国产传媒在线,精品日韩av,国产日韩欧美视频

[原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J)

鑒于很多系統需要實施WS-Security的標準，我們在SpringSide中提供了XFire+WSS4J的Demo，本文介紹SpringSide中Spring+XFire+WSS4J的基本配置

[WebService Server端配置]
第一，創建一個基本的BookService

public?interface?BookService?{

????/**

?????*?按書名模糊查詢圖書

?????*/

????List?findBooksByName(String?name);

????/**

?????*?查找目錄下的所有圖書

?????*

?????*?@param?categoryId?如果category為null或“all”，?列出所有圖書。

?????*/

????List?findBooksByCategory(String?categoryId);

????/**

?????*?列出所有分類.

?????*

?????*?@return?List<Category>，或是null。

?????*/

????List?getAllCategorys();

}

第二，接口擴展，即Extend基本的BookService，在XFire中，不同的WSS4J策略需要針對不同的ServiceClass，否則<inHandlers>里面的定義會Overlap。

public?interface?BookServiceWSS4JEnc??extends?BookService?{

}

public?interface?BookServiceWSS4JSign??extends?BookService?{

}

第三，配置Spring的ApplicationContext文件

????

????<bean?id="baseWebService"?class="org.codehaus.xfire.spring.remoting.XFireExporter"?abstract="true">

????????<property?name="serviceFactory"?ref="xfire.serviceFactory"/>

????????<property?name="xfire"?ref="xfire"/>

????</bean>

????<bean?class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">

????????<property?name="mappings">

????????????<value>

????????????????/BookService=bookService

????????????????/BookServiceWSS4J=bookServiceWSS4J

????????????????/BookServiceWSS4JEnc=bookServiceWSS4JEnc

????????????????/BookServiceWSS4JSign=bookServiceWSS4JSign

????????????</value>

????????</property>

????</bean>

???

????<bean?id="bookService"?class="org.codehaus.xfire.spring.remoting.XFireExporter">

????????<property?name="serviceFactory"?ref="xfire.serviceFactory"/>

????????<property?name="xfire"?ref="xfire"/>

????????<property?name="serviceBean"?ref="bookManager"/>

????????<property?name="serviceClass"?value="org.springside.bookstore.plugins.xfire.service.BookService"/>

????</bean>

????

????<bean?id="bookServiceWSS4J"?class="org.codehaus.xfire.spring.remoting.XFireExporter">

????????<property?name="serviceBean"?ref="bookManager"/>

????????<property?name="serviceClass"?value="org.springside.bookstore.plugins.xfire.service.BookServiceWSS4J"/>

????????<property?name="inHandlers">

????????????<list>

????????????????<ref?bean="domInHandler"/>

????????????????<ref?bean="wss4jInHandler"/>

????????????????<ref?bean="validateUserTokenHandler"/>

????????????</list>

????????</property>

????</bean>

????<bean?id="domInHandler"?class="org.codehaus.xfire.util.dom.DOMInHandler"/>

????<bean?id="wss4jInHandler"?class="org.codehaus.xfire.security.wss4j.WSS4JInHandler">

????????<property?name="properties">

????????????<props>

????????????????<prop?key="action">UsernameToken</prop>

????????????????<prop?key="passwordCallbackClass">org.springside.bookstore.plugins.xfire.wss4j.PasswordHandler</prop>

????????????</props>

????????</property>

????</bean>

????<bean?id="validateUserTokenHandler"?class="org.springside.bookstore.plugins.xfire.wss4j.WSS4JTokenHandler"/>

????

????

????<bean?id="bookServiceWSS4JEnc"?class="org.codehaus.xfire.spring.remoting.XFireExporter">

????????<property?name="serviceBean"?ref="bookManager"/>

????????<property?name="serviceClass"?value="org.springside.bookstore.plugins.xfire.service.BookServiceWSS4JEnc"/>

????????<property?name="inHandlers">

????????????<list>

????????????????<ref?bean="domInHandler"/>

????????????????<ref?bean="wss4jInHandlerEnc"/>

????????????????<ref?bean="validateUserTokenHandler"/>

????????????</list>

????????</property>

????</bean>

????????

