我正在使用Java和Axis2进行练习来实现一些WS-*框架。 我唯一有"教程"的部分是实现带有时间戳、加密和签名的 WS-Security 框架。
我有一个服务器端的服务文件夹,其中包含我的安全密钥,带有调用方法的java类(简单总和)和用于用户/密码身份验证的PWCallback类。 里面有一个包含服务.xml文件的 META-INF 文件夹。
客户端文件夹包含 java 客户端、PWCallback 类和一个 axis2.xml 文件。
axis2.xml 和服务.xml已经存在,我只是注释掉了该部分以启用时间戳等。
现在我的问题是我不知道如何集成ws-policy和ws-secureconnection。
在线阅读时,我看到了编写xml文件的不同方式,但我不知道从哪里开始。
我现在将发布一些代码:
轴2.xml
<axisconfig name="AxisJava2.0">
<!-- Engage the security module -->
<module ref="rampart"/>
<parameter name="OutflowSecurity">
<action>
<items>Timestamp Signature Encrypt</items>
<user>John</user>
<passwordCallbackClass>client.PWCallback</passwordCallbackClass>
<signaturePropFile>axis-repo\conf\security.properties</signaturePropFile>
<signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
<encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
<encryptionUser>John</encryptionUser>
<signatureParts>Body</signatureParts>
<optimizeParts>//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue</optimizeParts>
</action>
</parameter>
<parameter name="InflowSecurity">
<action>
<items>Timestamp Signature Encrypt</items>
<user>John</user>
<passwordCallbackClass>client.PWCallback</passwordCallbackClass>
<signaturePropFile>axis-repo\conf\security.properties</signaturePropFile>
<signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
<encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
<encryptionUser>John</encryptionUser>
<signatureParts>Body</signatureParts>
<optimizeParts>//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue</optimizeParts>
</action>
</parameter>
<!-- ================================================= -->
<!-- Parameters -->
<!-- ================================================= -->
<parameter name="hotdeployment"
locked="false">true</parameter>
<parameter name="hotupdate" locked="false">false</parameter>
<parameter name="enableMTOM" locked="false">true</parameter>
<!-- Uncomment this to enable REST support -->
<!-- <parameter name="enableREST"
locked="false">true</parameter>-->
<parameter name="userName" locked="false">admin</parameter>
<parameter name="password" locked="false">axis2</parameter>
<!-- ================================================= -->
<!-- Message Receivers -->
<!-- ================================================= -->
<!--This is the Deafult Message Receiver for the system ,
if you want to have MessageReceivers for -->
<!--all the other MEP implement it and add the correct entry
to here, so that you can refer from-->
<!--any operation -->
<!--Note : You can ovride this for particular service by
adding the same element with your requirement-->
<messageReceivers>
<messageReceiver mep="http://www.w3.org/ns/wsdl/in-only"
class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
<messageReceiver mep="http://www.w3.org/ns/wsdl/in-out"
class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
</messageReceivers>
<!-- ================================================= -->
<!-- Transport Ins -->
<!-- ================================================= -->
<transportReceiver name="http"
class="org.apache.axis2.transport.http.SimpleHTTPServer">
<parameter name="port" locked="false">6060</parameter>
<!--If you want to give your own host address for EPR
generation-->
<!--uncommet following paramter , and set as you required.-->
<!--<parameter name="hostname"
locked="false">http://myApp.com/ws</parameter>-->
</transportReceiver>
<transportReceiver name="tcp"
class="org.apache.axis2.transport.tcp.TCPServer">
<parameter name="port" locked="false">6061</parameter>
<!--If you want to give your own host address for EPR
generation-->
<!--uncommet following paramter , and set as you required.-->
<!--<parameter name="hostname"
locked="false">tcp://myApp.com/ws</parameter>-->
</transportReceiver>
<!-- ================================================= -->
<!-- Transport Outs -->
<!-- ================================================= -->
<transportSender name="tcp"
class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
<transportSender name="local"
class="org.apache.axis2.transport.local.LocalTransportSender"/>
<!--<transportSender name="jms"
class="org.apache.axis2.transport.jms.JMSSender"/>-->
<transportSender name="http"
class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
<parameter name="PROTOCOL"
locked="false">HTTP/1.1</parameter>
<parameter name="Transfer-Encoding"
locked="false">chunked</parameter>
</transportSender>
<transportSender name="https"
class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
<parameter name="PROTOCOL"
