Java 如何使用消息安全性和客户端证书身份验证调用web安全性？_Java_Wcf_Jax Ws_Client Certificates

Java 如何使用消息安全性和客户端证书身份验证调用web安全性？

java wcf

Java 如何使用消息安全性和客户端证书身份验证调用web安全性？,java,wcf,jax-ws,client-certificates,Java,Wcf,Jax Ws,Client Certificates,我需要用java客户端调用web服务。此服务通过消息级别的证书（Ws-Security，而不是SSL）对客户端进行身份验证 <xwss:Sign id="s" includeTimestamp="true"> <xwss:X509Token encodingType="http://docs.oasis- open.org/wss/2004/01/oasis-200401-wss-soap-message-s

我需要用java客户端调用web服务。此服务通过消息级别的证书（Ws-Security，而不是SSL）对客户端进行身份验证

        <xwss:Sign id="s" includeTimestamp="true">
            <xwss:X509Token encodingType="http://docs.oasis-
              open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
                            valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-
              x509-token-profile-1.0#X509SubjectKeyIdentifier"
                            certificateAlias="xws-security-client"
                            keyReferenceType="Identifier"/>
        </xwss:Sign>

    </xwss:SecurityConfiguration>
</xwss:Service>
<xwss:SecurityEnvironmentHandler>
    simple.client.SecurityEnvironmentHandler
</xwss:SecurityEnvironmentHandler>

这应该是可能的，因为我可以使用JAX-WS生成web服务，并在中使用相互证书安全性

        <xwss:Sign id="s" includeTimestamp="true">
            <xwss:X509Token encodingType="http://docs.oasis-
              open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
                            valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-
              x509-token-profile-1.0#X509SubjectKeyIdentifier"
                            certificateAlias="xws-security-client"
                            keyReferenceType="Identifier"/>
        </xwss:Sign>

    </xwss:SecurityConfiguration>
</xwss:Service>
<xwss:SecurityEnvironmentHandler>
    simple.client.SecurityEnvironmentHandler
</xwss:SecurityEnvironmentHandler>

但我无法创建客户机。有人有想法吗？

我自己没有尝试过，但来自：

<xwss:Sign id="s" includeTimestamp="true"> <xwss:X509Token encodingType="http://docs.oasis- open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- x509-token-profile-1.0#X509SubjectKeyIdentifier" certificateAlias="xws-security-client" keyReferenceType="Identifier"/> </xwss:Sign> </xwss:SecurityConfiguration> </xwss:Service> <xwss:SecurityEnvironmentHandler> simple.client.SecurityEnvironmentHandler </xwss:SecurityEnvironmentHandler>
使用XWSS配置消息安全性

<xwss:Sign id="s" includeTimestamp="true"> <xwss:X509Token encodingType="http://docs.oasis- open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- x509-token-profile-1.0#X509SubjectKeyIdentifier" certificateAlias="xws-security-client" keyReferenceType="Identifier"/> </xwss:Sign> </xwss:SecurityConfiguration> </xwss:Service> <xwss:SecurityEnvironmentHandler> simple.client.SecurityEnvironmentHandler </xwss:SecurityEnvironmentHandler>
应用服务器包含使用XWS安全性保护JAX-WS应用程序所需的所有JAR文件，但是，为了查看示例应用程序，必须下载并安装独立的Java WSDP捆绑包。您可以从下载JavaWSDP

<xwss:Sign id="s" includeTimestamp="true"> <xwss:X509Token encodingType="http://docs.oasis- open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- x509-token-profile-1.0#X509SubjectKeyIdentifier" certificateAlias="xws-security-client" keyReferenceType="Identifier"/> </xwss:Sign> </xwss:SecurityConfiguration> </xwss:Service> <xwss:SecurityEnvironmentHandler> simple.client.SecurityEnvironmentHandler </xwss:SecurityEnvironmentHandler>
要使用XWSS向现有JAX-WS应用程序添加消息安全性，请在客户端执行以下步骤：

<xwss:Sign id="s" includeTimestamp="true"> <xwss:X509Token encodingType="http://docs.oasis- open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- x509-token-profile-1.0#X509SubjectKeyIdentifier" certificateAlias="xws-security-client" keyReferenceType="Identifier"/> </xwss:Sign> </xwss:SecurityConfiguration> </xwss:Service> <xwss:SecurityEnvironmentHandler> simple.client.SecurityEnvironmentHandler </xwss:SecurityEnvironmentHandler>

