xfire的webservice安全机制之用户校验 xfire的WEBSERVICE安全,最简单的一种,使用用户名和密码来验证是否准许调用WS。呵呵。 在原来的基础上配置 服务端配置修改点: applicationContext-webservice.xml配置文件: <property name="inHandlers"> <list> <ref bean="domInHandler" /> <ref bean="wss4jInHandler"/> <ref bean="validateUserTokenHandler" /> </list> </property> <bean id="wss4jInHandler" class="org.codehaus.xfire.security.wss4j.WSS4JInHandler"> <property name="properties"> <props> <prop key="action">Usernametoken</prop> <prop key="passwordCallbackClass"> com.megaeyes.ipcamera.service.webservice.tools.PasswordHandler </prop> </props> </property> </bean> 客户端配置修改点: 就只是把XFireClientFactory.java修改一下: public Object getobject() throws Exception { String url = this.getServiceURL(); Class sClass = null; try { sClass = Class.forName(this.getServiceClassName()); } catch (ClassNotFoundException e) { log.error(e.getMessage(),e); return null; } Assert.notNull(url); Assert.notNull(sClass); Service serviceModel = new ObjectServiceFactory().create(sClass); try { Object obj = serviceFactory.create(serviceModel,url); //用户名 getUserToken(obj); //加密 //getEnc(obj); //签名 //getSign(obj); return obj; } catch (MalformedURLException e) { log.error(e.getMessage(),e); return null; } } public void getUserToken(Object service){ Client client = ((XFireProxy) Proxy.getInvocationHandler(service)).getClient(); //挂上WSS4JOutHandler,提供认证 client.addOutHandler(new DOMOutHandler()); Properties properties = new Properties(); // Action to perform : user token properties.setProperty(WSHandlerConstants.ACTION,WSHandlerConstants.USERNAME_TOKEN); // Password type : plain text properties.setProperty(WSHandlerConstants.PASSWORD_TYPE,WSConstants.PASSWORD_DIGEST); //WSConstants.PW_DIGEST 摘要 //WSConstants.PW_TEXT 明文 // for hashed password use: //properties.setProperty(WSHandlerConstants.PASSWORD_TYPE,WSConstants.PW_DIGEST); // User name to send properties.setProperty(WSHandlerConstants.USER,"tianyi"); // Callback used to retrive password for given user. properties.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS,PasswordHandler.class.getName()); client.addOutHandler(new WSS4JOutHandler(properties)); } 其实这里可以改成配置式的。配置调用何种方法去调用。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。