CXF(2.4.2)使用WSS4J(1.6.2)实现WS-Security规范--用户名令牌 .

wang1986614 2011-08-31 10:36:34
这几天学习CXF,单独的发布服务没问题,也可以访问;但是实现用户名令牌验证的时候总是出错;下面我把代码贴出来,请各位指点迷津,谢谢!


1.HelloWorld.java

package demo;

import javax.jws.WebService;

@WebService
public interface HelloWorld {
String sayHi(String text);
}


2.HelloWorldImpl.java

package demo;


public class HelloWorldImpl implements HelloWorld {

public String sayHi(String text) {
return "Hello:" + text;
}

}


3.WSDemoAuthHandler.java

package demo;

import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.ws.security.WSPasswordCallback;

public class WSDemoAuthHandler implements CallbackHandler {
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
System.out.println("length:" + callbacks.length);
WSPasswordCallback passwordCallback = (WSPasswordCallback) callbacks[0];
String password = passwordCallback.getPassword();
String identifier = passwordCallback.getIdentifier();
System.out.println("Identifier:" + identifier);
System.out.println("password:" + password);
if (identifier.equals("testws") && password.equals("admin")) {
System.out.println("success!!!");
} else {
throw new IOException("wrong username");
}
}

}


4.服务端的spring配置文件bean.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">
<import resource="classpath:META-INF/cxf/cxf.xml" />
<import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
<jaxws:endpoint id="helloWorld" implementor="demo.HelloWorldImpl"
address="/HelloWorld">
<jaxws:inInterceptors>
<!-- 日志 -->
<bean class="org.apache.cxf.interceptor.LoggingInInterceptor" />
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
<map>
<!-- 表示验证机制是用户姓名令牌,也就是使用用户名和密码机制 -->
<entry key="action" value="UsernameToken" />
<!-- 表示密码类型是文本,还可以是WSConstants.PASSWORD_DIGEST(密码会被加密为MD5) -->
<entry key="passwordType" value="PasswordText" />
<entry key="user" value="server"></entry>
<!-- 表示服务器端验证密码的回调处理类,这个类必须实现CallbackHandler接口 -->
<entry>
<key>
<value>passwordCallbackRef</value>
</key>
<ref bean="passwordCallback" />
</entry>
</map>
</constructor-arg>
</bean>
</jaxws:inInterceptors>
</jaxws:endpoint>
<bean id="passwordCallback" class="demo.WSDemoAuthHandler"></bean>
</beans>

5.web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<display-name>CXF Servlet</display-name>

<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>WEB-INF/bean.xml</param-value>
</context-param>

<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<servlet>
<servlet-name>CXFServlet</servlet-name>
<servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
<servlet-name>CXFServlet</servlet-name>
<url-pattern>/services/*</url-pattern>
</servlet-mapping>

<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
...全文
613 12 打赏 收藏 转发到动态 举报
写回复
用AI写文章
12 条回复
切换为时间正序
请发表友善的回复…
发表回复
wang1986614 2012-01-12
  • 打赏
  • 举报
回复
[Quote=引用 11 楼 itcyt123 的回复:]
引用 10 楼 wang1986614 的回复:
资源里有的,搜关键词


cxf-rest安全认证的demo有吗?
[/Quote]

我传上去的
itcyt123 2012-01-12
  • 打赏
  • 举报
回复
[Quote=引用 10 楼 wang1986614 的回复:]
资源里有的,搜关键词
[/Quote]

cxf-rest安全认证的demo有吗?
wang1986614 2011-12-30
  • 打赏
  • 举报
回复
资源里有的,搜关键词
itcyt123 2011-12-29
  • 打赏
  • 举报
回复
楼主能否提供cxf-rest 用户名令牌验证的解决方案?多谢
wang1986614 2011-12-07
  • 打赏
  • 举报
回复
我早就在资源里都上传了,搜一下就有的
wang1986614 2011-11-28
  • 打赏
  • 举报
回复
[Quote=引用 6 楼 cr266 的回复:]
你好,能发我一下你做出来的这个 CXF(2.4.2)使用WSS4J(1.6.2)实现WS-Security规范--用户名令牌的完整Demo吗
[/Quote]