创建客户端安全配置。客户端安全配置文件指定将用于客户端应用程序的消息安全操作的顺序和类型。例如，执行数字签名操作的简单安全配置如下所示：

<xwss:Sign id="s" includeTimestamp="true"> <xwss:X509Token encodingType="http://docs.oasis- open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- x509-token-profile-1.0#X509SubjectKeyIdentifier" certificateAlias="xws-security-client" keyReferenceType="Identifier"/> </xwss:Sign> </xwss:SecurityConfiguration> </xwss:Service> <xwss:SecurityEnvironmentHandler> simple.client.SecurityEnvironmentHandler </xwss:SecurityEnvironmentHandler>

<xwss:Sign id="s" includeTimestamp="true"> <xwss:X509Token encodingType="http://docs.oasis- open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- x509-token-profile-1.0#X509SubjectKeyIdentifier" certificateAlias="xws-security-client" keyReferenceType="Identifier"/> </xwss:Sign> </xwss:SecurityConfiguration> </xwss:Service> <xwss:SecurityEnvironmentHandler> simple.client.SecurityEnvironmentHandler </xwss:SecurityEnvironmentHandler>

使用
XWSSecurityConfiguration.MESSAGE\u security\u configuration
属性在
RequestContext
上设置安全配置信息。有关使用此代码的完整文件的示例，请查看\jaxws2.0\simple doclit\src\simple\client\目录中的示例客户端

<xwss:Sign id="s" includeTimestamp="true"> <xwss:X509Token encodingType="http://docs.oasis- open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- x509-token-profile-1.0#X509SubjectKeyIdentifier" certificateAlias="xws-security-client" keyReferenceType="Identifier"/> </xwss:Sign> </xwss:SecurityConfiguration> </xwss:Service> <xwss:SecurityEnvironmentHandler> simple.client.SecurityEnvironmentHandler </xwss:SecurityEnvironmentHandler>

FileInputStream f = new FileInputStream("./etc/client_security_config.xml"); XWSSecurityConfiguration config = SecurityConfigurationFactory.newXWSSecurityConfiguration(f);

// put the security config info ((BindingProvider)stub).getRequestContext().put( XWSSecurityConfiguration.MESSAGE_SECURITY_CONFIGURATION, config);

调用存根上的方法，就像编写客户端时不考虑添加XWS安全性一样。来自\jaxws2.0\simple doclit\src\simple\client\目录的应用程序示例如下所示：

<xwss:Sign id="s" includeTimestamp="true"> <xwss:X509Token encodingType="http://docs.oasis- open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- x509-token-profile-1.0#X509SubjectKeyIdentifier" certificateAlias="xws-security-client" keyReferenceType="Identifier"/> </xwss:Sign> </xwss:SecurityConfiguration> </xwss:Service> <xwss:SecurityEnvironmentHandler> simple.client.SecurityEnvironmentHandler </xwss:SecurityEnvironmentHandler>

Holder<String> hold = new Holder("Hello !"); stub.ping(ticket, hold);

Holder hold=新的Holder（“你好！”）；存根。ping（票，等待）；

我自己并没有试过，而是从：

<xwss:Sign id="s" includeTimestamp="true"> <xwss:X509Token encodingType="http://docs.oasis- open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- x509-token-profile-1.0#X509SubjectKeyIdentifier" certificateAlias="xws-security-client" keyReferenceType="Identifier"/> </xwss:Sign> </xwss:SecurityConfiguration> </xwss:Service> <xwss:SecurityEnvironmentHandler> simple.client.SecurityEnvironmentHandler </xwss:SecurityEnvironmentHandler>
使用XWSS配置消息安全性

<xwss:Sign id="s" includeTimestamp="true"> <xwss:X509Token encodingType="http://docs.oasis- open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- x509-token-profile-1.0#X509SubjectKeyIdentifier" certificateAlias="xws-security-client" keyReferenceType="Identifier"/> </xwss:Sign> </xwss:SecurityConfiguration> </xwss:Service> <xwss:SecurityEnvironmentHandler> simple.client.SecurityEnvironmentHandler </xwss:SecurityEnvironmentHandler>
应用服务器包含使用XWS安全性保护JAX-WS应用程序所需的所有JAR文件，但是，为了查看示例应用程序，必须下载并安装独立的Java WSDP捆绑包。您可以从下载JavaWSDP

