Apache CXF实战之九 发布使用SSL的Web Service
Apache CXF实战之九 发布使用SSL的Web Service
OkSerIous 发表于2年前
Apache CXF实战之九 发布使用SSL的Web Service
  • 发表于 2年前
  • 阅读 70
  • 收藏 5
  • 点赞 0
  • 评论 0

腾讯云 新注册用户 域名抢购1元起>>>   

摘要: Apache CXF实战之九 发布使用SSL的Web Service

在使用Web Service的时候,在很多情况下会要求我们发布ssl的web service,此时如果web service是作为一个war包部署在tomcat之类的web容器中的时候,我们可以通过修改tomcat的配置来比较容易的部署发布成ssl的web service的,当对于独立运行的程序来书,此时发布web service是需要一些操作的,下面看看在CXF中怎样发布并调用SSL的Web Service。

1. 首先是一个pojo的实体类

[java] view plaincopyprint?

<EMBED id=ZeroClipboardMovie_1 name=ZeroClipboardMovie_1 type=application/x-shockwave-flash align=middle pluginspage=http://www.macromedia.com/go/getflashplayer height=14 width=29 src=http://static.blog.csdn.net/scripts/ZeroClipboard/ZeroClipboard.swf wmode="transparent" flashvars="id=1&width=29&height=14" allowfullscreen="false" allowscriptaccess="always" bgcolor="#ffffff" quality="best" menu="false" loop="false">

  1. package com.googlecode.garbagecan.cxfstudy.ssl;  

  2.   

  3. public class User {  

  4.     private String id;  

  5.     private String name;  

  6.     private String password;  

  7.     public String getId() {  

  8.         return id;  

  9.     }  

  10.     public void setId(String id) {  

  11.         this.id = id;  

  12.     }  

  13.     public String getName() {  

  14.         return name;  

  15.     }  

  16.     public void setName(String name) {  

  17.         this.name = name;  

  18.     }  

  19.     public String getPassword() {  

  20.         return password;  

  21.     }  

  22.     public void setPassword(String password) {  

  23.         this.password = password;  

  24.     }  

  25. }  

2. 下面是Web Service的接口和实现类,这两个类和前面文章中介绍的没什么区别

[java] view plaincopyprint?

<EMBED id=ZeroClipboardMovie_2 name=ZeroClipboardMovie_2 type=application/x-shockwave-flash align=middle pluginspage=http://www.macromedia.com/go/getflashplayer height=14 width=29 src=http://static.blog.csdn.net/scripts/ZeroClipboard/ZeroClipboard.swf wmode="transparent" flashvars="id=2&width=29&height=14" allowfullscreen="false" allowscriptaccess="always" bgcolor="#ffffff" quality="best" menu="false" loop="false">

  1. package com.googlecode.garbagecan.cxfstudy.ssl;  

  2.   

  3. import java.util.List;  

  4.   

  5. import javax.jws.WebMethod;  

  6. import javax.jws.WebResult;  

  7. import javax.jws.WebService;  

  8.   

  9. @WebService   

  10. public interface UserService {  

  11.     @WebMethod  

  12.     @WebResult List<User> list();  

  13.   

  14. }  

  15.   

  16. package com.googlecode.garbagecan.cxfstudy.ssl;  

  17.   

  18. import java.util.ArrayList;  

  19. import java.util.List;  

  20.   

  21. public class UserServiceImpl implements UserService {  

  22.   

  23.     public List<User> list() {  

  24.         List<User> users = new ArrayList<User>();  

  25.         for (int i = 0; i < 10; i++) {  

  26.             User user = new User();  

  27.             user.setId("" + i);  

  28.             user.setName("user_" + i);  

  29.             user.setPassword("password_" + i);  

  30.             users.add(user);  

  31.         }  

  32.         return users;  

  33.     }  

  34.   

  35. }  

3. 下面看看Server端代码

[java] view plaincopyprint?

<EMBED id=ZeroClipboardMovie_3 name=ZeroClipboardMovie_3 type=application/x-shockwave-flash align=middle pluginspage=http://www.macromedia.com/go/getflashplayer height=14 width=29 src=http://static.blog.csdn.net/scripts/ZeroClipboard/ZeroClipboard.swf wmode="transparent" flashvars="id=3&width=29&height=14" allowfullscreen="false" allowscriptaccess="always" bgcolor="#ffffff" quality="best" menu="false" loop="false">

  1. package com.googlecode.garbagecan.cxfstudy.ssl;  

  2.   

  3. import java.io.File;  

  4. import java.io.FileInputStream;  

  5. import java.security.KeyStore;  

  6.   

