Apache CXF Combat Six Create a secure Web Service

Last Update:2018-07-26 Source: Internet

Author: User

Tags assert auth

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

This article link: http://blog.csdn.net/kongxx/article/details/7534035

Apache CXF One of the actual combat Hello World Web Service

Apache CXF Combat II Integrated sping and Web container

Apache CXF Three-combat Transfer Java objects

Apache CXF Real-combat four build restful Web Service

Apache CXF Combat Five compressed Web service data

In the process of using Web service, many cases require authentication of Web service requests, which may be simpler for applications running in web containers, and can usually be done with filter, but in fact CXF itself provides a web Service certification of the way. Let's take a look at how to implement

1. First is a simple Pojo

Package com.googlecode.garbagecan.cxfstudy.security;

public class User {
    private String ID;
    private String name;
    private String password;
    Public String GetId () {return
        ID;
    }
    public void SetId (String id) {
        this.id = ID;
    }
    Public String GetName () {return
        name;
    }
    public void SetName (String name) {
        this.name = name;
    }
    Public String GetPassword () {return
        password;
    }
    public void SetPassword (String password) {
        this.password = password;
    }
}

2. Web Service Interface

Package com.googlecode.garbagecan.cxfstudy.security;

Import java.util.List;

Import Javax.jws.WebMethod;
Import Javax.jws.WebResult;
Import Javax.jws.WebService;

@WebService Public
interface UserService {
    @WebMethod
    @WebResult list<user> List ();

}

3. Web Service Implementation Class

Package com.googlecode.garbagecan.cxfstudy.security;

Import java.util.ArrayList;
Import java.util.List;

public class Userserviceimpl implements UserService {public

    list<user> List () {
        list<user> users = n EW arraylist<user> ();
        for (int i = 0; i < i++) {
            User user = new user ();
            User.setid ("" + i);
            User.setname ("User_" + i);
            User.setpassword ("Password_" + i);
            Users.add (user);
        }
        return users;
    }

4. Server-side handler, which uses a map to hold user information, is really the application can use the database or other ways to get users and passwords

Package com.googlecode.garbagecan.cxfstudy.security;
Import java.io.IOException;
Import Java.util.HashMap;

Import Java.util.Map;
Import Javax.security.auth.callback.Callback;
Import Javax.security.auth.callback.CallbackHandler;

Import javax.security.auth.callback.UnsupportedCallbackException;

Import Org.apache.ws.security.WSPasswordCallback; public class Serverusernamepasswordhandler implements CallbackHandler {//The key is username, the value is password pri

    Vate map<string, string> users;
        Public Serverusernamepasswordhandler () {users = new hashmap<string, string> ();
    Users.put ("admin", "admin"); } public void handle (callback[] callbacks) throws IOException, unsupportedcallbackexception {wspasswordcallb
        ACK callback = (wspasswordcallback) callbacks[0];
        String id = callback.getidentifier (); if (Users.containskey (ID)) {if (!callback.getpassword (). Equals (Users.get (ID)) {throw new Se CuriTyexception ("Incorrect password.");
        } else {throw new SecurityException ("Invalid user.");
 }
    }
}

5. Client-side handler, used to set the user password, in the real application can be based on this class and the following test class to modify the logic set user name and password.

Package com.googlecode.garbagecan.cxfstudy.security;

Import java.io.IOException;

Import Javax.security.auth.callback.Callback;
Import Javax.security.auth.callback.CallbackHandler;
Import javax.security.auth.callback.UnsupportedCallbackException;

Import Org.apache.ws.security.WSPasswordCallback;

public class Clientusernamepasswordhandler implements CallbackHandler {public
    void handle (callback[] callbacks) Throws IOException, unsupportedcallbackexception {
        Wspasswordcallback callback = (wspasswordcallback) callbacks[0 ];
        int usage = callback.getusage ();
        System.out.println ("identifier:" + Callback.getidentifier ());
        System.out.println ("Usage:" + callback.getusage ());
        if (usage = = Wspasswordcallback.username_token) {
            Callback.setpassword ("admin");}}

6. Unit test class, note add Wss4jininterceptor to Interceptor list on server side, add Wss4joutinterceptor to Interceptor list in client.

