CXFアプリケーション開発アプリケーションのセキュリティ
8953 ワード
package com.easyway.cxf.service;
import javax.jws.WebParam;
import javax.jws.WebService;
import java.util.List;
import com.easyway.cxf.model.User;
/**
*
* JaxWS
* @WebService
*
*
* @author longgangbai
*
*/
@WebService
public interface HelloService {
/**
* The @WebParam annotation is necessary as java interfaces do not store the Parameter name in the .class file. So if you leave out the annotation your parameter will be named arg0.
* @param name
* @return
*/
public String hello(@WebParam(name="text")String name);
/**
* Advanced usecase of passing an Interface in. JAX-WS/JAXB does not
* support interfaces directly. Special XmlAdapter classes need to
* be written to handle them
*/
public String sayHi(User user);
public String[] getAllUseNames(List<User> userList);
}
package com.easyway.cxf.service;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.jws.WebService;
import com.easyway.cxf.model.User;
/**
*
* JaxWS
*
* JAX-WS includes many more annotations as well such as:
*
* @WebMethod - allows you to customize the operation name, exclude the operation from inclusion in the service, etc
* @WebParam - allows you to customize a parameter's name, namespace, direction (IN or OUT), etc
* @WebResult - allows you to customize the return value of the web service call
*
* @author longgangbai
*
*/
@WebService(endpointInterface = "com.easyway.cxf.service.HelloService",
serviceName = "HelloService")
public class HelloServiceImpl implements HelloService {
Map<Integer, User> users = new LinkedHashMap<Integer, User>();
public String hello(String username) {
return "Hello " + username;
}
public String sayHi(User user) {
users.put(users.size() + 1, user);
return "Hello " + user.getUsername();
}
public String[] getAllUseNames(List<User> userList) {
String[] userListArr=new String[userList.size()];
for (int i=0;i<userList.size();i++) {
userListArr[i]=userList.get(i).getUsername();
}
return userListArr;
}
}
package com.easyway.cxf.security;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.ws.security.WSPasswordCallback;
/**
* WS
* @author longgangbai
*
*/
public class ServerPasswordHandler implements CallbackHandler{
private Map<String, String> passwords;
public ServerPasswordHandler(){
passwords=new HashMap<String, String>();
passwords.put("admin", "admin");
passwords.put("test", "test");
passwords.put("userName", "password");
}
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
//
String id = pc.getIdentifier();
System.out.println("id==="+id);
//
String password = pc.getPassword();
if(passwords.containsKey(id)){
if(!password.equals(passwords.get(id))){
throw new SecurityException("wrong password");
}
}else{
throw new SecurityException("wrong username");
}
}
}
package com.easyway.cxf.security;
import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.ws.security.WSPasswordCallback;
/**
*
* @author longgangbai
*
*/
public class ClientPasswordCallback implements CallbackHandler {
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
int usage = pc.getUsage();
System.out.println("identifier: " + pc.getIdentifier());
System.out.println("usage: " + pc.getUsage());
if (usage == WSPasswordCallback.USERNAME_TOKEN) {
System.out.println("admin =====");
pc.setPassword("admin");
pc.setIdentifier("admin");
}
}
}
package com.easyway.cxf.test.client.security;
import java.util.HashMap;
import java.util.Map;
import org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor;
import org.apache.cxf.jaxws.JaxWsProxyFactoryBean;
import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.handler.WSHandlerConstants;
import com.easyway.cxf.security.ClientPasswordCallback;
import com.easyway.cxf.service.HelloService;
import com.easyway.cxf.test.server.CFX;
/**
*
* @author longgangbai
*
*/
public class CXFClientSecurity {
public static void main(String[] args) {
JaxWsProxyFactoryBean factory=new JaxWsProxyFactoryBean();
Map<String, Object> outProps = new HashMap<String, Object>();
outProps.put(WSHandlerConstants.ACTION,WSHandlerConstants.USERNAME_TOKEN);
outProps.put(WSHandlerConstants.USER, "userName");
outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
ClientPasswordCallback.class.getName());
WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
factory.getOutInterceptors().add(wssOut);
factory.getOutInterceptors().add(new SAAJOutInterceptor());
factory.setServiceClass(HelloService.class);
//
factory.setAddress(CFX.SERVICE_ADDRESS);
HelloService helloService=(HelloService)factory.create();
String msg=helloService.hello("xiaobai");
System.out.println("msg="+msg);
}
}
package com.easyway.cxf.test.client.security;
import java.util.HashMap;
import java.util.Map;
import org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor;
import org.apache.cxf.jaxws.JaxWsProxyFactoryBean;
import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.handler.WSHandlerConstants;
import com.easyway.cxf.security.ClientPasswordCallback;
import com.easyway.cxf.service.HelloService;
import com.easyway.cxf.test.server.CFX;
/**
*
* @author longgangbai
*
*/
public class CXFClientSecurity {
public static void main(String[] args) {
JaxWsProxyFactoryBean factory=new JaxWsProxyFactoryBean();
Map<String, Object> outProps = new HashMap<String, Object>();
outProps.put(WSHandlerConstants.ACTION,WSHandlerConstants.USERNAME_TOKEN);
outProps.put(WSHandlerConstants.USER, "userName");
outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
ClientPasswordCallback.class.getName());
WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
factory.getOutInterceptors().add(wssOut);
factory.getOutInterceptors().add(new SAAJOutInterceptor());
factory.setServiceClass(HelloService.class);
//
factory.setAddress(CFX.SERVICE_ADDRESS);
HelloService helloService=(HelloService)factory.create();
String msg=helloService.hello("xiaobai");
System.out.println("msg="+msg);
}
}