????<bean?id="wss4jInHandlerEnc"?class="org.codehaus.xfire.security.wss4j.WSS4JInHandler">

????????<property?name="properties">

??????????<props>

????????????<prop?key="action">Encrypt</prop>

????????????<prop?key="decryptionPropFile">org/springside/bookstore/plugins/xfire/wss4j/insecurity_enc.properties</prop>

????????????<prop?key="passwordCallbackClass">org.springside.bookstore.plugins.xfire.wss4j.PasswordHandler</prop>

??????????</props>

????????</property>

????</bean>

????

????

????<bean?id="bookServiceWSS4JSign"?class="org.codehaus.xfire.spring.remoting.XFireExporter">

????????<property?name="serviceBean"?ref="bookManager"/>

????????<property?name="serviceClass"?value="org.springside.bookstore.plugins.xfire.service.BookServiceWSS4JSign"/>

????????<property?name="inHandlers">

????????????<list>

????????????????<ref?bean="domInHandler"/>

????????????????<ref?bean="wss4jInHandlerSign"/>

????????????????<ref?bean="validateUserTokenHandler"/>

????????????</list>

????????</property>

????</bean>

????

????<bean?id="wss4jInHandlerSign"?class="org.codehaus.xfire.security.wss4j.WSS4JInHandler">

????????<property?name="properties">

??????????<props>

????????????<prop?key="action">Signature</prop>

????????????<prop?key="signaturePropFile">org/springside/bookstore/plugins/xfire/wss4j/insecurity_sign.properties</prop>

????????????<prop?key="passwordCallbackClass">org.springside.bookstore.plugins.xfire.wss4j.PasswordHandler</prop>

??????????</props>

????????</property>

????</bean>

????

</beans>

第四，配置insecurity_enc.properties和insecurity_sign.properties兩個密鑰庫配置文件
insecurity_enc.properties：

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=SpringSide
org.apache.ws.security.crypto.merlin.alias.password=SpringSide
org.apache.ws.security.crypto.merlin.keystore.alias=david
org.apache.ws.security.crypto.merlin.file=org/springside/bookstore/plugins/xfire/wss4j/springside_private.jks

outsecurity_sign.properties：

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=SpringSide
org.apache.ws.security.crypto.merlin.keystore.alias=david
org.apache.ws.security.crypto.merlin.file=org/springside/bookstore/plugins/xfire/wss4j/springside_public.jks

第五，使用SecureX生成了兩個keystore文件
springside_private.jks

別名名稱：?david
創建日期：?2006-8-6
輸入類型：KeyEntry
認證鏈長度：?1
認證?[1]:
Owner:?CN=david,?OU=SpringSide,?O=org,?L=gz,?ST=gd,?C=cn
發照者：?CN=david,?OU=SpringSide,?O=org,?L=gz,?ST=gd,?C=cn
序號：?44d4cdcd
有效期間：?Sun?Aug?06?00:56:45?CST?2006?至：?Mon?Aug?06?00:56:45?CST?2007
認證指紋：
?????????MD5：??CF:97:13:0C:70:D0:4D:B6:B4:27:0F:1A:0B:CF:D9:F2
?????????SHA1：?8E:8E:E8:BC:64:39:C8:43:E4:F7:1B:3B:CE:48:1D:6B:A0:2B:58:B5

springside_public.jks

別名名稱：?david

創建日期：?2006-8-6

輸入類型：?trustedCertEntry

Owner:?CN=david,?OU=SpringSide,?O=org,?L=gz,?ST=gd,?C=cn

發照者：?CN=david,?OU=SpringSide,?O=org,?L=gz,?ST=gd,?C=cn

序號：?44d4cdcd

有效期間：?Sun?Aug?06?00:56:45?CST?2006?至：?Mon?Aug?06?00:56:45?CST?2007

認證指紋：

?????????MD5：??CF:97:13:0C:70:D0:4D:B6:B4:27:0F:1A:0B:CF:D9:F2

?????????SHA1：?8E:8E:E8:BC:64:39:C8:43:E4:F7:1B:3B:CE:48:1D:6B:A0:2B:58:B5

第五，新版本SpringSide需要
http://www.bouncycastle.org/download/bcprov-jdk15-133.jar
并且要配置java.security
另外,還要使用jdk加密增強策略
http://www.aygfsteel.com/openssl/archive/2006/03/08/34381.html

