Fatal编程技术网
  • web-services/
  • Web services Axis2&x2B;Rampart Web服务签名和加密

Web services Axis2&x2B;Rampart Web服务签名和加密

web-services

Web services Axis2&x2B;Rampart Web服务签名和加密,web-services,axis2,ws-security,Web Services,Axis2,Ws Security,我对一个Web服务和他的客户端之间的安全性有问题。 我使用Axis2和Rampart构建自底向上的Web服务,然后从生成的wsdl创建客户机。 我向您展示我的代码和具体问题 Client.java package de.security.tutorial; import java.io.InputStream; import java.rmi.RemoteException; import javax.xml.stream.XMLStreamException; import org.apa

我对一个Web服务和他的客户端之间的安全性有问题。 我使用Axis2和Rampart构建自底向上的Web服务,然后从生成的wsdl创建客户机。 我向您展示我的代码和具体问题

Client.java

package de.security.tutorial;

import java.io.InputStream;
import java.rmi.RemoteException;

import javax.xml.stream.XMLStreamException;
import org.apache.axiom.om.impl.builder.StAXOMBuilder;
import org.apache.axis2.client.Options;
import org.apache.axis2.client.ServiceClient;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.axis2.context.ConfigurationContextFactory;
import org.apache.neethi.Policy;
import org.apache.neethi.PolicyEngine;
import org.apache.rampart.RampartMessageData;

import de.security.tutorial.ServerStub.GetWelcomeResponse;

public class Client {

    /**
     * Load policy file from classpath.
     */
    private static Policy loadPolicy(String name) throws XMLStreamException {
        ClassLoader loader = new ClassLoader() {};
        InputStream resource = loader.getResourceAsStream(name);
        StAXOMBuilder builder = new StAXOMBuilder(resource);
        return PolicyEngine.getPolicy(builder.getDocumentElement());
    }

    public static void main(String[] arg) throws RemoteException{
        String url = "http://localhost:8080/axis2/services/Server";
        try {
            // get Modulrepository
            ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem("WebContent/WEB-INF/", null);

            // create new Stub
            ServerStub stub = new ServerStub(ctx, url);

            // configure and engage Rampart
            ServiceClient client = stub._getServiceClient();
            Options options = client.getOptions();

            Policy policy = loadPolicy("policy.xml");
//          client.getAxisService().getPolicySubject().attachPolicy(policy);
            options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
            options.setUserName("libuser");
            options.setPassword("books");

            client.setOptions( options );           
            client.engageModule( "addressing" );        
            client.engageModule( "rampart" );
            stub._setServiceClient( client );

            // send request
            GetWelcomeResponse response = stub.getWelcome();

            // print response to console
            if(response.local_returnTracker){
                String string = response.get_return();
                System.out.println(string);
            }

        } catch(Exception e) {
            System.out.println("Exception: " + e.getMessage());
        }

    }

}

package de.security.tutorial;

import org.apache.ws.security.WSPasswordCallback;

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;

import java.io.IOException;

/**
 * Simple password callback handler. This just checks if the password for the private key
 * is being requested, and if so sets that value.
 */
public class PWCBHandler implements CallbackHandler
{
    public void handle(Callback[] callbacks) throws IOException {
        for (int i = 0; i < callbacks.length; i++) {
            WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
            String id = pwcb.getIdentifer();
            int usage = pwcb.getUsage();
            if (usage == WSPasswordCallback.DECRYPT || usage == WSPasswordCallback.SIGNATURE) {

                // used to retrieve password for private key
                if ("clientkey".equals(id)) {
                    pwcb.setPassword("clientpass");
                }

            }
        }
    }
}
PasswordCallbackHandler.java

package de.security.tutorial;

import java.io.InputStream;
import java.rmi.RemoteException;

import javax.xml.stream.XMLStreamException;
import org.apache.axiom.om.impl.builder.StAXOMBuilder;
import org.apache.axis2.client.Options;
import org.apache.axis2.client.ServiceClient;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.axis2.context.ConfigurationContextFactory;
import org.apache.neethi.Policy;
import org.apache.neethi.PolicyEngine;
import org.apache.rampart.RampartMessageData;

import de.security.tutorial.ServerStub.GetWelcomeResponse;

public class Client {

    /**
     * Load policy file from classpath.
     */
    private static Policy loadPolicy(String name) throws XMLStreamException {
        ClassLoader loader = new ClassLoader() {};
        InputStream resource = loader.getResourceAsStream(name);
        StAXOMBuilder builder = new StAXOMBuilder(resource);
        return PolicyEngine.getPolicy(builder.getDocumentElement());
    }

    public static void main(String[] arg) throws RemoteException{
        String url = "http://localhost:8080/axis2/services/Server";
        try {
            // get Modulrepository
            ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem("WebContent/WEB-INF/", null);

            // create new Stub
            ServerStub stub = new ServerStub(ctx, url);

            // configure and engage Rampart
            ServiceClient client = stub._getServiceClient();
            Options options = client.getOptions();

            Policy policy = loadPolicy("policy.xml");
//          client.getAxisService().getPolicySubject().attachPolicy(policy);
            options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
            options.setUserName("libuser");
            options.setPassword("books");

            client.setOptions( options );           
            client.engageModule( "addressing" );        
            client.engageModule( "rampart" );
            stub._setServiceClient( client );

            // send request
            GetWelcomeResponse response = stub.getWelcome();

            // print response to console
            if(response.local_returnTracker){
                String string = response.get_return();
                System.out.println(string);
            }

        } catch(Exception e) {
            System.out.println("Exception: " + e.getMessage());
        }

    }

}

package de.security.tutorial;

import org.apache.ws.security.WSPasswordCallback;

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;

import java.io.IOException;

/**
 * Simple password callback handler. This just checks if the password for the private key
 * is being requested, and if so sets that value.
 */
public class PWCBHandler implements CallbackHandler
{
    public void handle(Callback[] callbacks) throws IOException {
        for (int i = 0; i < callbacks.length; i++) {
            WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
            String id = pwcb.getIdentifer();
            int usage = pwcb.getUsage();
            if (usage == WSPasswordCallback.DECRYPT || usage == WSPasswordCallback.SIGNATURE) {

                // used to retrieve password for private key
                if ("clientkey".equals(id)) {
                    pwcb.setPassword("clientpass");
                }

            }
        }
    }
}
但是如果我禁用rampart模块,那么我就可以连接到服务,但是他错过了安全头。问题在于这一行:

client.engageModule( "rampart" );
有人能帮我吗?

根据下面的代码,我想说您需要包括注释掉的行,并注释掉下面的其他5行

//      client.getAxisService().getPolicySubject().attachPolicy(policy);
        options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
        options.setUserName("libuser");
        options.setPassword("books");

        client.setOptions( options );           
        client.engageModule( "addressing" );