  7. import javax.net.ssl.KeyManager;  

  8. import javax.net.ssl.KeyManagerFactory;  

  9. import javax.net.ssl.TrustManager;  

  10. import javax.net.ssl.TrustManagerFactory;  

  11.   

  12. import org.apache.cxf.configuration.jsse.TLSServerParameters;  

  13. import org.apache.cxf.configuration.security.ClientAuthentication;  

  14. import org.apache.cxf.configuration.security.FiltersType;  

  15. import org.apache.cxf.endpoint.Server;  

  16. import org.apache.cxf.jaxws.JaxWsServerFactoryBean;  

  17. import org.apache.cxf.transport.http_jetty.JettyHTTPServerEngineFactory;  

  18.   

  19. public class MyServer {  

  20.   

  21.     private static final int port = 12345;  

  22.       

  23.     private static final String address = "https://0.0.0.0:"+port+"/ws/ssl/userService";  

  24.   

  25.     public static void main(String[] args) throws Exception {  

  26.         System.out.println("Starting Server");  

  27.           

  28.         configureSSLOnTheServer();  

  29.           

  30.         JaxWsServerFactoryBean factoryBean = new JaxWsServerFactoryBean();  

  31.         factoryBean.setServiceClass(UserServiceImpl.class);  

  32.         factoryBean.setAddress(address);  

  33.           

  34.         Server server = factoryBean.create();  

  35.         String endpoint = server.getEndpoint().getEndpointInfo().getAddress();  

  36.   

  37.         System.out.println("Server started at " + endpoint);  

  38.     }  

  39.   

  40.     public static void configureSSLOnTheServer() {  

  41.         File file = new File(MyServer.class.getResource("/com/googlecode/garbagecan/cxfstudy/ssl/test.jks").getFile());  

  42.           

  43.         try {  

  44.             TLSServerParameters tlsParams = new TLSServerParameters();  

  45.             KeyStore keyStore = KeyStore.getInstance("JKS");  

  46.             String password = "mypassword";  

  47.             String storePassword = "mypassword";  

  48.               

  49.             keyStore.load(new FileInputStream(file), storePassword.toCharArray());  

  50.             KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());  

  51.             keyFactory.init(keyStore, password.toCharArray());  

  52.             KeyManager[] keyManagers = keyFactory.getKeyManagers();  

  53.             tlsParams.setKeyManagers(keyManagers);  

  54.   

  55.             keyStore.load(new FileInputStream(file), storePassword.toCharArray());  

  56.             TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());  

  57.             trustFactory.init(keyStore);  

  58.             TrustManager[] trustManagers = trustFactory.getTrustManagers();  

  59.             tlsParams.setTrustManagers(trustManagers);  

  60.               

  61.             FiltersType filtersTypes = new FiltersType();  

  62.             filtersTypes.getInclude().add(".*_EXPORT_.*");  

  63.             filtersTypes.getInclude().add(".*_EXPORT1024_.*");  

  64.             filtersTypes.getInclude().add(".*_WITH_DES_.*");  

  65.             filtersTypes.getInclude().add(".*_WITH_NULL_.*");  

  66.             filtersTypes.getExclude().add(".*_DH_anon_.*");  

  67.             tlsParams.setCipherSuitesFilter(filtersTypes);  

  68.               

  69.             ClientAuthentication ca = new ClientAuthentication();  

  70.             ca.setRequired(true);  

  71.             ca.setWant(true);  

  72.             tlsParams.setClientAuthentication(ca);  

  73.               

  74.             JettyHTTPServerEngineFactory factory = new JettyHTTPServerEngineFactory();  

  75.             factory.setTLSServerParametersForPort(port, tlsParams);  

  76.         } catch (Exception e) {  

  77.             e.printStackTrace();  

  78.         }  

  79.     }  

  80.   

  81. }  

4. 下面看看Client端代码

[java] view plaincopyprint?

<EMBED id=ZeroClipboardMovie_4 name=ZeroClipboardMovie_4 type=application/x-shockwave-flash align=middle pluginspage=http://www.macromedia.com/go/getflashplayer height=14 width=29 src=http://static.blog.csdn.net/scripts/ZeroClipboard/ZeroClipboard.swf wmode="transparent" flashvars="id=4&width=29&height=14" allowfullscreen="false" allowscriptaccess="always" bgcolor="#ffffff" quality="best" menu="false" loop="false">

  1. package com.googlecode.garbagecan.cxfstudy.ssl;  

  2.   

  3. import java.io.File;  

  4. import java.io.FileInputStream;  

  5. import java.security.KeyStore;  

  6.   

  7. import javax.net.ssl.KeyManager;  

  8. import javax.net.ssl.KeyManagerFactory;  

  9. import javax.net.ssl.TrustManager;  

  10. import javax.net.ssl.TrustManagerFactory;  

  11.   

