您好,欢迎访问三七文档
当前位置:首页 > 商业/管理/HR > 公司方案 > webservice实例axis2框架下基于rampart安全认证的
一、websevices服务端axis2框架下基于rampart安全认证实例:1、下载axis2.war包;rampart-bin的压缩包(此处注意axis2的版本与jdk、tomcat版本的兼容性问题)2、解压axis2压缩包3、搭建web项目datatransmission;将lib下的jar包导入到项目中;复制axis2-web目录到项目根目录;将WEB-INF下的conf、modules、services目录复制到项目根目录的WEB-INF下;再在刚刚考入的services目录下新建任意文件夹(例webs);再在刚刚新建的文件夹webs下新建META-INF文件目录;再在META-INF文件目录下新建services.xml文件;4、services.xml文件内容如下?xmlversion=1.0encoding=UTF-8?serviceGroupservicename=BusinessServicedescriptiontestrampartservice/descriptionoperationname=getCurDatamessageReceiverclass=org.apache.axis2.rpc.receivers.RPCMessageReceiver//operationoperationname=rampartMethodmessageReceiverclass=org.apache.axis2.rpc.receivers.RPCMessageReceiver//operationparametername=ServiceClasslocked=falsecom.service.BusinessService/parametermoduleref=rampart/parametername=InflowSecurityactionitemsUsernameToken/itemspasswordCallbackClasscom.rampart.WsServiceAuthHandler/passwordCallbackClass/action/parameter/service/serviceGroup注:这里service暴露两个方法rampartMethod及getCurData供客户的访问调用;如果服务端的某些方法不想被访问可设为私有或放在其他的包下面;(同时axis2暂不支持list等集合方法【这里有些模糊,大家可以尝试下】)5、解压rampart-1.4.zip将lib目录下的jar包导入到项目中;将modules下的文件考入到项目根目录下modules文件目录中。文件目录结构如下:6、在项目的web.xml文件中添加servletdisplay-nameApache-AxisServlet/display-nameservlet-nameAxisServlet/servlet-nameservlet-classorg.apache.axis2.transport.http.AxisServlet/servlet-classload-on-startup1/load-on-startup/servletservlet-mappingservlet-nameAxisServlet/servlet-nameurl-pattern/servlet/AxisServlet/url-pattern/servlet-mappingservlet-mappingservlet-nameAxisServlet/servlet-nameurl-pattern*.jws/url-pattern/servlet-mappingservlet-mappingservlet-nameAxisServlet/servlet-nameurl-pattern/services/*/url-pattern/servlet-mapping7、项目整体目录结构8、新建类8.1WsServiceAuthHandler.java内容如下:packagecom.rampart;importjava.io.IOException;importjavax.security.auth.callback.Callback;importjavax.security.auth.callback.CallbackHandler;importjavax.security.auth.callback.UnsupportedCallbackException;importorg.apache.log4j.Logger;importorg.apache.ws.security.WSPasswordCallback;/****@authorleno**/publicclassWsServiceAuthHandlerimplementsCallbackHandler{privatefinalstaticStringUSERNAME=csxt;privatefinalstaticStringPASSWORD=123456;privateLoggerlog=Logger.getLogger(WsServiceAuthHandler.class);/***〈一句话功能简述〉〈功能详细描述〉**@seejavax.security.auth.callback.CallbackHandler#handle(javax.security.auth.callback.Callback[])*@paramcallbacks*@throwsIOException*@throwsUnsupportedCallbackException*/@Overridepublicvoidhandle(Callback[]callbacks)throwsIOException,UnsupportedCallbackException{WSPasswordCallbackpCallback=(WSPasswordCallback)callbacks[0];//标识符Stringid=pCallback.getIdentifer();//此处获取到的password为null,但是并不代表服务端没有拿到该属性。//这是因为客户端提交过来的密码在SOAP消息中已经被加密为MD5//的字符串,如果我们要在回调方法中作比较,那么第一步要做的就是把服务端准备好的密码加密为MD5字符串,由于MD5//算法参数不同结果也会有差别,//Stringpassword=pCallback.getPassword();log.info(接收到WebService请求,userName[+id+]);if(null==USERNAME){log.info(验证用户失败,原因:您没有权限访问,用户名为空!);thrownewUnsupportedCallbackException(pCallback,您没有权限访问,用户名为空!);}elseif(!USERNAME.equals(id)){log.info(验证用户失败,原因:您没有权限访问,用户名错误!);thrownewUnsupportedCallbackException(pCallback,您没有权限访问,用户名错误!);}else{/***1.查询数据库,得到数据库中该用户名对应密码*2.设置密码,wss4j会自动将你设置的密码与客户端传递的密码进行匹配*3.如果相同,则放行,否则返回权限不足信息*/pCallback.setPassword(PASSWORD);}pCallback.setIdentifier(service);}}8.2新建类BusinessService.java内容如下:packagecom.service;/***@seews获取数据**@authorleno**@date2014/11/10*/publicclassBusinessService{publicStringgetCurData(){returnhelloworld!;}publicStringrampartMethod(Stringparam){returnhelloworld!+param;}}8.3项目结构:9、服务端基本搭建完毕。客户端:1、新建一个javaproject整体目录如下2、将axis2lib下的jar包与rampartlib下的jar包导入项目;在项目下建资源包repository.modules将axis2modules下的文件与rampartmodules下的文件考入;在项目下建资源包repository将axis2-1.6.1-war\axis2\WEB-INF\conf下的文件axis2.xml考入;打开axis2.xml文件,找到moduleref=addressing/并在其下面添加内容:moduleref=rampart/parametername=OutflowSecurityactionitemsUsernameToken/itemsusercsxt/userpasswordCallbackClasscom.rampart.client.ClientAuthHandler/passwordCallbackClass/action/parameter3、新建类3.1、ClientAuthHandler.java内容如下:packagecom.rampart.client;importjava.io.IOException;importjavax.security.auth.callback.Callback;importjavax.security.auth.callback.CallbackHandler;importjavax.security.auth.callback.UnsupportedCallbackException;importorg.apache.ws.security.WSPasswordCallback;/****@authorleno**/publicclassClientAuthHandlerimplementsCallbackHandler{privatefinalstaticStringUSERNAME=csxt;privatefinalstaticStringPASSWORD=123456;/***〈一句话功能简述〉〈功能详细描述〉**@seejavax.security.auth.callback.CallbackHandler#handle(javax.security.auth.callback.Callback[])*@paramcallbacks*@throwsIOException*@throwsUnsupportedCallbackException*/@Overridepublicvoidhandle(Callback[]callbacks)throwsIOException,UnsupportedCallbackException{//客户端wss4j内容发送到服务端.WSPasswordCallbackpCallback=(WSPasswordCallback)callbacks[0];Stringid=pCallback.getIdentifer();//客户端===getIdentifer===+idif(USERNAME.equals(id)){pCallback.setPassword(PASSWORD);}}}3.2、DocumentClient.java内容如下:packagecom.client
本文标题:webservice实例axis2框架下基于rampart安全认证的
链接地址:https://www.777doc.com/doc-2855599 .html