<xwss:Sign id="s" includeTimestamp="true"> <xwss:X509Token encodingType="http://docs.oasis- open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- x509-token-profile-1.0#X509SubjectKeyIdentifier" certificateAlias="xws-security-client" keyReferenceType="Identifier"/> </xwss:Sign> </xwss:SecurityConfiguration> </xwss:Service> <xwss:SecurityEnvironmentHandler> simple.client.SecurityEnvironmentHandler </xwss:SecurityEnvironmentHandler>
要使用XWSS向现有JAX-WS应用程序添加消息安全性，请在客户端执行以下步骤：

<xwss:Sign id="s" includeTimestamp="true"> <xwss:X509Token encodingType="http://docs.oasis- open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- x509-token-profile-1.0#X509SubjectKeyIdentifier" certificateAlias="xws-security-client" keyReferenceType="Identifier"/> </xwss:Sign> </xwss:SecurityConfiguration> </xwss:Service> <xwss:SecurityEnvironmentHandler> simple.client.SecurityEnvironmentHandler </xwss:SecurityEnvironmentHandler>

创建客户端安全配置。客户端安全配置文件指定将用于客户端应用程序的消息安全操作的顺序和类型。例如，执行数字签名操作的简单安全配置如下所示：

<xwss:Sign id="s" includeTimestamp="true"> <xwss:X509Token encodingType="http://docs.oasis- open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- x509-token-profile-1.0#X509SubjectKeyIdentifier" certificateAlias="xws-security-client" keyReferenceType="Identifier"/> </xwss:Sign> </xwss:SecurityConfiguration> </xwss:Service> <xwss:SecurityEnvironmentHandler> simple.client.SecurityEnvironmentHandler </xwss:SecurityEnvironmentHandler>

<xwss:Sign id="s" includeTimestamp="true"> <xwss:X509Token encodingType="http://docs.oasis- open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- x509-token-profile-1.0#X509SubjectKeyIdentifier" certificateAlias="xws-security-client" keyReferenceType="Identifier"/> </xwss:Sign> </xwss:SecurityConfiguration> </xwss:Service> <xwss:SecurityEnvironmentHandler> simple.client.SecurityEnvironmentHandler </xwss:SecurityEnvironmentHandler>

使用
XWSSecurityConfiguration.MESSAGE\u security\u configuration
属性在
RequestContext
上设置安全配置信息。有关使用此代码的完整文件的示例，请查看\jaxws2.0\simple doclit\src\simple\client\目录中的示例客户端

<xwss:Sign id="s" includeTimestamp="true"> <xwss:X509Token encodingType="http://docs.oasis- open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- x509-token-profile-1.0#X509SubjectKeyIdentifier" certificateAlias="xws-security-client" keyReferenceType="Identifier"/> </xwss:Sign> </xwss:SecurityConfiguration> </xwss:Service> <xwss:SecurityEnvironmentHandler> simple.client.SecurityEnvironmentHandler </xwss:SecurityEnvironmentHandler>

FileInputStream f = new FileInputStream("./etc/client_security_config.xml"); XWSSecurityConfiguration config = SecurityConfigurationFactory.newXWSSecurityConfiguration(f);

// put the security config info ((BindingProvider)stub).getRequestContext().put( XWSSecurityConfiguration.MESSAGE_SECURITY_CONFIGURATION, config);

调用存根上的方法，就像编写客户端时不考虑添加XWS安全性一样。来自\jaxws2.0\simple doclit\src\simple\client\目录的应用程序示例如下所示：

<xwss:Sign id="s" includeTimestamp="true"> <xwss:X509Token encodingType="http://docs.oasis- open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- x509-token-profile-1.0#X509SubjectKeyIdentifier" certificateAlias="xws-security-client" keyReferenceType="Identifier"/> </xwss:Sign> </xwss:SecurityConfiguration> </xwss:Service> <xwss:SecurityEnvironmentHandler> simple.client.SecurityEnvironmentHandler </xwss:SecurityEnvironmentHandler>

Holder<String> hold = new Holder("Hello !"); stub.ping(ticket, hold);

Holder hold=新的Holder（“你好！”）；存根。ping（票，等待）；

谢谢，我接受你的回答，因为你的回答帮助我找到了答案。尽管netbeans允许您从WSDL生成，但我不知道信任存储是公钥，密钥存储是私钥+公钥。谢谢您的回答，我接受了，因为您的回答帮助我找到了答案。但是netbeans允许您从WSDL生成，我不知道信任存储是公钥，密钥存储是私钥+公钥。