xfire的webservice安全机制之签名

yixiaoqi00 2010-01-05

xfire的webservice安全机制之签名

服务端配置修改点:

applicationContext-webservice.xml文件:

<propertyname="inHandlers">

<list>

<refbean="domInHandler"/>

<refbean="wss4jInHandlerSign"/>

<refbean="validateUserTokenHandler"/>

</list>

</property>

<beanid="wss4jInHandlerSign"class="org.codehaus.xfire.security.wss4j.WSS4JInHandler">

<propertyname="properties">

<props>

<propkey="action">Signature</prop>

<propkey="signaturePropFile">

insecurity_sign.properties

</prop>

</props>

</property>

</bean>

新增配置文件insecurity_sign.properties:

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin

org.apache.ws.security.crypto.merlin.keystore.type=jks

org.apache.ws.security.crypto.merlin.keystore.password=dv110.com

org.apache.ws.security.crypto.merlin.file=tianyi_public.jks

客户端配置文件:

只需要修改XFireClientFactory.java文件:

//签名

getSign(obj);

publicvoidgetSign(Objectservice){

Clientclient=((XFireProxy)Proxy.getInvocationHandler(service)).getClient();

//挂上WSS4JOutHandler,提供认证

client.addOutHandler(newDOMOutHandler());

Propertiesproperties=newProperties();

properties.setProperty(WSHandlerConstants.ACTION,WSHandlerConstants.SIGNATURE);

//Userinkeystore

properties.setProperty(WSHandlerConstants.USER,"safedv");

//Thiscallbackisusedtospecifypasswordforgivenuserforkeystore

properties.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS,PasswordHandler.class.getName());

//Configurationforaccessingprivatekeyinkeystore

properties.setProperty(WSHandlerConstants.SIG_PROP_FILE,"outsecurity_sign.properties");

properties.setProperty(WSHandlerConstants.SIG_KEY_ID,"IssuerSerial");

client.addOutHandler(newWSS4JOutHandler(properties));

}

客户端增加配置文件,outsecurity_sign.properties

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin

org.apache.ws.security.crypto.merlin.keystore.type=jks

org.apache.ws.security.crypto.merlin.keystore.password=dv110.com

org.apache.ws.security.crypto.merlin.file=tianyi_private.jks

附录,生成签名的各个KEY,其实就是和ENC反过来操作,私匙签名,公匙解

1、通过别名和密码创建私密钥到keystore:

C:\>keytool-genkey-aliassafedv-keypasssafedv-keystoretianyi_private.jks-storepassdv110.com-dname"cn=dv110"-keyalgRSA

2、证书:

C:\>keytool-selfcert-aliassafedv-keystoretianyi_private.jks-storepassdv110.com-keypasssafedv

3、导出公钥到key.rsa:

C:\>keytool-export-aliassafedv-filesafedv.rsa-keystoretianyi_private.jks-storepassdv110.com

4、导入公钥到新的keystore中:

C:\>keytool-import-aliassafedv-filesafedv.rsa-keystoretianyi_public.jks-storepassdv110.com

相关推荐

lionelf / 0评论 2020-07-28