用戶要使用WSS4J，需要配置Bouncycastle這個SecurityProvider，否則
運行Enc模式的XFire認證的時候，會拋出異常：
org.apache.ws.security.WSSecurityException: An unsupported signature or encryption algorithm was used unsupported key
配合java.security也是非常簡單:
在最后加入BouncycastleProvider。
security.provider.1=sun.security.provider.Sun
security.provider.2=com.sun.net.ssl.internal.ssl.Provider
security.provider.3=com.sun.rsajca.Provider
security.provider.4=com.sun.crypto.provider.SunJCE
security.provider.5=sun.security.jgss.SunProvider
security.provider.6=org.bouncycastle.jce.provider.BouncyCastleProvider

[WebService Client端配置]
1，Encrypt模式的Client是在客戶端用david的公鑰加密Soap里面的usernameToken，然后發送到Web服務，Web服務用david的私鑰來驗證。這種模式需要客戶端預先知道服務器端的公鑰。

在Encrypt模式中，需要這樣配置ClientHandler：

????????Service?serviceModel?=?new?ObjectServiceFactory().create(BookServiceWSS4JEnc.class);

????????XFireProxyFactory?factory?=?new?XFireProxyFactory(getXFire());

????????BookService?service?=?(BookService)?factory.create(serviceModel,?"xfire.local://BookServiceWSS4JEnc");

????????Client?client?=?((XFireProxy)?Proxy.getInvocationHandler(service)).getClient();

????????//掛上WSS4JOutHandler，提供認證

????????client.addOutHandler(new?DOMOutHandler());

????????Properties?properties?=?new?Properties();

????????configureOutProperties(properties);

????????client.addOutHandler(new?WSS4JOutHandler(properties));

????????List?list?=?service.getAllCategorys();

configureOutProperties函數負責指定Client使用何種安全策略，沒錯，使用outsecurity_enc.properties，這個properties是跟Server端的insecurity_enc.properties一起使用的。

????protected?void?configureOutProperties(Properties?config)?{
????????config.setProperty(WSHandlerConstants.ACTION,?WSHandlerConstants.ENCRYPT);
????????config.setProperty(WSHandlerConstants.USER,?"david");
????????//config.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS,?PasswordHandler.class.getName());
????????//Configuration?of?public?key?used?to?encrypt?message?goes?to?properties?file.
????????config.setProperty(WSHandlerConstants.ENC_PROP_FILE,
???????????????????????????????"org/springside/bookstore/plugins/xfire/outsecurity_enc.properties");
????}

outsecurity_enc.properties：

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin

org.apache.ws.security.crypto.merlin.keystore.type=jks

org.apache.ws.security.crypto.merlin.keystore.password=SpringSide

org.apache.ws.security.crypto.merlin.keystore.alias=david

org.apache.ws.security.crypto.merlin.file=org/springside/bookstore/plugins/xfire/wss4j/springside_public.jks

2, Sign模式的Client同樣也是很簡單，這種模式是Client端用自己的私鑰為usernameToken簽名，服務器端用Client的公鑰來驗證簽名，因此，服務器端需要預先知道客戶端的公鑰。
對應于Encrypt模式，這里的configureOutProperties需要這樣來配置：

