Java 带有WSS4JOutInterceptor的CXF安全多密钥库
我对CXF安全性有一个问题。 我试图在keystore中实现一个带有autentication的web服务,但在Internet身份验证中发现的示例中,我一个接一个地看到了它 我有一个项目在该模式下运行,但我指定了一个客户机,因为我将私钥定义为公钥 例如,如果您需要此服务来连接10个不同的客户端,我知道我必须创建10个私钥和10个公钥 但是当我在应用服务器上设置时 我在此项目的当前设置下保留行 服务器\u decrypt.propertiesJava 带有WSS4JOutInterceptor的CXF安全多密钥库,java,web-services,spring-security,cxf,Java,Web Services,Spring Security,Cxf,我对CXF安全性有一个问题。 我试图在keystore中实现一个带有autentication的web服务,但在Internet身份验证中发现的示例中,我一个接一个地看到了它 我有一个项目在该模式下运行,但我指定了一个客户机,因为我将私钥定义为公钥 例如,如果您需要此服务来连接10个不同的客户端,我知道我必须创建10个私钥和10个公钥 但是当我在应用服务器上设置时 我在此项目的当前设置下保留行 服务器\u decrypt.properties org.apache.ws.security.cry
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=storepassword
org.apache.ws.security.crypto.merlin.keystore.alias=serverx509v1
org.apache.ws.security.crypto.merlin.file=server-keystore.jks
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=storepassword
org.apache.ws.security.crypto.merlin.keystore.alias=clientx509v1
org.apache.ws.security.crypto.merlin.file=server-truststore.jks
服务器\符号属性
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=storepassword
org.apache.ws.security.crypto.merlin.keystore.alias=serverx509v1
org.apache.ws.security.crypto.merlin.file=server-keystore.jks
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=storepassword
org.apache.ws.security.crypto.merlin.keystore.alias=clientx509v1
org.apache.ws.security.crypto.merlin.file=server-truststore.jks
cxf_context.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws"
xmlns:beans="http://cxf.apache.org/configuration/beans" xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://cxf.apache.org/configuration/beans http://cxf.apache.org/schemas/configuration/cxf-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">
<import resource="classpath:META-INF/cxf/cxf.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
<import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
<bean id="logIn" class="org.apache.cxf.interceptor.LoggingInInterceptor" />
<bean id="logOut" class="org.apache.cxf.interceptor.LoggingOutInterceptor" />
<bean id="PasswordCallback" class="com.pruebas.app.seguridad.PasswordCallback" />
<bean class="com.pruebas.app.servicios.ConsultaImpl" id="ConsultaImpl" />
<jaxws:endpoint address="/ConsultaImplWS" id="ConsultaImplWS"
implementor="#ConsultaImpl">
<jaxws:properties>
<entry key="schema-validation-enabled" value="true" />
</jaxws:properties>
<jaxws:outInterceptors>
<bean class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />
<ref bean="TimestampSignEncrypt_Response" />
</jaxws:outInterceptors>
<jaxws:inInterceptors>
<ref bean="TimestampSignEncrypt_Request" />
<bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
</jaxws:inInterceptors>
</jaxws:endpoint>
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"
id="TimestampSignEncrypt_Response">
<constructor-arg>
<map>
<entry key="action" value="Timestamp Signature Encrypt" />
<entry key="user" value="serverx509v1" />
<entry key="encryptionUser" value="clientx509v1"/>
<entry key="signaturePropFile" value="server_decrypt.properties" />
<entry key="encryptionPropFile" value="server_sign.properties" />
<entry key="passwordCallbackClass" value="com.pruebas.app.seguridad.PasswordCallback" />
<entry key="signatureParts"
value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body" />
<entry key="encryptionParts"
value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body" />
</map>
</constructor-arg>
</bean>
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"
id="TimestampSignEncrypt_Request">
<constructor-arg>
<map>
<entry key="action" value="Timestamp Signature Encrypt" />
<entry key="signaturePropFile" value="server_sign.properties" />
<entry key="decryptionPropFile" value="server_decrypt.properties" />
<entry key="passwordCallbackClass" value="com.pruebas.app.seguridad.PasswordCallback" />
</map>
</constructor-arg>
</bean>
</beans>
显然,我在resources文件夹(src/main/resources)中有server-server-truststore.jks和keystore.jks文件。
正如您可以看到的,此设置仅适用于单个客户。如何使多个客户端连接