xfire的webservice安全机制之签名 服务端配置修改点: applicationContext-webservice.xml文件: <property name="inHandlers"> <list> <ref bean="domInHandler" /> <ref bean="wss4jInHandlerSign"/> <ref bean="validateUserTokenHandler" /> </list> </property> <bean id="wss4jInHandlerSign" class="org.codehaus.xfire.security.wss4j.WSS4JInHandler"> <property name="properties"> <props> <prop key="action">Signature</prop> <prop key="signaturePropFile"> insecurity_sign.properties </prop> </props> </property> </bean> 新增配置文件insecurity_sign.properties: org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.merlin org.apache.ws.security.crypto.merlin.keystore.type=jks org.apache.ws.security.crypto.merlin.keystore.password=dv110.com org.apache.ws.security.crypto.merlin.file=tianyi_public.jks 客户端配置文件: 只需要修改XFireClientFactory.java文件: //签名 getSign(obj); public void getSign(Object service){ Client client = ((XFireProxy) Proxy.getInvocationHandler(service)).getClient(); //挂上WSS4JOutHandler,提供认证 client.addOutHandler(new DOMOutHandler()); Properties properties = new Properties(); properties.setProperty(WSHandlerConstants.ACTION,WSHandlerConstants.SIGNATURE); // User in keystore properties.setProperty(WSHandlerConstants.USER,"safedv"); // This callback is used to specify password for given user for keystore properties.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS,PasswordHandler.class.getName()); // Configuration for accessing private key in keystore properties.setProperty(WSHandlerConstants.SIG_PROP_FILE,"outsecurity_sign.properties"); properties.setProperty(WSHandlerConstants.SIG_KEY_ID,"IssuerSerial"); client.addOutHandler(new WSS4JOutHandler(properties)); } 客户端增加配置文件,outsecurity_sign.properties org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.merlin org.apache.ws.security.crypto.merlin.keystore.type=jks org.apache.ws.security.crypto.merlin.keystore.password=dv110.com org.apache.ws.security.crypto.merlin.file=tianyi_private.jks 附录,生成签名的各个KEY,其实就是和ENC反过来操作,私匙签名,公匙解 1、通过别名和密码创建私密钥到keystore: C:\>keytool -genkey -alias safedv -keypass safedv -keystore tianyi_private.jks -storepass dv110.com -dname "cn=dv110" -keyalg RSA 2、证书: C:\>keytool -selfcert -alias safedv -keystore tianyi_private.jks -storepass dv110.com -keypass safedv 3、导出公钥到key.rsa: C:\>keytool -export -alias safedv -file safedv.rsa -keystore tianyi_private.jks -storepass dv110.com 4、导入公钥到新的keystore中: C:\>keytool -import -alias safedv -file safedv.rsa -keystore tianyi_public.jks -storepass dv110.com
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 [email protected] 举报,一经查实,本站将立刻删除。
