Java 带有WSS4JOutInterceptor的CXF安全多密钥库_Java_Web Services_Spring Security_Cxf

Java 带有WSS4JOutInterceptor的CXF安全多密钥库

java web-services spring-security

Java 带有WSS4JOutInterceptor的CXF安全多密钥库,java,web-services,spring-security,cxf,Java,Web Services,Spring Security,Cxf,我对CXF安全性有一个问题。我试图在keystore中实现一个带有autentication的web服务，但在Internet身份验证中发现的示例中，我一个接一个地看到了它我有一个项目在该模式下运行，但我指定了一个客户机，因为我将私钥定义为公钥例如，如果您需要此服务来连接10个不同的客户端，我知道我必须创建10个私钥和10个公钥但是当我在应用服务器上设置时我在此项目的当前设置下保留行服务器\u decrypt.properties org.apache.ws.security.cry

我对CXF安全性有一个问题。我试图在keystore中实现一个带有autentication的web服务，但在Internet身份验证中发现的示例中，我一个接一个地看到了它

我有一个项目在该模式下运行，但我指定了一个客户机，因为我将私钥定义为公钥

例如，如果您需要此服务来连接10个不同的客户端，我知道我必须创建10个私钥和10个公钥

但是当我在应用服务器上设置时

我在此项目的当前设置下保留行

服务器\u decrypt.properties

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=storepassword
org.apache.ws.security.crypto.merlin.keystore.alias=serverx509v1
org.apache.ws.security.crypto.merlin.file=server-keystore.jks

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=storepassword
org.apache.ws.security.crypto.merlin.keystore.alias=clientx509v1
org.apache.ws.security.crypto.merlin.file=server-truststore.jks

服务器\符号属性

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=storepassword
org.apache.ws.security.crypto.merlin.keystore.alias=serverx509v1
org.apache.ws.security.crypto.merlin.file=server-keystore.jks

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=storepassword
org.apache.ws.security.crypto.merlin.keystore.alias=clientx509v1
org.apache.ws.security.crypto.merlin.file=server-truststore.jks

cxf_context.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws"
    xmlns:beans="http://cxf.apache.org/configuration/beans" xmlns:context="http://www.springframework.org/schema/context"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
        http://cxf.apache.org/configuration/beans http://cxf.apache.org/schemas/configuration/cxf-beans.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
        http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">

    <import resource="classpath:META-INF/cxf/cxf.xml" />
    <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
    <import resource="classpath:META-INF/cxf/cxf-servlet.xml" />

    <bean id="logIn" class="org.apache.cxf.interceptor.LoggingInInterceptor" />
    <bean id="logOut" class="org.apache.cxf.interceptor.LoggingOutInterceptor" />

    <bean id="PasswordCallback" class="com.pruebas.app.seguridad.PasswordCallback" />
    <bean class="com.pruebas.app.servicios.ConsultaImpl" id="ConsultaImpl" />
    <jaxws:endpoint address="/ConsultaImplWS" id="ConsultaImplWS"
        implementor="#ConsultaImpl">
        <jaxws:properties>
            <entry key="schema-validation-enabled" value="true" />
        </jaxws:properties>

        <jaxws:outInterceptors>
            <bean class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />
            <ref bean="TimestampSignEncrypt_Response" />
        </jaxws:outInterceptors>

        <jaxws:inInterceptors>
            <ref bean="TimestampSignEncrypt_Request" />
            <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
        </jaxws:inInterceptors>

    </jaxws:endpoint>

    <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"
        id="TimestampSignEncrypt_Response">
        <constructor-arg>
            <map>
                <entry key="action" value="Timestamp Signature Encrypt" />
                <entry key="user" value="serverx509v1" />
                <entry key="encryptionUser" value="clientx509v1"/>
                <entry key="signaturePropFile"  value="server_decrypt.properties" />
                <entry key="encryptionPropFile" value="server_sign.properties" />
                <entry key="passwordCallbackClass" value="com.pruebas.app.seguridad.PasswordCallback" />
                <entry key="signatureParts"
                    value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body" />
                <entry key="encryptionParts"
                    value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body" />

            </map>

        </constructor-arg>
    </bean>

    <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"
        id="TimestampSignEncrypt_Request">
        <constructor-arg>
            <map>
                <entry key="action" value="Timestamp Signature Encrypt" />
                <entry key="signaturePropFile"  value="server_sign.properties" />
                <entry key="decryptionPropFile" value="server_decrypt.properties" />
                <entry key="passwordCallbackClass" value="com.pruebas.app.seguridad.PasswordCallback" />
            </map>
        </constructor-arg>

    </bean>
</beans>

显然，我在resources文件夹（src/main/resources）中有server-server-truststore.jks和keystore.jks文件。正如您可以看到的，此设置仅适用于单个客户。如何使多个客户端连接