头像很帅哦
程序员阿牛啊 2011-11-27
  • 打赏
  • 举报
回复
你好,能发我一下你做出来的这个 CXF(2.4.2)使用WSS4J(1.6.2)实现WS-Security规范--用户名令牌的完整Demo吗
wang1986614 2011-09-13
  • 打赏
  • 举报
回复
问题解决了,最新版的不用取密码,设置密码就行了,大家可以看看

http://cxf.apache.org/docs/24-migration-guide.html中的Runtime Changes

实例说明

http://cxf.apache.org/docs/sample-projects.html
wang1986614 2011-08-31
  • 打赏
  • 举报
回复
[Quote=引用 3 楼 softroad 的回复:]
不懂,帮顶,为什么是callbacks[0];不是callbacks[1];
[/Quote]

原本是循环的,现在callbacks里只有一个对象,就直接取了
softroad 2011-08-31
  • 打赏
  • 举报
回复
不懂,帮顶,为什么是callbacks[0];不是callbacks[1];
wang1986614 2011-08-31
  • 打赏
  • 举报
回复
服务端中
WSDemoAuthHandler.java

WSPasswordCallback passwordCallback = (WSPasswordCallback) callbacks[0];
String password = passwordCallback.getPassword();
password是null,所以这里报错,不能通过验证。
wang1986614 2011-08-31
  • 打赏
  • 举报
回复
上面的是服务端;下面客户端:
1.HelloWorldClient.java

package demo.client;

import org.springframework.context.support.ClassPathXmlApplicationContext;

import demo.HelloWorld;

public class HelloWorldClient {

/**
* @param args
*/
public static void main(String[] args) {
ClassPathXmlApplicationContext context=new ClassPathXmlApplicationContext(new String[]{"demo/client/client-bean.xml"});
HelloWorld client=(HelloWorld) context.getBean("helloClient");
System.out.println(client.sayHi("官网都报错"));
}
}


2.WSClientAuthHandler.java

package demo.client;

import java.io.IOException;
import static java.lang.System.out;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.ws.security.WSPasswordCallback;

public class WSClientAuthHandler implements CallbackHandler {

public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
WSPasswordCallback wsPasswordCallback = (WSPasswordCallback) callbacks[0];
int usage = wsPasswordCallback.getUsage();
out.print("identifier:" + wsPasswordCallback.getIdentifier());
out.print("usage:" + usage);
wsPasswordCallback.setPassword("admin");
}
}

3.客户端spring配置client-bean.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">
<!--
<jaxws:client id="helloClient" serviceClass="demo.spring.HelloWorld"
address="http://localhost:8080/SampleWS/HelloWorld"></jaxws:client>
-->
<bean id="helloClient" class="demo.HelloWorld" factory-bean="helloClientFactory"
factory-method="create"></bean>
<bean id="helloClientFactory" class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean">
<property name="serviceClass" value="demo.HelloWorld"></property>
<property name="address"
value="http://localhost:8080/SampleWS/services/HelloWorld"></property>
<property name="outInterceptors">
<list>
<!-- 日志 -->
<bean class="org.apache.cxf.interceptor.LoggingOutInterceptor" />
<bean id="wss4jOutConfig" class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<property name="properties">
<map>
<entry key="action" value="UsernameToken"></entry>
<!-- 用于初始化用户名,这是一个必选项,否则会报错 -->
<entry key="user" value="client"></entry>
<entry key="passwordType" value="PasswordText"></entry>
<entry>
<key>
<value>passwordCallbackRef</value>
</key>
<ref bean="passwordCallback" />
</entry>
</map>
</property>
</bean>
</list>
</property>
</bean>
<bean id="passwordCallback" class="demo.client.WSClientAuthHandler"></bean>
</beans>

以上就是全部代码,请各位帮忙看看,lib包里面我用的是apache cxf网站上的2.4.2版本中提供的包,我全部拷进来的。

67,512

社区成员

发帖
与我相关
我的任务
社区描述
J2EE只是Java企业应用。我们需要一个跨J2SE/WEB/EJB的微容器,保护我们的业务核心组件(中间件),以延续它的生命力,而不是依赖J2SE/J2EE版本。
社区管理员
  • Java EE
加入社区
  • 近7日
  • 近30日
  • 至今
社区公告
暂无公告

试试用AI创作助手写篇文章吧