????protected?void?configureOutProperties(Properties?properties)?{
????????properties.setProperty(WSHandlerConstants.ACTION,WSHandlerConstants.SIGNATURE);
????????//?User?in?keystore
????????properties.setProperty(WSHandlerConstants.USER,?"david");
????????//?This?callback?is?used?to?specify?password?for?given?user?for?keystore
????????properties.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS,?PasswordHandler.class.getName());
????????//?Configuration?for?accessing?private?key?in?keystore
????????properties.setProperty(WSHandlerConstants.SIG_PROP_FILE,"org/springside/bookstore/plugins/xfire/outsecurity_sign.properties");
????????properties.setProperty(WSHandlerConstants.SIG_KEY_ID,"IssuerSerial");
????}

outsecurity_sign.properties：

posted on 2006-08-08 09:09 david.turing 閱讀(22395) 評論(42) 編輯收藏所屬分類: Security領域

理論上，Sign模式適合分發型的Webservice結構，舉一個例子，Microsoft公司有一個能夠計算股市走勢的WebService，他當然不希望授權才能訪問，于是，他要求調用方為每個Soap請求簽名，這樣他可以確保購買了服務的人才能享受此服務

Encrypt模式適合集中式的WebService結構，舉一個例子，中國最高人民檢察院提供一個WebService服務，它希望民間團體能夠向政府舉證揭發貪污腐敗的官員，于是，他公布了自己的keystore，其中包含了私鑰，于是，民間團體可以通過Encrypt模式加密一些比較私隱的信息(Username)，Only檢察院才能解密(因為他們有私鑰)。回復更多評論

# re: 實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-08-08 16:14 向大家學習

david研究AXIS2沒有？回復更多評論

# re: 實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-08-08 16:28 david.turing

我和白衣都是從Axis2轉移到XFire，僅僅因為XFire是build on在Spring之上，集成Spring更容易。回復更多評論

# re: 實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-08-09 23:07 向大家學習

david寫篇wss4j中使用opensaml的文章，網上都找不到相關文章回復更多評論

# re: 實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-08-11 08:40 david.turing

好建議，我打算做一個Weblogic 9.2和XFire SAML的SSO Demo 回復更多評論

# re: 實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-08-11 14:30 向大家學習

代表人民感謝你了，只是我用的是AXIS2，很期待你的作品。回復更多評論

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-09-06 02:24 shuangxi

Hi, I have a question regarding to the exception handling. In my app,
the server encrypt the message before sending to client. But when
exception occurs, the client doesn't seem to be able to read the fault,
here is the stacktrace:

org.codehaus.xfire.fault.XFireFault: WSS4JInHandler: Request does not contain required Security header
at org.codehaus.xfire.security.wss4j.WSS4JInHandler.invoke(WSS4JInHandler.java:159)
at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:110)
at org.codehaus.xfire.client.Client.onReceive(Client.java:382)
....

Have you experiencing the same problem?

thanks, 回復更多評論

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-09-06 10:21 david.turing

it seems that you have not correctly config the xfire configuration.
I meant that if you use Sign-Mode, you should not use the Encrypt-Mode Handler

Carefully check the configuration
<bean id="wss4jInHandlerSign" class="org.codehaus.xfire.security.wss4j.WSS4JInHandler">
<property name="properties">
<props>
<prop key="action">Signature</prop>
<prop key="signaturePropFile">org/springside/bookstore/plugins/xfire/wss4j/insecurity_sign.properties</prop>
<prop key="passwordCallbackClass">org.springside.bookstore.plugins.xfire.wss4j.PasswordHandler</prop>
</props>
</property>
</bean>

check the "Signature" and "signaturePropFile". Be Sure not to confuss by "Encrypt" and "decryptionPropFile". 回復更多評論

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-10-13 12:59 guofeng

很高興國內有這樣的作品，不過我做了WS-Security測試, Signature簽名這個例子走不通，遇到異常：
org.codehaus.xfire.fault.XFireFault: WSHandler: Signature: error during message processing org.apache..ws.security.WSSecurityException:Signature creation failed; nested exception is: java.lang.NullPointerException
我很希望能夠得到您的指點在WS-Security方面。非常感謝！回復更多評論

