Axis2 and wss4j implement WebServices encryption __web

Recently, the company to the Web services transmission content full encryption used to wss4j, so the Internet read a post follow do not run through, and did the following changes, as follows: first, wss4j introduction WSS4J is developed by Apache, the standard implementation of ws-security (WebService security) Open source project, it provides user name Token Ring verification (UsernameToken) and the delivery of information to ensure the integrity and authenticity of some webservice security. Ii. Environmental Preparedness 2.1 Development Environment Preparation Go to Apche website to download a Rampart-1.5.mar before the formal start Put this stuff in the web-inf/modules. This dongdong is a component that is required to implement WSS4J on AXIS2. Wss4j the relevant jar package to the LIB. third, using Keytool to generate a pair of JKS files First we use Keytool to generate a pair of jks files, Service.jks and Client.jks. The Service.jks stores the private key of the service and the client's public key. The CLIENT.JKS holds the client's private key and the service's public key. I generated the Service.jks's private and public key KeyStore's password is Apache Client.jks's private and public key KeyStore's password is Apache, (Note If you do not use Keytool please see the relevant information, I use Apache to provide sample files) The build method is as follows: C:/Documents and Settings/administrator>keytool-genkey-keyalg rsa-keysize 512 -dname "CN=SERVICE,O=QINAN,C=CN"-alias service-keypass administrator-keystor E D:/keystore/service.jks-storepass Qinanehome C:/Documents and Settings/administrator>keytool-genkey-keyalg rsa-keysize 512 -dname "CN=CLIENT,O=QINAN,C=CN"-alias client-keypass Administrator-keystore D:/keystore/client.jks-storepass Qinanadminehome 2.2 Build WebService Environment Copy the Axis2.war package to the WebApps directory under the Tomcat installation directory. Start Tomcat (d:/tomcat5.5/bin/startup.bat), open Browser input and access: Http://127.0.0.1:8080/axis2 to view, the results shown below, indicating that Axis2 has been working properly. Iv. Building Web Applications 4.1 Writing server-side code First of all, a brief introduction of my wss4j implementation ws-security function, very simple is the client sent a string, the server to get the string, while the string sent to the client, the first set up a Web application project, here on my WSC application engineering as an example Build a package under SRC com.neusoft.wss4j.rempart.demo.services here to write a class SimpleService as server-side The contents of this class are: package com.neusoft.wss4j.rempart.demo.services; Public class SimpleService { Public String echo (String arg) { return arg; } } The function of this class is to receive the client's string and return the string to the client. There is also a class that is the core of the security and integrity of implementing UsernameToken and transmitting information, This class is configured in Axis2.xml and service.xml to get information about the user-configured Axis2.xml and the service.xml of the server-side configuration. Every time the client sends a request, it must first obtain access to the server's permissions and the encryption password required to send data, and then send the data encrypted to the servers, if no permissions can not send data to the server side, whenever the server side wants to transfer data to the client, Also need to pass through the class to get the encryption password required to send data, and then return data encryption to the client, the client through decryption to obtain clear text information. Its contents are as follows: Package com.neusoft.wss4j.rempart.demo.services; Import Org.apache.ws.security.WSPasswordCallback; Import Javax.security.auth.callback.Callback; Import Javax.security.auth.callback.CallbackHandler; Import javax.security.auth.callback.UnsupportedCallbackException; Import java.io.IOException; public class Pwcbhandler implements CallbackHandler { public void handle (callback[] callbacks) throws IOException, Unsupportedcallbackexception { for (int i = 0; i < callbacks.length; i++) { Wspasswordcallback PWCB = (wspasswordcallback) callbacks[i]; String id = pwcb.getidentifer (); if ("Client". Equals (ID)) { Pwcb.setpassword ("Apache"); } else if ("service". Equals (ID)) { Pwcb.setpassword ("Apache"); } Else { throw new Unsupportedcallbackexception (Callbacks[i], "Sorry, you are not an authorized user and cannot access the Web service." "); } } } } 4.2 Write the server-side description file Services.xml Then write a parse the server class Services.xml file the contents of the file are as follows: <?xml version= "1.0" encoding= "UTF-8"?> <service name= "WSC" > <operation name= "echo" > <messagereceiver class= "Org.apache.axis2.rpc.receivers.RPCMessageReceiver"/> </operation> <parameter name= "ServiceClass" locked= "false" > Com.neusoft.wss4j.rempart.demo.services.SimpleService </parameter> <module ref= "Rampart"/> <parameter name= "Inflowsecurity" > <action> <items>timestamp signature</items> <signaturePropFile> Keys/service.properties </signaturePropFile> </action> </parameter> <parameter name= "Outflowsecurity" > <action> <items>timestamp signature</items> <user>service</user> <passwordCallbackClass> Com.neusoft.wss4j.rempart.demo.services.PWCBHandler </passwordCallbackClass> <signaturePropFile> Keys/service.properties </signaturePropFile> <signatureKeyIdentifier> Directreference </signatureKeyIdentifier> </action> </parameter> </service> There are several ways to configure a few <operation></operation> in server WSC Echo is a method in the WSC server class. WSC is the name of the service that is the name of the packaged server Wsc.aar the rear. Focus on the red and pink font parts, Red This part of the client came to the information with digital signature to decrypt the client sent over the encryption information This example through the Keys folder service.properties this file to find Service.jks to decrypt the information, the pink part is the server side of the output to the client information encryption, this example through the keys text folder under the Service.properties this file to find Service.jks to encrypt the information. The contents of service.properties are as follows: Org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.merlin Org.apache.ws.security.crypto.merlin.keystore.type=jks Org.apache.ws.security.crypto.merlin.keystore.password=apache Org.apache.ws.security.crypto.merlin.file=keys/service.jks Specify the type of encrypted file, file password, file name. 4.3 build. AAR Service Pack The bottom can be based on a server class SimpleService a service.xml package to generate a Wsc.aar as a server-side program. First, pack the SimpleService class, and then place the service.xml underneath the packaged Mate-info This completes the server-side program Wsc.aar. Below the Wsc.aar copy to the D:/program/tomcat6.0/webapps/axis2/web-inf/services directory (here is my machine as an example) Then restart Tomcat input