官方文档:http://cxf./docs/ws-security.html
翻译后的中文文档:http://xiaofengtoo./blog/1130802
实现ws-security基于wss4j拦截器,主要应用org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor和org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor。
具体配置如下:
1、在web.xml中配置处理请求的servlet
<servlet> <servlet-name>CXFServlet</servlet-name> <servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet>
<servlet-mapping> <servlet-name>CXFServlet</servlet-name> <url-pattern>/webservices/*</url-pattern> </servlet-mapping>
2、结合spring配置服务端
3、编写服务端密码回调类
- public class PlainPasswordCallback implements CallbackHandler {
-
- public void handle(Callback[] callbacks) throws IOException,
- UnsupportedCallbackException {
-
- WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
-
- if (pc.getIdentifier().equals("joe")) {
- // set the password on the callback. This will be compared to the
- // password which was sent from the client.
- pc.setPassword("password");
- }
- }
-
- }
4、编写客户端密码回调类
- public class ClientPasswordCallback implements CallbackHandler {
-
- public void handle(Callback[] callbacks) throws IOException,
- UnsupportedCallbackException {
-
- WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
-
- // set the password for our message.
- pc.setPassword("password");
- }
-
- }
5、编写客户端调用代码
说明:对于接口返回类型如果是复杂类型,可以将其封装到一个对象里面,直接作为返回
可以将客户端调用代码,结合spring配置
|