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-10-27 12:53 david.turing

Debug一下，我在SpringSide2提供了一個測試的使用類，去借鑒一下？回復更多評論

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-01-12 13:24 三石

兩種方式按照例子都調通了,不過現在有個問題,我的客戶端是通過wsdl用XFire的wsgen生成的,生成了3個文件:BookServiceClient.java/BookServiceImpl.java/BookServicePortType.java,仍然用例子中的代碼,只是把BookService改成了BookServicePortType,其他基本沒變.
發布的方法如果返回的是基本類型,能正常訪問到.如果返回的是對象,客戶端就會報錯org.codehaus.xfire.fault.XFireFault: Couldn't instantiate class. javax.xml.bind.JAXBElement.如果返回的是List,客戶端不報錯,但List的size為0
對于復雜對象應該怎么處理?用wsgen生成的客戶端如何才能和WS security關聯起來? 回復更多評論

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-03-09 15:21 lodzio

http://www.filmati-sadomaso.irsuto.info @X@ 回復更多評論

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-05-10 18:26 王金柱

使用WSS4J,配置Bouncycastle這個SecurityProvider時,不用更改jdk中的java.security.直接將包bcprov-jdk16-136.jar導入工程即可.下載地址是http://www.bouncycastle.org/

回復更多評論

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-05-10 18:31 王金柱

最近作網關的安全性功能.david關于WS-Security的文章講得非常好.對我的
幫助很大.謝謝~~~~~ 回復更多評論

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-05-11 10:21 csnowfox

不錯不錯，我也附上我的客戶端中使用spring的Sign模式配置
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<beans default-autowire="byName">
<bean id="xFireClientFactoryBean"
class="org.codehaus.xfire.spring.remoting.XFireClientFactoryBean">
<property name="serviceClass">
<value>org.cmb.webservice.service.Transaction</value>
</property>
<property name="wsdlDocumentUrl">
<value>http://localhost:9090/transaction.ser?wsdl</value>
</property>
<property name="outHandlers">
<list>
<ref bean="domOutHandler" />
<ref bean="wss4jOutHandlerSign" />
</list>
</property>
</bean>
<bean id="domOutHandler"
class="org.codehaus.xfire.util.dom.DOMOutHandler" />
<bean id="wss4jOutHandlerSign"
class="org.codehaus.xfire.security.wss4j.WSS4JOutHandler">
<property name="properties">
<props>
<prop key="action">Signature</prop>
<prop key="user">ws_security</prop>
<prop key="passwordCallbackClass"> org.cmb.client.web.util.PasswordHandler
</prop>
<prop key="signaturePropFile"> org/cmb/client/web/util/insecurity.properties
</prop>
<prop key="signatureKeyIdentifie">IssuerSerial</prop>
</props>
</property>
</bean>
</beans> 回復更多評論

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J)[未登錄] 2007-05-24 17:14 kevin

有個問題想要問一下:
一個webservices的發布接口,既要簽名又要加密該怎么配置?
意思就是客戶端的請求需要用自己的私鑰簽名,用服務端的公鑰加密,服務端用客戶端的公鑰驗證簽名,用自己的私鑰解密回復更多評論

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-05-30 13:39 王金拄

和只作加密或只作簽名時的方法基本一樣。
例如：
在服務端配置：

<bean id="bookServiceWSS4JSignEnc" class="org.codehaus.xfire.spring.remoting.XFireExporter">
<property name="serviceBean" ref="bookManager"/>
<property name="serviceClass" value="org.springside.bookstore.plugins.xfire.service.BookServiceWSS4JSignEnc"/>
<property name="inHandlers">
<list>
<ref bean="domInHandler"/>
<ref bean="wss4jInHandlerSignEnc"/>
<ref bean="validateUserTokenHandler"/>
</list>
</property>
</bean>

<bean id="wss4jInHandlerSignEnc" class="org.codehaus.xfire.security.wss4j.WSS4JInHandler">
<property name="properties">
<props>
<prop key="action">Encrypt Signature</prop>
<prop key="signaturePropFile">org/springside/bookstore/plugins/xfire/wss4j/insecurity_sign.properties</prop>
<prop key="decryptionPropFile">org/springside/bookstore/plugins/xfire/wss4j/insecurity_enc.properties</prop>
<prop key="passwordCallbackClass">org.springside.bookstore.plugins.xfire.wss4j.PasswordHandler</prop>
</props>
</property>
</bean>

