CXF密码验证_服务端和客户端配置
CXF密码认证是在我前面的一篇文章WebService CXF+struts+spring 示例?的基础上写的.如果你感觉看不懂这篇.那就先看看前面的那篇文章吧!
1:spring服务端的配置
<bean id="Customer" implementor="#Customer" address="/web" > <jaxws:inInterceptors> <bean /> <bean /> <bean value="UsernameToken" /> <entry key="passwordType" value="PasswordText" /> <entry key="user" value="cxfServer" /> <entry key="passwordCallbackRef"> <ref bean="serverPasswordCallback" /> </entry> </map> </constructor-arg> </bean> </jaxws:inInterceptors> </jaxws:endpoint><bean id="serverPasswordCallback" />
?
action:UsernameToken是使用用户令牌
passwordType:PasswordText是指密码加密策略.这里是直接密码文本.
user:cxfServer是指别名
passwordCallbackRef:serverPasswordCallback是这密码验证..类..就是下面配置的..
2: 类:serverPasswordCallback
?
import javax.security.auth.callback.Callback;import javax.security.auth.callback.CallbackHandler;import javax.security.auth.callback.UnsupportedCallbackException; import org.apache.ws.security.WSPasswordCallback;public class ServerPasswordCallback implements CallbackHandler {public void handle(Callback[] callbacks) throws IOException,UnsupportedCallbackException {WSPasswordCallback pc=(WSPasswordCallback) callbacks[0];String pw=pc.getPassword();String idf=pc.getIdentifier();System.out.println("密码是:"+pw);System.out.println("类型是:"+idf);if(pw.equals("wdwsb")&&idf.equals("admin")){System.out.println("成功");}else{throw new SecurityException("验证失败");}}?这个不用多说..就是密码验证..很简单!!
3:spring客户端的配置:
?
<bean id="webTest" factory-bean="client" factory-method="create"/> <bean id="client" > <property name="address" value="http://127.0.0.1:88/Hello/web/web"></property> <property name="serviceClass" value="org.web.HelloService"></property> <property name="outInterceptors"> <list><bean /> <bean /> <bean value="UsernameToken" /> <entry key="passwordType" value="PasswordText" /> <entry key="user" value="cxfClient" /> <entry key="passwordCallbackRef"> <ref bean="clientPasswordCallback" /> </entry> </map> </constructor-arg> </bean> </list></property> </bean> <bean id="clientPasswordCallback" name="code">import javax.security.auth.callback.Callback;import javax.security.auth.callback.CallbackHandler;import javax.security.auth.callback.UnsupportedCallbackException;import org.apache.ws.security.WSPasswordCallback;public class clientPasswordCallback implements CallbackHandler {public void handle(Callback[] callbacks) throws IOException,UnsupportedCallbackException {for(int i=0;i<callbacks.length;i++){WSPasswordCallback ps=(WSPasswordCallback) callbacks[i];ps.setPassword("wdwsb");ps.setIdentifier("admin");}}??到此为止..密码认证用户令牌就完成了...
测试!
?
通过!
?
当然我前面写的一篇文章是最基本的.缺少了一些jar包.会报错的.
所以要加上以下jar包..
?
?
?
?
ps.setPassword("wdwsb"); ps.setIdentifier("admin");if (passwordsAreEncoded)passDigest = UsernameToken.doPasswordDigest(nonce, createdTime, Base64.decode(origPassword));else { passDigest = UsernameToken.doPasswordDigest(nonce, createdTime, origPassword);}if (!(passDigest.equals(password))) {throw new WSSecurityException(5);}
WSPasswordCallback pwCb = new WSPasswordCallback(user, null, pwType, 2, data); try { data.getCallbackHandler().handle(new Callback[] { pwCb }); }if (passwordsAreEncoded)passDigest = UsernameToken.doPasswordDigest(nonce, createdTime, Base64.decode(origPassword));else { passDigest = UsernameToken.doPasswordDigest(nonce, createdTime, origPassword);}if (!(passDigest.equals(password))) {throw new WSSecurityException(5);}