1:spring服務端的配置
- <bean id="Customer" class="org.web.HelloServiceImpl"></bean>
- <jaxws:endpoint id="custom" implementor="#Customer" address="/web" >
- <jaxws:inInterceptors>
- <bean class="org.apache.cxf.interceptor.LoggingInInterceptor" />
- <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
- <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
- <constructor-arg>
- <map>
- <entry key="action" value="UsernameToken" />
- <entry key="passwordType"
- value="PasswordText" />
- <entry key="user" value="cxfServer" />
- <entry key="passwordCallbackRef">
- <ref bean="serverPasswordCallback" />
- </entry>
- </map>
- </constructor-arg>
- </bean>
- </jaxws:inInterceptors>
- </jaxws:endpoint>
- <bean id="serverPasswordCallback" class="org.web.ServerPasswordCallback" />
action:UsernameToken 是使用用戶令牌
passwordType:PasswordText 是指密碼加密策略.這裏是直接密碼文本.
user:cxfServer 是指別名
passwordCallbackRef:serverPasswordCallback 是這密碼驗證..類..就是下面配置的..
2: 類:serverPasswordCallback
- import javax.security.auth.callback.Callback;
- import javax.security.auth.callback.CallbackHandler;
- import javax.security.auth.callback.UnsupportedCallbackException;
- import org.apache.ws.security.WSPasswordCallback;
- public class ServerPasswordCallback implements CallbackHandler {
- public void handle(Callback[] callbacks) throws IOException,
- UnsupportedCallbackException {
- WSPasswordCallback pc=(WSPasswordCallback) callbacks[0];
- String pw=pc.getPassword();
- String idf=pc.getIdentifier();
- System.out.println("密碼是:"+pw);
- System.out.println("類型是:"+idf);
- if(pw.equals("wdwsb")&&idf.equals("admin")){
- System.out.println("成功");
- }
- else{
- throw new SecurityException("驗證失敗");
- }
- }
這個不用多說..就是密碼驗證..很簡單!!
3:spring客戶端的配置:
- <bean id="webTest" class="org.web.HelloService" factory-bean="client" factory-method="create"/>
- <bean id="client" class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean" >
- <property name="address" value="http://127.0.0.1:88/Hello/web/web"></property>
- <property name="serviceClass" value="org.web.HelloService"></property>
- <property name="outInterceptors">
- <list>
- <bean class="org.apache.cxf.interceptor.LoggingOutInterceptor" />
- <bean class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />
- <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
- <constructor-arg>
- <map>
- <entry key="action" value="UsernameToken" />
- <entry key="passwordType"
- value="PasswordText" />
- <entry key="user" value="cxfClient" />
- <entry key="passwordCallbackRef">
- <ref bean="clientPasswordCallback" />
- </entry>
- </map>
- </constructor-arg>
- </bean>
- </list>
- </property>
- </bean>
- <bean id="clientPasswordCallback" class="org.web.clientPasswordCallback"></bean>
跟server的配置差不多..沒多少要講的.呵呵...
4: 類clientPasswordCallback的配置
- import javax.security.auth.callback.Callback;
- import javax.security.auth.callback.CallbackHandler;
- import javax.security.auth.callback.UnsupportedCallbackException;
- import org.apache.ws.security.WSPasswordCallback;
- public class clientPasswordCallback implements CallbackHandler {
- public void handle(Callback[] callbacks) throws IOException,
- UnsupportedCallbackException {
- for(int i=0;i<callbacks.length;i++){
- WSPasswordCallback ps=(WSPasswordCallback) callbacks[i];
- ps.setPassword("wdwsb");
- ps.setIdentifier("admin");
- }
- }
到此爲止..密碼認證用戶令牌就完成了...
測試!
通過!
當然我前面寫的一篇文章是最基本的.缺少了一些jar包.會報錯的.
所以要加上以下jar包..