</beans>

客戶端也作相應的修改即可。
注意：1.客戶端在配置WSHandlerConstants.ACTION時，Encrypt Signature的順序不能寫反。
2.用于加密和簽名的密鑰對最好配置成獨立的兩對。回復更多評論

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-05-30 16:35 王金拄

@kevin
在xfire-distribution-1.2.6中的example文件夾中有個ws-security例子。也可以借鑒一下。回復更多評論

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-05-31 08:59 yanghuw

我寫Client代碼調用時為什么拋出異常，說NamespaceURI cannot be null. 回復更多評論

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-06-01 18:27 王金拄

可能是你的服務端設置了命名空間而客戶端沒有設置命名空間。
要把服務端和客戶端都的命名空間設置成相同的。或者都用默認的回復更多評論

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-06-03 14:39 sdfa

能和acegi集成實現安全認證？回復更多評論

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-06-04 12:05 yanghuw

我沒有指定命名空間，如果返回的對象的所有屬性都是基本類型的話沒有問題，但是如果屬性包含別的對象就會拋出異常
回復更多評論

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-06-11 11:04 nesta

為什么我的老是報這個錯誤呢？我使用的是1.26版的。
2007-06-11 10:59:12,640 ERROR - Servlet.service() for servlet jsp threw excepti
on
java.lang.IllegalStateException: getOutputStream() has already been called for t
his response
at org.apache.catalina.connector.Response.getWriter(Response.java:599)
at org.apache.catalina.connector.ResponseFacade.getWriter(ResponseFacade
.java:195)
at org.apache.jasper.runtime.JspWriterImpl.initOut(JspWriterImpl.java:12
4)
at org.apache.jasper.runtime.JspWriterImpl.flushBuffer(JspWriterImpl.jav
a:117)
at org.apache.jasper.runtime.PageContextImpl.release(PageContextImpl.jav
a:191)
at org.apache.jasper.runtime.JspFactoryImpl.internalReleasePageContext(J
spFactoryImpl.java:115)
at org.apache.jasper.runtime.JspFactoryImpl.releasePageContext(JspFactor
yImpl.java:75)
at org.apache.jsp.image_jsp._jspService(image_jsp.java:129)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper
.java:332)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:3
14)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:173)
at com.syscanhc.tjy.util.SetCharacterEncodingFilter.doFilter(SetCharacte
rEncodingFilter.java:171)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
alve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
alve.java:178)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
ava:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
ava:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
ve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
a:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java
:869)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.p
rocessConnection(Http11BaseProtocol.java:664)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpo
int.java:527)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFol
lowerWorkerThread.java:80)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP
ool.java:684)
at java.lang.Thread.run(Thread.java:595) 回復更多評論

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-06-12 20:26 ntucz

.net有可能調用ws-security啊？回復更多評論

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J)[未登錄] 2007-08-29 11:05 Neil

insecurity_sign.properties
這個文件沒有呀回復更多評論

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-09-27 11:29 null

好像是xfire帶的例子的子集回復更多評論

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-10-11 16:20 yd

" Encrypt模式的Client是在客戶端用david的公鑰加密Soap里面的usernameToken，然后發送到Web服務，Web服務用david的私鑰來驗證。這種模式需要客戶端預先知道服務器端的公鑰。"
encrypt模式是對usernameToken加密還是對整個soap消息加密?如過是前者,那如何對整個soap消息加密來保證消息的安全性呢？回復更多評論

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-12-23 14:19 srvrv12

我在Sign的模式下一直出現
Could not invoke service.. Nested exception is org.codehaus.xfire.fault.XFireFault: WSS4JInHandler: security processing failed
但在Enc的模式下卻是正常的，我檢查過所有的配置及寫法都是正確的，請問一下問題可能出在那裡?