Package com.googlecode.garbagecan.cxfstudy.security;
Import java.net.SocketTimeoutException;
Import Java.util.HashMap;
Import java.util.List;

Import Java.util.Map;

Import javax.xml.ws.WebServiceException;

Import Junit.framework.Assert;
Import org.apache.cxf.endpoint.Client;
Import Org.apache.cxf.endpoint.Endpoint;
Import Org.apache.cxf.frontend.ClientProxy;
Import Org.apache.cxf.interceptor.LoggingInInterceptor;
Import Org.apache.cxf.interceptor.LoggingOutInterceptor;
Import Org.apache.cxf.jaxws.JaxWsProxyFactoryBean;
Import Org.apache.cxf.jaxws.JaxWsServerFactoryBean;
Import Org.apache.cxf.transport.http.HTTPConduit;
Import Org.apache.cxf.transports.http.configuration.HTTPClientPolicy;
Import Org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
Import Org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
Import org.apache.ws.security.WSConstants;
Import org.apache.ws.security.handler.WSHandlerConstants;
Import Org.junit.BeforeClass;

Import Org.junit.Test; public class UserServiceTest {private static final String address = ' http://localhost:9000/ws/security/userService ';  @BeforeClass public static void Setupbeforeclass () throws Exception {Jaxwsserverfactorybean Factorybean = new
        Jaxwsserverfactorybean ();
        Factorybean.getininterceptors (). Add (New Loggingininterceptor ());

        Factorybean.getoutinterceptors (). Add (New Loggingoutinterceptor ());
        map<string, object> props = new hashmap<string, object> ();
        Props.put ("Action", "UsernameToken");
        Props.put ("Passwordtype", "Passwordtext");
        Props.put ("Passwordcallbackclass", ServerUsernamePasswordHandler.class.getName ());
        Wss4jininterceptor wss4jininterceptor = new Wss4jininterceptor (props);
        
        Factorybean.getininterceptors (). Add (Wss4jininterceptor);
        Factorybean.setserviceclass (Userserviceimpl.class);
        Factorybean.setaddress (address);
    Factorybean.create (); @Test public void Testlist () {Jaxwsproxyfactorybean Factorybean = new Jaxwsproxyfactorybean ();
        Factorybean.setaddress (address);
        Factorybean.setserviceclass (Userservice.class);
        
        Object obj = Factorybean.create ();
        Client client = clientproxy.getclient (obj);
        
        Endpoint Endpoint = Client.getendpoint ();
        Map<string,object> props = new hashmap<string,object> ();
        Props.put (Wshandlerconstants.action, Wshandlerconstants.username_token);
        Props.put (Wshandlerconstants.user, "admin");
        Props.put (Wshandlerconstants.password_type, Wsconstants.pw_text);
        Props.put (Wshandlerconstants.pw_callback_class, ClientUsernamePasswordHandler.class.getName ());
        Wss4joutinterceptor wss4joutinterceptor = new Wss4joutinterceptor (props);
        
        Endpoint.getoutinterceptors (). Add (Wss4joutinterceptor);
        Httpconduit conduit = (httpconduit) client.getconduit (); Httpclientpolicy policy = new Httpclientpolicy ();
        Policy.setconnectiontimeout (5 * 1000);
        Policy.setreceivetimeout (5 * 1000);
        
        Conduit.setclient (Policy);
        UserService service = (userservice) obj;
            try {list<user> users = service.list ();
            Assert.assertnotnull (users);
        Assert.assertequals (Users.size ()); catch (Exception e) {if (e instanceof webserviceexception && e.getcause () Insta
            Nceof sockettimeoutexception) {System.err.println ("This is timeout exception.");
            else {e.printstacktrace (); }
        }
    }

}

Finally run the test class above to test the results, you can also modify the test method of the password, to see the error results, here is not write the wrong password test cases, because I am a lazy person.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More