上面三章做了通過WSDL檔案產生java code的WebService伺服器端和用戶端例子。下面我們來做通過WSS4J對WebService的加密。
1.下載wss4j.jar 還是自己用google去找來下載。
2.把wss4j.jar 放到VacSyncService_WSS4J工程的 /WebContent/WEB-INF/lib 下。 可能提VacSyncService_WSS4J工程有點暈,其實這個就是前面我們使用的VacSyncService工程改了一下名字而已。
3.這下開始配置WEB-INFO 下的 deploy.wsdd
<!-- Use this file to deploy some handlers/chains and services -->
<!-- Two ways to do this: -->
<!-- java org.apache.axis.client.AdminClient deploy.wsdd -->
<!-- after the axis server is running -->
<!-- or -->
<!-- java org.apache.axis.utils.Admin client|server deploy.wsdd -->
<!-- from the same directory that the Axis engine runs -->
<deployment
xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<!-- Services from SyncNotifySPServiceService WSDL service -->
<service name="SyncNotifySP" provider="java:RPC" style="rpc" use="encoded">
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="passwordCallbackClass" value="PWCallback"/>
<parameter name="action" value="UsernameToken"/>
</handler>
</requestFlow>
<parameter name="wsdlTargetNamespace" value="http://soap.bossagent.vac.unicom.com"/>
<parameter name="wsdlServiceElement" value="SyncNotifySPServiceService"/>
<parameter name="schemaUnqualified" value="http://rsp.sync.soap.bossagent.vac.unicom.com,http://req.sync.soap.bossagent.vac.unicom.com"/>
<parameter name="wsdlServicePort" value="SyncNotifySP"/>
<parameter name="className" value="com.unicom.vac.bossagent.soap.SyncNotifySPSoapBindingSkeleton"/>
<parameter name="wsdlPortType" value="SyncNotifySPService"/>
<parameter name="typeMappingVersion" value="1.2"/>
<parameter name="allowedMethods" value="*"/>
<parameter name="scope" value="Session"/>
<typeMapping
xmlns:ns="http://rsp.sync.soap.bossagent.vac.unicom.com"
qname="ns:OrderRelationUpdateNotifyResponse"
type="java:com.unicom.vac.bossagent.soap.sync.rsp.OrderRelationUpdateNotifyResponse"
serializer="org.apache.axis.encoding.ser.BeanSerializerFactory"
deserializer="org.apache.axis.encoding.ser.BeanDeserializerFactory"
encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
/>
<typeMapping
xmlns:ns="http://req.sync.soap.bossagent.vac.unicom.com"
qname="ns:OrderRelationUpdateNotifyRequest"
type="java:com.unicom.vac.bossagent.soap.sync.req.OrderRelationUpdateNotifyRequest"
serializer="org.apache.axis.encoding.ser.BeanSerializerFactory"
deserializer="org.apache.axis.encoding.ser.BeanDeserializerFactory"
encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
/>
</service>
</deployment>
紅色字型為加入部分。
4.我們來寫加密的類
import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.ws.security.WSPasswordCallback;
public class PWCallback implements CallbackHandler {
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof WSPasswordCallback) {
WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
// set the password given a username
if ("user".equals(pc.getIdentifer())) {
pc.setPassword("pawd");
}
} else {
throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
}
}
}
}
這個就是伺服器端加密類。可以看到使用者明就是user,密碼就是pawd,這裡可以根據自己需要用加密機或演算法類處理一下。
5.在MyEclipse裡面啟動Tomcat。開啟cmd輸入:
C:/apache-tomcat-6.0.32/webapps/VacSyncService_WSS4J/WEB-INF>java -Djava.ext.dir
s="D:/workspace/VacSyncService_WSS4J/WebContent/WEB-INF/lib" org.apache.axis.cli
ent.AdminClient -lhttp://localhost:8080/VacSyncService_WSS4J/services/AdminServi
ce deploy.wsdd
在 /apache-tomcat-6.0.32/webapps/VacSyncService_WSS4J/WEB-INF/ 下會產生server-config.wsdd
6.到目前伺服器端加密的使用者驗證就寫完了,我們先用之前的用戶端類調用一下這個WebService服務會拋如下錯誤:
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
faultSubcode:
faultString: WSHandler: cannot load password callback class: PWCallback; nested exception is:
java.lang.ClassNotFoundException: PWCallback; nested exception is:
org.apache.ws.security.WSSecurityException: WSHandler: cannot load password callback class: PWCallback; nested exception is:
java.lang.ClassNotFoundException: PWCallback
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}hostname:3ABF8BC3B347428
WSHandler: cannot load password callback class: PWCallback; nested exception is:
java.lang.ClassNotFoundException: PWCallback; nested exception is:
org.apache.ws.security.WSSecurityException: WSHandler: cannot load password callback class: PWCallback; nested exception is:
java.lang.ClassNotFoundException: PWCallback
at org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:222)
at org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:129)
at org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087)
at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.endElement(AbstractSAXParser.java:601)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanEndElement(XMLDocumentFragmentScannerImpl.java:1774)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2930)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:648)
at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(XMLNSDocumentScannerImpl.java:140)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:510)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:807)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:737)
at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:107)
at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1205)
at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:522)
at javax.xml.parsers.SAXParser.parse(SAXParser.java:395)
at org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227)
at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)
at org.apache.axis.Message.getSOAPEnvelope(Message.java:435)
at org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:62)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:206)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at com.unicom.vac.bossagent.soap.SyncNotifySPSoapBindingStub.orderRelationUpdateNotify(SyncNotifySPSoapBindingStub.java:160)
at com.unicom.vac.bossagent.soap.WebServiceClient.setRequest(WebServiceClient.java:41)
at com.unicom.vac.bossagent.soap.WebServiceClient.main(WebServiceClient.java:59)
接下來我們來寫用戶端驗證代碼。
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
