在WebService開發(fā)筆記 1中我們創(chuàng)建了一個WebService簡單實例,下面我們通過一個簡單的用戶口令驗證機(jī)制來加強(qiáng)一下WebService的安全性:
1.修改WebService 服務(wù)端 spring 配置文件 ws-context.xml
- <beans xmlns="http://www./schema/beans"
- xmlns:xsi="http://www./2001/XMLSchema-instance"
- xmlns:jaxws="http://cxf./jaxws"
- xsi:schemaLocation="http://cxf./jaxws http://cxf./schemas/jaxws.xsd http://www./schema/beans http://www./schema/beans/spring-beans.xsd"
- default-autowire="byName" default-lazy-init="true">
-
- <jaxws:endpoint id="webServiceSample"
- address="/WebServiceSample" implementor="cn.org.coral.biz.examples.webservice.WebServiceSampleImpl">
-
- <jaxws:inInterceptors>
- <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
- <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
- <constructor-arg>
- <map>
- <entry key="action" value="UsernameToken" />
- <entry key="passwordType" value="PasswordText" />
- <entry key="passwordCallbackClass" value="cn.org.coral.biz.examples.webservice.handler.WsAuthHandler" />
- </map>
- </constructor-arg>
- </bean>
- </jaxws:inInterceptors>
-
- </jaxws:endpoint>
-
- </beans>
2.服務(wù)端添加passwordCallbackClass回調(diào)類,該類進(jìn)行用戶口令驗證:
- package cn.org.coral.biz.examples.webservice.handler;
-
- import java.io.IOException;
-
- import javax.security.auth.callback.Callback;
- import javax.security.auth.callback.CallbackHandler;
- import javax.security.auth.callback.UnsupportedCallbackException;
-
- import org.apache.ws.security.WSPasswordCallback;
-
- public class WsAuthHandler implements CallbackHandler{
-
- public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
- WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
- if (pc.getIdentifer().equals("ws-client")){
- if (!pc.getPassword().equals("admin")) {
- throw new SecurityException("wrong password");
- }
- }else{
- throw new SecurityException("wrong username");
- }
- }
-
- }
3.客戶端修改spring 配置文件 wsclient-context.xml 如下:
- <?xml version="1.0" encoding="UTF-8"?>
- <beans xmlns="http://www./schema/beans"
- xmlns:xsi="http://www./2001/XMLSchema-instance"
- xmlns:jaxws="http://cxf./jaxws"
- xsi:schemaLocation="http://cxf./jaxws http://cxf./schemas/jaxws.xsd http://www./schema/beans http://www./schema/beans/spring-beans.xsd"
- default-autowire="byName" default-lazy-init="true">
-
-
-
- <bean id="webServiceSampleClient" class="cn.org.coral.biz.examples.webservice.WebServiceSample"
- factory-bean="webServiceSampleClientFactory" factory-method="create" />
-
-
- <bean id="webServiceSampleClientFactory"
- class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean">
- <property name="serviceClass"
- value="cn.org.coral.biz.examples.webservice.WebServiceSample" />
- <property name="address"
- value="http://88.148.29.54:8080/aio/services/WebServiceSample" />
- <property name="outInterceptors">
- <list>
- <bean
- class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />
- <ref bean="wss4jOutConfiguration" />
- </list>
- </property>
- </bean>
-
- <bean id="wss4jOutConfiguration"
- class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
- <property name="properties">
- <map>
- <entry key="action" value="UsernameToken" />
- <entry key="user" value="ws-client" />
- <entry key="passwordType" value="PasswordText" />
- <entry>
- <key>
- <value>passwordCallbackRef</value>
- </key>
- <ref bean="passwordCallback" />
- </entry>
- </map>
- </property>
- </bean>
- <bean id="passwordCallback"
- class="cn.org.coral.biz.examples.webservice.handler.WsClinetAuthHandler">
- </bean>
-
- </beans>
4.客戶端添加passwordCallback類,通過該類設(shè)置訪問口令
- package cn.org.coral.biz.examples.webservice.handler;
-
- import java.io.IOException;
-
- import javax.security.auth.callback.Callback;
- import javax.security.auth.callback.CallbackHandler;
- import javax.security.auth.callback.UnsupportedCallbackException;
-
- import org.apache.ws.security.WSPasswordCallback;
-
- public class WsClinetAuthHandler implements CallbackHandler{
-
-
- public void handle(Callback[] callbacks) throws IOException,
- UnsupportedCallbackException {
- for (int i = 0; i < callbacks.length; i++) {
- WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
- int usage = pc.getUsage();
-
-
- System.out.println("identifier: " + pc.getIdentifer());
- System.out.println("usage: " + pc.getUsage());
- if (usage == WSPasswordCallback.USERNAME_TOKEN) {
-
- pc.setPassword("admin");
-
- } else if (usage == WSPasswordCallback.SIGNATURE) {
-
- pc.setPassword("keyPassword");
- }
- }
- }
-
- }
5.junit單元測試程序:
- package cn.org.coral.biz.examples.webservice;
-
- import org.springframework.test.AbstractDependencyInjectionSpringContextTests;
- import org.springframework.util.Assert;
-
- public class TestWebService extends AbstractDependencyInjectionSpringContextTests {
- WebServiceSample webServiceSampleClient;
-
- @Override
- protected String[] getConfigLocations() {
- setAutowireMode(AUTOWIRE_BY_NAME);
- return new String[] { "classpath:/cn/org/coral/biz/examples/webservice/wsclient-context.xml" };
- }
-
-
-
-
- public void setWebServiceSampleClient(WebServiceSample webServiceSampleClient) {
- this.webServiceSampleClient = webServiceSampleClient;
- }
-
- public void testSay(){
- String result = webServiceSampleClient.say(" world");
- Assert.hasText(result);
- }
- }
|
