注册
登录
区块链扩展技术
从.wsdl为java生成Web服务客户端安全策略
返回
从.wsdl为java生成Web服务客户端安全策略
作者:
满目山河
发布时间:
2024-12-07 11:49:47 (26天前)
转自:
<div class =“excerpt”> 钥匙( <span class =“result-highlight”> 非对称 </跨度> 用于签名的privateKey和用于签名的对称privateKey <span class =“result-highlight”> 加密 </跨度> )。策略是:username:oracle / wss10_username_token_with_message_protection_service_policy。 我能够研究如何从.wsdl文件实现Web服务客户端策略。 Web服务的策略涉及签名和 <span class =“result-highlight”> 加密 </跨度> 使用带有必要的.jks文件的.jks文件 </DIV>
收藏
举报
3 条回复
0#
回复此人
易米烊光
|
2019-08-31 10-32
<div class =“post-text”itemprop =“text”> <P> 如果您在wsdl中使用WS-SecurityPolicy(1.1或更高版本)中的策略,则无需生成策略,也无需在客户端使用Apache CXF生成策略。借助WS-SecurityPolicy,CXF的安全运行时是策略驱动的。 </p> <P> 1)您可以使用CXF的WSDL优先方法来生成客户端代码 <code> wsdl2java </code> 命令行工具或Maven <code> cxf-codegen-plugin </code> (wsdl2java目标)。这在CXF doc中有所描述 <a href="http://cxf.apache.org/docs/how-do-i-develop-a-client.html" rel="nofollow noreferrer"> <EM> 如何开发客户 </EM> </A> 。 </p> <P> 2)遵循CXF的文档 <a href="http://cxf.apache.org/docs/ws-securitypolicy.html" rel="nofollow noreferrer"> WS-SecurityPolicy用法 </A> ,您使用JAX-WS API(在客户端上)为您要使用的wsdl端口配置客户端安全性属性 <code> RequestContext </code> )或Spring XML配置。对于可能的属性列表,有通用的 <a href="http://cxf.apache.org/docs/security-configuration.html" rel="nofollow noreferrer"> XML安全性 </A> 一些和 <a href="http://cxf.apache.org/docs/ws-securitypolicy.html" rel="nofollow noreferrer"> WS-Security的特定 </A> 那些。使用Spring XML for UsernameToken策略的示例(来自 <a href="https://github.com/gmazza/blog-samples/blob/master/cxf_ut_messagelayer/client/src/main/resources/cxf.xml" rel="nofollow noreferrer"> Glen Mazza的博客样本 </A> ): </p> <pre class="lang-xml prettyprint-override"> <code> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd"> <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItPort" createdFromAPI="true"> <!-- Use this for the UsernameToken Symmetric Binding w/X.509 for secret key derivation --> <jaxws:properties> <entry key="ws-security.username" value="alice"/> <entry key="ws-security.callback-handler" value="client.ClientPasswordCallback"/> <entry key="ws-security.encryption.properties" value="clientKeystore.properties"/> <entry key="ws-security.encryption.username" value="myservicekey"/> </jaxws:properties> <!-- Use this for the UsernameToken Symmetric Binding w/UT password for secret key derivation --> <!--jaxws:properties> <entry key="ws-security.username" value="alice"/> <entry key="ws-security.callback-handler" value="client.ClientPasswordCallback"/> </jaxws:properties--> </jaxws:client> </beans> </code> </pre> <P> 把它放进去 <code> /cxf.xml </code> 在班级路径上。警告:示例使用的是 <code> CallbackHandler </code> 子类( <a href="https://github.com/gmazza/blog-samples/blob/master/cxf_ut_messagelayer/client/src/main/java/client/ClientPasswordCallback.java" rel="nofollow noreferrer"> client.ClientPasswordCallback </A> 在这个例子中)提供密码。所以你需要提供自己的实现。 </p> <P> 3)回到CXF doc <a href="http://cxf.apache.org/docs/developing-a-consumer.html#DevelopingaConsumer-Clientmainfunction" rel="nofollow noreferrer"> <EM> 如何开发客户 </EM> </A> - 最后一部分 - 在应用程序代码中,使用带有参数的JAX-WS API初始化客户端:a)WSDL(URL)的位置 <EM> 拥有WS-SecurityPolicy策略 </EM> (据我所知,你已经有了这个); b)客户端使用的服务和端口的QNames,如WSDL中所定义: </p> <pre class="lang-java prettyprint-override"> <code> final Service service = Service.create(wsdlLocation, SERVICE_QNAME); final DoubleItPortType transportPort = service.getPort(PORT_QNAME, DoubleItPortType.class); </code> </pre> <P> 4)确保你有 <code> cxf-rt-ws-policy </code> 和 <code> cxf-rt-ws-security </code> 运行时类路径上的模块,以启用WS-SecurityPolicy支持。 </p> </DIV>
编辑
1#
回复此人
无语
|
2019-08-31 10-32
<div class =“post-text”itemprop =“text”> <P> 用户名:oracle / wss10_username_token_with_message_protection_service_policy通过spring ws解决: </p> <pre> <code> <!-- == Ougoing interceptor == --> <bean id="loginOutgoingWss4jSecurityInterceptor" class="org.springframework.ws.soap.security.wss4j2.Wss4jSecurityInterceptor"> <property name="securementActions" value="Timestamp Signature Encrypt" /> <!-- == Set Outgoing Signature properties == --> <property name="securementUsername" value="alias"/> <property name="securementPassword" value="aliasPass"/> <property name="securementSignatureKeyIdentifier" value="DirectReference"/> <property name="securementSignatureCrypto" ref="cryptoFactoryBean" /> <property name="securementSignatureParts" value="{Element}{}Body;{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;" /> <!-- == Set Outgoing Encryption properties == --> <property name="securementEncryptionUser" value="alias"/> <property name="securementEncryptionCrypto" ref="cryptoFactoryBean" /> <property name="securementEncryptionKeyIdentifier" value="DirectReference"/> <property name="securementEncryptionParts" value="{Content}{}Body;" /> </bean> <!-- == Incoming interceptor == --> <bean id="loginIncomingWss4jSecurityInterceptor" class="org.springframework.ws.soap.security.wss4j2.Wss4jSecurityInterceptor"> <property name="validationActions" value="Timestamp Signature Encrypt" /> <!-- == Set Validations Response, This validate signature and decrypts response == --> <property name="validateResponse" value="true" /> <!-- The lower operation validation. Less time consume--> <property name="validateRequest" value="false" /> <property name="enableSignatureConfirmation" value="false"/> <!-- == Set Incoming Signature/Decryption keystore == --> <property name="validationDecryptionCrypto" ref="cryptoFactoryBean" /> <property name="validationSignatureCrypto" ref="cryptoFactoryBean" /> <!-- Sets the {@link org.apache.ws.security.WSPasswordCallback} handler to use when validating messages --> <property name="validationCallbackHandler"> <bean class="org.springframework.ws.soap.security.wss4j2.callback.KeyStoreCallbackHandler"> <property name="privateKeyPassword" value="aliasPass"/> </bean> </property> </bean> </code> </pre> </DIV>
编辑
登录
后才能参与评论
