Unknown macro: { ???e.printStackTrace();}

wsOut = new WSS4JOutHandler();???????
??????? wsOut.setProperty(WSHandlerConstants.SIG_PROP_FILE, "META-INF/xfire/outsecurity.properties");
??????? wsOut.setProperty(WSHandlerConstants.ENC_PROP_FILE, "META-INF/xfire/outsecurity.properties");
??????? wsOut.setProperty(WSHandlerConstants.USER, "ws_security");
??????? wsOut.setProperty("password", "keypassword");
??????? wsOut.setProperty(WSHandlerConstants.PASSWORD_TYPE,WSConstants.PW_TEXT);
??????? wsOut.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS,PasswordHandler.class.getName());
??????? wsOut.setProperty(WSHandlerConstants.SIG_KEY_ID,"IssuerSerial");
??????? client.addOutHandler(new DOMOutHandler());
??????? client.addOutHandler(wsOut);
??????? //client.addInHandler(new DOMInHandler());
??????? //wsOut.setProperty(WSHandlerConstants.TTL_TIMESTAMP,"30");
??????? wsOut.setProperty(WSHandlerConstants.ACTION, actions);
??????? System.out.println(bookservice.echo("Client test msg "+actions));
??????? client.close();
??? }
??? public static void main(String [] args)

Unknown macro: {??? ?TTTest tt=new TTTest(); ??? ?tt.testClientEcr(); ??? ?tt.testClient2("BookServiceSign", WSHandlerConstants.SIGNATURE); ??? ?tt.testClient2("BookServiceUsernameToken", WSHandlerConstants.USERNAME_TOKEN); ??? ?tt.testClient2("BookServiceTimestamp", WSHandlerConstants.TIMESTAMP);}

}

posted on 2007-01-22 11:37 OMG 閱讀(1305) 評論(0) 編輯收藏所屬分類: Webservice

新用戶注冊刷新評論列表


只有注冊用戶登錄后才能發表評論。




網站導航: 博客園 IT新聞 Chat2DB C++博客博問管理
相關文章: RSA使用簡述如何使用keytool創建密鑰倉庫 XFire中實現WS-Security完整編 9月23日成都WS-Security演講內容稿