locked="false">HTTP/1.1</parameter>
<parameter name="Transfer-Encoding"
locked="false">chunked</parameter>
</transportSender>
<!-- ================================================= -->
<!-- Phases -->
<!-- ================================================= -->
<phaseOrder type="InFlow">
<!-- Global phases -->
<phase name="Transport">
<handler name="RequestURIBasedDispatcher"
class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
<order phase="Transport"/>
</handler>
<handler name="SOAPActionBasedDispatcher"
class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
<order phase="Transport"/>
</handler>
</phase>
<phase name="Security"/>
<phase name="PreDispatch"/>
<phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
<handler name="AddressingBasedDispatcher"
class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
<order phase="Dispatch"/>
</handler>
<handler name="SOAPMessageBodyBasedDispatcher"
class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher">
<order phase="Dispatch"/>
</handler>
<handler name="InstanceDispatcher"
class="org.apache.axis2.engine.InstanceDispatcher">
<order phase="Dispatch"/>
</handler>
</phase>
<!-- Global phases -->
<!-- After the Dispatch phase module author or service author can add any phase he wants -->
<phase name="OperationInPhase"/>
</phaseOrder>
<phaseOrder type="OutFlow">
<!-- user can add his own phases to this area -->
<phase name="OperationOutPhase"/>
<!-- Global phases -->
<!-- these phases will run irrespective of the service -->
<phase name="MessageOut"/>
<phase name="PolicyDetermination"/>
<phase name="Security"/>
</phaseOrder>
<phaseOrder type="InFaultFlow">
<phase name="PreDispatch"/>
<phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
<handler name="RequestURIBasedDispatcher"
class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
<order phase="Dispatch"/>
</handler>
<handler name="SOAPActionBasedDispatcher"
class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
<order phase="Dispatch"/>
</handler>
<handler name="AddressingBasedDispatcher"
class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
<order phase="Dispatch"/>
</handler>
<handler name="SOAPMessageBodyBasedDispatcher"
class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher">
<order phase="Dispatch"/>
</handler>
<handler name="InstanceDispatcher"
class="org.apache.axis2.engine.InstanceDispatcher">
<order phase="Dispatch"/>
</handler>
<handler name="SecurityInHandler" class="org.apache.rampart.handler.WSDoAllReceiver">
<order phase="Security"/>
</handler>
</phase>
<phase name="Security">
<handler name="SecurityInHandler" class="org.apache.rampart.handler.WSDoAllReceiver">
<order phase="Security"/>
</handler>
</phase>
<!-- user can add his own phases to this area -->
<phase name="OperationInFaultPhase"/>
</phaseOrder>
<phaseOrder type="OutFaultFlow">
<!-- user can add his own phases to this area -->
<phase name="OperationOutFaultPhase"/>
<phase name="Security"/>
<phase name="PolicyDetermination"/>
<phase name="MessageOut"/>
</phaseOrder>
</axisconfig>
服务.xml
<service name="SecureService">
<description>
Secure Service
</description>
<parameter name="ServiceClass" locked="false">SecureService</parameter>
<parameter name="InflowSecurity">
<action>
<items>Timestamp Signature Encrypt</items>
<user>John</user>
<passwordCallbackClass>PWCallback</passwordCallbackClass>
<signaturePropFile>security.properties</signaturePropFile>
</action>
</parameter>
<parameter name="OutflowSecurity">
<action>
<items>Timestamp Signature Encrypt</items>
<user>John</user>
<passwordCallbackClass>PWCallback</passwordCallbackClass>
<signaturePropFile>security.properties</signaturePropFile>
</action>
</parameter>
<operation name="binary">
<messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
</operation>
</service>
谢谢
我不确定这是否是您需要的,但您可以通过编程方式加载 WS-Policy 以供 rampart 模块使用。只需从客户端存根中获取 ServiceClient 对象,然后执行以下操作:
serviceClient.getAxisService().getPolicySubject().attachPolicyComponent(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy(path_to_your_ws_policy));
要与您的客户端建立安全连接,您可以添加自定义协议处理程序,尽管我不确定是否有更好的方法可以做到这一点。
Protocol customProtocolHandler = new Protocol("https", factory, 443); // factory is ProtocolSocketFactory - you may try to use or extend SSLProtocolSocketFactory from axis2
serviceClient.getOptions().setProperty(HTTPConstants.CUSTOM_PROTOCOL_HANDLER, customProtocolHandler);
在服务器端,您可以将服务放在tomcat中并启用TLS,如下所述:http://shivendra-tripathi.blogspot.com/2010/11/enabling-ssl-for-axis2-service-and.html(客户端也有一些说明)。