另外，我用Enc的模式在 TCP/IP Monitor裡進行觀查，發現Client所發出的訊息是有加密，但Server端所回覆的卻是明碼，請問我如何進行加密? thanks~~ 回復更多評論

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J)[未登錄] 2007-12-29 11:38 MagicYang

樓上的第二個問題應該是沒有配置outHandlers
<bean id="bookServiceWSS4JEnc" class="org.codehaus.xfire.spring.remoting.XFireExporter">
<property name="serviceBean" ref="bookManager"/>
<property name="serviceClass" value="org.springside.bookstore.plugins.xfire.service.BookServiceWSS4JEnc"/>
<property name="inHandlers">
<list>
<ref bean="domInHandler"/>
<ref bean="wss4jInHandlerEnc"/>
<ref bean="validateUserTokenHandler"/>
</list>
</property>
<property name="outHandlers">
<list>
...
</list>
</property>
</bean> 回復更多評論

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J)[未登錄] 2008-01-15 13:05 bruce

寫的不錯! 回復更多評論

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J)[未登錄] 2008-01-15 16:55 william

16:47:32,875 DEBUG [org.codehaus.xfire.handler.HandlerPipeline] Invoking handler org.codehaus.xfire.soap.handler.ValidateHeadersHandler in phase pre-invoke
16:47:32,906 INFO [org.codehaus.xfire.handler.DefaultFaultHandler] Fault occurred!
org.codehaus.xfire.fault.XFireFault: Header {Security}http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd was not undertsood by the service.
at org.codehaus.xfire.soap.handler.ValidateHeadersHandler.assertUnderstandsHeader(ValidateHeadersHandler.java:76)
at org.codehaus.xfire.soap.handler.ValidateHeadersHandler.invoke(ValidateHeadersHandler.java:53)
at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)
at org.codehaus.xfire.transport.DefaultEndpoint.onReceive(DefaultEndpoint.java:64)
at org.codehaus.xfire.transport.AbstractChannel.receive(AbstractChannel.java:38)
at org.codehaus.xfire.transport.http.XFireServletController.invoke(XFireServletController.java:304)
at org.codehaus.xfire.transport.http.XFireServletController.doService(XFireServletController.java:129)
at org.codehaus.xfire.transport.http.XFireServlet.doPost(XFireServlet.java:116)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.struts2.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:413)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.struts2.dispatcher.ActionContextCleanUp.doFilter(ActionContextCleanUp.java:99)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:81)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:39)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:159)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
at java.lang.Thread.run(Thread.java:595) 回復更多評論

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J)[未登錄] 2008-01-15 16:56 william

誰能告訴我這個異常是為什么啊?斑竹在嗎? 回復更多評論

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J)[未登錄] 2008-01-15 16:56 william

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J)[未登錄] 2008-01-18 16:31 william

斑竹能給我一個完整的例子嗎?例如怎么配置services.xml文件,怎么和SPRING 整合,怎么生成私鑰和公鑰和證書等等,還有怎么通過SOAP HEADER來認證的,怎么通過SESSION認證,怎么實現和ACEGI的整合,怎么解決上面的問題,希望斑竹給個聯系方式,我們可以交流交流,我的EMAIL是:362726130@QQ.COM,謝謝! 回復更多評論

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2008-04-15 22:17 wmcoo

終于找到了,遲來的星星回復更多評論

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J)[未登錄] 2008-07-27 01:10 sam

如果客戶端的是多個密鑰的話，服務端怎么處理，怎么選擇客戶端的公鑰來加密呢？回復更多評論

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2008-09-24 15:33 hello

SecureX 是什么啊,怎么用啊? 回復更多評論

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2008-09-24 15:33 hello

生成.jks文件的sourceX是什么?怎么用的?什么原理呀? 回復更多評論

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2008-11-26 13:14 leke_斌

真是好文章在這篇文章的基礎上我實現了用戶驗證+報文加密的WS-Security，在結合中出現org.apache.ws.security.components.crypto.Merlin cannot create instance這個異常花費了我一天的時間才解決這問題最后我是重新配置了一遍密鑰庫文件,把私鑰和密鑰對的別名的訪問密碼重新設定。

但現在我這邊還有個問題，因為我這邊是C#與java兩點交互的系統不知在C＃端能不能怎么加密報文
大家多多指教 email: liubinan@yahoo.com.cn
回復更多評論

