webservice实例axis2框架下基于rampart安全认证的

vicup
1 ℃
2020-01-10

整理文档很辛苦，赏杯茶钱您下走！

还剩 ... 页未读，继续阅读 >>

免费阅读已结束，点击下载阅读编辑剩下 ... 页

阅读已结束，您可以下载文档离线阅读编辑

资源描述

一、websevices服务端axis2框架下基于rampart安全认证实例：1、下载axis2.war包；rampart-bin的压缩包（此处注意axis2的版本与jdk、tomcat版本的兼容性问题）2、解压axis2压缩包3、搭建web项目datatransmission；将lib下的jar包导入到项目中；复制axis2-web目录到项目根目录；将WEB-INF下的conf、modules、services目录复制到项目根目录的WEB-INF下；再在刚刚考入的services目录下新建任意文件夹(例webs)；再在刚刚新建的文件夹webs下新建META-INF文件目录；再在META-INF文件目录下新建services.xml文件；4、services.xml文件内容如下?xmlversion=1.0encoding=UTF-8?serviceGroupservicename=BusinessServicedescriptiontestrampartservice/descriptionoperationname=getCurDatamessageReceiverclass=org.apache.axis2.rpc.receivers.RPCMessageReceiver//operationoperationname=rampartMethodmessageReceiverclass=org.apache.axis2.rpc.receivers.RPCMessageReceiver//operationparametername=ServiceClasslocked=falsecom.service.BusinessService/parametermoduleref=rampart/parametername=InflowSecurityactionitemsUsernameToken/itemspasswordCallbackClasscom.rampart.WsServiceAuthHandler/passwordCallbackClass/action/parameter/service/serviceGroup注：这里service暴露两个方法rampartMethod及getCurData供客户的访问调用；如果服务端的某些方法不想被访问可设为私有或放在其他的包下面；（同时axis2暂不支持list等集合方法【这里有些模糊，大家可以尝试下】）5、解压rampart-1.4.zip将lib目录下的jar包导入到项目中；将modules下的文件考入到项目根目录下modules文件目录中。文件目录结构如下：6、在项目的web.xml文件中添加servletdisplay-nameApache-AxisServlet/display-nameservlet-nameAxisServlet/servlet-nameservlet-classorg.apache.axis2.transport.http.AxisServlet/servlet-classload-on-startup1/load-on-startup/servletservlet-mappingservlet-nameAxisServlet/servlet-nameurl-pattern/servlet/AxisServlet/url-pattern/servlet-mappingservlet-mappingservlet-nameAxisServlet/servlet-nameurl-pattern*.jws/url-pattern/servlet-mappingservlet-mappingservlet-nameAxisServlet/servlet-nameurl-pattern/services/*/url-pattern/servlet-mapping7、项目整体目录结构8、新建类8.1WsServiceAuthHandler.java内容如下：packagecom.rampart;importjava.io.IOException;importjavax.security.auth.callback.Callback;importjavax.security.auth.callback.CallbackHandler;importjavax.security.auth.callback.UnsupportedCallbackException;importorg.apache.log4j.Logger;importorg.apache.ws.security.WSPasswordCallback;/****@authorleno**/publicclassWsServiceAuthHandlerimplementsCallbackHandler{privatefinalstaticStringUSERNAME=csxt;privatefinalstaticStringPASSWORD=123456;privateLoggerlog=Logger.getLogger(WsServiceAuthHandler.class);/***〈一句话功能简述〉〈功能详细描述〉**@seejavax.security.auth.callback.CallbackHandler#handle(javax.security.auth.callback.Callback[])*@paramcallbacks*@throwsIOException*@throwsUnsupportedCallbackException*/@Overridepublicvoidhandle(Callback[]callbacks)throwsIOException,UnsupportedCallbackException{WSPasswordCallbackpCallback=(WSPasswordCallback)callbacks[0];//标识符Stringid=pCallback.getIdentifer();//此处获取到的password为null，但是并不代表服务端没有拿到该属性。//这是因为客户端提交过来的密码在SOAP消息中已经被加密为MD5//的字符串，如果我们要在回调方法中作比较，那么第一步要做的就是把服务端准备好的密码加密为MD5字符串，由于MD5//算法参数不同结果也会有差别，//Stringpassword=pCallback.getPassword();log.info(接收到WebService请求，userName[+id+]);if(null==USERNAME){log.info(验证用户失败，原因：您没有权限访问,用户名为空！);thrownewUnsupportedCallbackException(pCallback,您没有权限访问,用户名为空！);}elseif(!USERNAME.equals(id)){log.info(验证用户失败，原因：您没有权限访问,用户名错误！);thrownewUnsupportedCallbackException(pCallback,您没有权限访问,用户名错误！);}else{/***1.查询数据库，得到数据库中该用户名对应密码*2.设置密码，wss4j会自动将你设置的密码与客户端传递的密码进行匹配*3.如果相同，则放行，否则返回权限不足信息*/pCallback.setPassword(PASSWORD);}pCallback.setIdentifier(service);}}8.2新建类BusinessService.java内容如下：packagecom.service;/***@seews获取数据**@authorleno**@date2014/11/10*/publicclassBusinessService{publicStringgetCurData(){returnhelloworld!;}publicStringrampartMethod(Stringparam){returnhelloworld!+param;}}8.3项目结构：9、服务端基本搭建完毕。客户端：1、新建一个javaproject整体目录如下2、将axis2lib下的jar包与rampartlib下的jar包导入项目；在项目下建资源包repository.modules将axis2modules下的文件与rampartmodules下的文件考入；在项目下建资源包repository将axis2-1.6.1-war\axis2\WEB-INF\conf下的文件axis2.xml考入；打开axis2.xml文件，找到moduleref=addressing/并在其下面添加内容：moduleref=rampart/parametername=OutflowSecurityactionitemsUsernameToken/itemsusercsxt/userpasswordCallbackClasscom.rampart.client.ClientAuthHandler/passwordCallbackClass/action/parameter3、新建类3.1、ClientAuthHandler.java内容如下：packagecom.rampart.client;importjava.io.IOException;importjavax.security.auth.callback.Callback;importjavax.security.auth.callback.CallbackHandler;importjavax.security.auth.callback.UnsupportedCallbackException;importorg.apache.ws.security.WSPasswordCallback;/****@authorleno**/publicclassClientAuthHandlerimplementsCallbackHandler{privatefinalstaticStringUSERNAME=csxt;privatefinalstaticStringPASSWORD=123456;/***〈一句话功能简述〉〈功能详细描述〉**@seejavax.security.auth.callback.CallbackHandler#handle(javax.security.auth.callback.Callback[])*@paramcallbacks*@throwsIOException*@throwsUnsupportedCallbackException*/@Overridepublicvoidhandle(Callback[]callbacks)throwsIOException,UnsupportedCallbackException{//客户端wss4j内容发送到服务端.WSPasswordCallbackpCallback=(WSPasswordCallback)callbacks[0];Stringid=pCallback.getIdentifer();//客户端===getIdentifer===+idif(USERNAME.equals(id)){pCallback.setPassword(PASSWORD);}}}3.2、DocumentClient.java内容如下：packagecom.client