  12. import org.apache.cxf.configuration.jsse.TLSClientParameters;  

  13. import org.apache.cxf.configuration.security.FiltersType;  

  14. import org.apache.cxf.endpoint.Client;  

  15. import org.apache.cxf.frontend.ClientProxy;  

  16. import org.apache.cxf.jaxws.JaxWsProxyFactoryBean;  

  17. import org.apache.cxf.transport.http.HTTPConduit;  

  18.   

  19. public class MyClient {  

  20.   

  21.     private static final String address = "https://localhost:12345/ws/ssl/userService";  

  22.   

  23.     public static void main(String[] args) throws Exception {  

  24.         JaxWsProxyFactoryBean factoryBean = new JaxWsProxyFactoryBean();  

  25.         factoryBean.setAddress(address);  

  26.         factoryBean.setServiceClass(UserService.class);  

  27.         Object obj = factoryBean.create();  

  28.         UserService userService = (UserService) obj;  

  29.           

  30.         configureSSLOnTheClient(userService);  

  31.   

  32.         System.out.println(userService.list());  

  33.     }  

  34.   

  35.     private static void configureSSLOnTheClient(Object obj) {  

  36.         File file = new File(MyServer.class.getResource("/com/googlecode/garbagecan/cxfstudy/ssl/test.jks").getFile());  

  37.           

  38.         Client client = ClientProxy.getClient(obj);  

  39.         HTTPConduit httpConduit = (HTTPConduit) client.getConduit();  

  40.   

  41.         try {  

  42.             TLSClientParameters tlsParams = new TLSClientParameters();  

  43.             tlsParams.setDisableCNCheck(true);  

  44.   

  45.             KeyStore keyStore = KeyStore.getInstance("JKS");  

  46.             String password = "mypassword";  

  47.             String storePassword = "mypassword";  

  48.               

  49.             keyStore.load(new FileInputStream(file), storePassword.toCharArray());  

  50.             TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());  

  51.             trustFactory.init(keyStore);  

  52.             TrustManager[] trustManagers = trustFactory.getTrustManagers();  

  53.             tlsParams.setTrustManagers(trustManagers);  

  54.   

  55.             keyStore.load(new FileInputStream(file), storePassword.toCharArray());  

  56.             KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());  

  57.             keyFactory.init(keyStore, password.toCharArray());  

  58.             KeyManager[] keyManagers = keyFactory.getKeyManagers();  

  59.             tlsParams.setKeyManagers(keyManagers);  

  60.               

  61.             FiltersType filtersTypes = new FiltersType();  

  62.             filtersTypes.getInclude().add(".*_EXPORT_.*");  

  63.             filtersTypes.getInclude().add(".*_EXPORT1024_.*");  

  64.             filtersTypes.getInclude().add(".*_WITH_DES_.*");  

  65.             filtersTypes.getInclude().add(".*_WITH_NULL_.*");  

  66.             filtersTypes.getExclude().add(".*_DH_anon_.*");  

  67.             tlsParams.setCipherSuitesFilter(filtersTypes);  

  68.   

  69.             httpConduit.setTlsClientParameters(tlsParams);  

  70.         } catch (Exception e) {  

  71.             e.printStackTrace();  

  72.         }  

  73.     }  

  74. }  

5. 我们需要手动生成jks文件,并将其放在maven工程resources的/com/googlecode/garbagecan/cxfstudy/ssl/目录下,下面是手动生成时使用的命令

[plain] view plaincopyprint?

<EMBED id=ZeroClipboardMovie_5 name=ZeroClipboardMovie_5 type=application/x-shockwave-flash align=middle pluginspage=http://www.macromedia.com/go/getflashplayer height=14 width=29 src=http://static.blog.csdn.net/scripts/ZeroClipboard/ZeroClipboard.swf wmode="transparent" flashvars="id=5&width=29&height=14" allowfullscreen="false" allowscriptaccess="always" bgcolor="#ffffff" quality="best" menu="false" loop="false">

  1. keytool -genkey -alias test -keyalg RSA -keypass mypassword -storepass mypassword -dname "CN=, OU=, O=, L=, ST=, C=" -validity 3650 -keystore test.jks  

6. 最后我们可以通过启动MyServer和MyClient来验证我们的测试。

共有 人打赏支持
粉丝 31
博文 33
码字总数 4469
×
OkSerIous
如果觉得我的文章对您有用,请随意打赏。您的支持将鼓励我继续创作!
* 金额(元)
¥1 ¥5 ¥10 ¥20 其他金额
打赏人
留言
* 支付类型
微信扫码支付
打赏金额:
已支付成功
打赏金额: