Dmi*_*try 6 java spring web-services cxf
我已经开始用Spring学习Apache CXF了.首先,我创建了一个简单的客户端/服务器模型:请参阅此处
现在我正在尝试使用简单的证书身份验证.所以我改变了配置文件(对于服务器和客户端): cxf-servlet.xml:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jaxws="http://cxf.apache.org/jaxws"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">
<jaxws:endpoint
id="helloWorld"
implementor="service.HelloWorldImpl"
address="/HelloWorld">
<jaxws:features>
<bean class="org.apache.cxf.feature.LoggingFeature"/>
</jaxws:features>
<jaxws:inInterceptors>
<bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"/>
<ref bean="WSS4JInInterceptor"/>
</jaxws:inInterceptors>
</jaxws:endpoint>
<bean id="WSS4JInInterceptor" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
<map>
<entry key="action" value="Signature"/>
<entry key="passwordCallbackRef">
<ref bean="passwordCallback"/>
</entry>
<entry key="signaturePropFile" value="server_sign.properties"/>
</map>
</constructor-arg>
</bean>
<bean id="passwordCallback" class="service.PasswordCallbackHandler" />
server_sign.properties:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=keyStorePassword
org.apache.ws.security.crypto.merlin.file=publicstore.jks
cxf-client-servlet.xml:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jaxws="http://cxf.apache.org/jaxws"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://cxf.apache.org/jaxws
http://cxf.apache.org/schema/jaxws.xsd">
<bean id="client" class="service.HelloWorld" factory-bean="clientFactory" factory-method="create"/>
<bean id="clientFactory" class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean">
<property name="serviceClass" value="service.HelloWorld"/>
<property name="address" value="http://localhost:8080/services/HelloWorld"/>
<property name="outInterceptors">
<list>
<bean class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor"/>
<ref bean="WSS4JOutInterceptor"/>
</list>
</property>
</bean>
<bean id="WSS4JOutInterceptor" class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<property name="properties">
<map>
<entry key="action" value="Signature"/>
<entry key="user" value="ws-client" />
<entry key="passwordCallbackRef">
<ref bean="passwordCallback"/>
</entry>
<entry key="signaturePropFile" value="client_sign.properties"/>
</map>
</property>
</bean>
<bean id="passwordCallback" class="client.PasswordCallbackHandler" />
客户工作得很好.它使用它的PasswordCallbackHandler.问题是服务器似乎没有使用它的PasswordCallbackHandler.我在调试模式下运行服务器,但它没有进入这个类.请问任何人解释一下,我做错了什么?
提前致谢.
进展:
如果您尝试提供来自用户的请求,哪个证书不在服务器的密钥库中,则会引发错误("未找到用于签名的用户ws-client1的证书")
来自资源:"正如您在上面的jbossws-cxf.xml文件中看到的,还配置了密钥库密码回调处理程序;虽然属性文件具有密钥库的密码,但此回调处理程序用于为每个密钥设置密码(它必须匹配在商店中导入每个密钥时使用的那个)."
| 归档时间: |
|
| 查看次数: |
8377 次 |
| 最近记录: |