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2009-01-15 09:26 賑災研究

@三石
Service serviceModel = new ObjectServiceFactory(
new AegisBindingProvider(new JaxbTypeRegistry()))
.create(UserServiceComPortType.class);

myeclipse自動生成的web service與xfire默認的綁定方式不一樣造成的。
xfire默認的綁定方式是：aegis。而生成的客戶端是用的JAXB@三石
回復更多評論

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2011-06-02 21:10 xuezhishou

不知樓主現在是否還能回答下問題！本人遇到了和srvrv12的第一個問題一樣的問題，即在Sign的模式下一直出現 Could not invoke service.. Nested exception is org.codehaus.xfire.fault.XFireFault: WSS4JInHandler: security processing failed ，不知是否已經有人解決了，可否賜教下
回復更多評論

新用戶注冊刷新評論列表


只有注冊用戶登錄后才能發表評論。




網站導航: 博客園 IT新聞 Chat2DB C++博客博問管理
相關文章: 關于配置Weblogic的NodeManager服務 [原創] Pass SSL Certificate to Weblogic Cluster through Apache Proxy under SSL [原創]Apache Proxy with Weblogic Cluster under SSL 發布一個簡易版本的SecureXRCP [原創]國內大部分的USBKey通過B/S方式（CAPICOM）產生數字簽名的嚴重安全漏洞 SecureX Eclipse Plugin Alpha2發布發布SecureX Eclipse Plugin 2.0.0 alpha版本 [轉載]推薦一下CSDN《程序員》的《開源大本營》 Yale CAS as an Acegi Client in SpringSide [原創] SSO(Single Sign-on) in Action(上篇)

David.Turing's blog

[原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J)

評論

# re: 實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-08-08 09:17 江南白衣

# re: 實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-08-08 11:40 david.turing

# re: 實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-08-08 16:14 向大家學習

# re: 實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-08-08 16:28 david.turing

# re: 實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-08-09 23:07 向大家學習

# re: 實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-08-11 08:40 david.turing

# re: 實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-08-11 14:30 向大家學習

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-09-06 02:24 shuangxi

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-09-06 10:21 david.turing

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-10-13 12:59 guofeng

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2006-10-27 12:53 david.turing

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-01-12 13:24 三石

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-03-09 15:21 lodzio

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-05-10 18:26 王金柱

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-05-10 18:31 王金柱

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-05-11 10:21 csnowfox

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J)[未登錄] 2007-05-24 17:14 kevin

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-05-30 13:39 王金拄

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-05-30 16:35 王金拄

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-05-31 08:59 yanghuw

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-06-01 18:27 王金拄

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-06-03 14:39 sdfa

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-06-04 12:05 yanghuw

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-06-11 11:04 nesta

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-06-12 20:26 ntucz

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J)[未登錄] 2007-08-29 11:05 Neil

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-09-27 11:29 null

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-10-11 16:20 yd

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2007-12-23 14:19 srvrv12

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J)[未登錄] 2007-12-29 11:38 MagicYang

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J)[未登錄] 2008-01-15 13:05 bruce

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J)[未登錄] 2008-01-15 16:55 william

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J)[未登錄] 2008-01-15 16:56 william

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J)[未登錄] 2008-01-15 16:56 william

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J)[未登錄] 2008-01-18 16:31 william

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2008-04-15 22:17 wmcoo

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J)[未登錄] 2008-07-27 01:10 sam

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2008-09-24 15:33 hello

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2008-09-24 15:33 hello

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2008-11-26 13:14 leke_斌

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2009-01-15 09:26 賑災研究

# re: [原創]實施WebService Security[WS-Security1.0]的Encrypt和Sign模式(XFire+WSS4J) 2011-06-02 21:10 xuezhishou

導航

統計

常用鏈接

留言簿(110)

我參與的團隊

隨筆分類(126)

隨筆檔案(155)

文章分類(9)

文章檔案(19)

相冊

搜索

積分與排名

最新隨筆

最新評論

閱讀排行榜

評論排行榜