WSIT:JKS 相对文件路径

发布于 2024-10-17 11:32:14 字数 285 浏览 6 评论 0原文

使用 Netbeans、Maven、Metro 和 Tomcat 创建 Web 服务服务器时,如何在 wsit 配置中使用相对文件路径?

例如,我在 wsit 文件中有这一行:

<sc:KeyStore wspp:visibility="private" location="SERVER_KeyStore.jks" type="JKS" storepass="*****" alias="*****"/>

我应该将 jks 文件放在哪里,以便它与该位置匹配?

When creating a web service server using Netbeans, Maven, Metro and Tomcat, how can I use relative filepaths in the wsit configuration?

For example, I have this line inside the wsit file:

<sc:KeyStore wspp:visibility="private" location="SERVER_KeyStore.jks" type="JKS" storepass="*****" alias="*****"/>

where should I put the jks file so it matches that location?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

暮色兮凉城 2024-10-24 11:32:14

最后,我找到了答案。

当提供
密钥库/trustore 名称和位置
wsit-*.xml 文件,请注意
它们将作为资源加载
扫描 META-INF 目录
你的包(WEB-INF/classes/META-INF
在 JBoss 上使用 war 包时
应用服务器5)。

来自 JBossWS - Stack Metro 用户指南

在我的例子中,这意味着将 META-INF 文件夹添加到我的资源文件夹并将 **/*.jks 添加到 pom 文件。

Finally, I found the answer.

when providing the
keystore/trustore name and location in
the wsit-*.xml files, please note that
they'll be loaded as resources
scanning the META-INF directory in
your package (WEB-INF/classes/META-INF
when using war packages on JBoss
Application Server 5).

from JBossWS - Stack Metro User Guide

In my case that means adding a META-INF folder to my resources folder and add <include>**/*.jks</include> to the pom file.

意中人 2024-10-24 11:32:14

我看到了一些关于 wsit 安全配置的问题,其中大多数涉及外部化 SSL 配置,而不是硬编码到 wsdl 文件中。只是因为可能有开发和生产环境,总之硬编码配置无论如何都是不好的。我花了几天的时间来解决这个问题,并在 stackoverflow 和其他各种论坛中只发现了一些(通常是可怕的)提示。但解决方案实际上并没有那么复杂。我只是把它留在这里给某人(它也符合原始问题,因为它允许在任何地方拥有 jks,也可以拥有外部配置文件)。

假设您的 wsdl 文件中有 wsit 策略,如下所示:

<wsp1:Policy wsu:Id="MyBinding_IWebServicePolicy">
    <wsp1:ExactlyOne>
        <wsp1:All>
            <sc:KeyStore wspp:visibility="private" type="JKS" storepass="pass" alias="some-alias" keypass="pass" location="keystore.jks"/>
            <sc:TrustStore wspp:visibility="private" type="JKS" peeralias="other-alias" storepass="pass" location="truststore.jks"/>
        </wsp1:All>
    </wsp1:ExactlyOne>
</wsp1:Policy>

您需要使用 CallbackHandler 来代替。

调整后的策略:

<wsp1:Policy wsu:Id="MyBinding_IWebServicePolicy">
    <wsp1:ExactlyOne>
        <wsp1:All>
            <sc:KeyStore wspp:visibility="private" callbackHandler="com.my.KeyStoreHandler"/>
            <sc:TrustStore wspp:visibility="private" callbackHandler="com.my.TrustStoreHandler"/>
        </wsp1:All>
    </wsp1:ExactlyOne>
</wsp1:Policy>

处理程序可能看起来像这样(我使用 scala,但您可以轻松地将其转换为 java):

import javax.security.auth.callback.{ CallbackHandler => ICallbackHandler, Callback }
import com.sun.xml.wss.impl.callback.{ KeyStoreCallback, PrivateKeyCallback }
import java.security.{ PrivateKey, KeyStore }
import java.io.FileInputStream

abstract class CallbackHandler extends ICallbackHandler {
  def conf: Config // getting external configuration

  def handle(callbacks: Array[Callback]): Unit = callbacks foreach {
    // loads the keystore
    case cb: KeyStoreCallback =>
      val ks = KeyStore.getInstance(conf.getString("type"))
      val is = new FileInputStream(conf.getString("file"))
      try ks.load(is, conf.getString("store-password").toCharArray) finally is.close()
      cb.setKeystore(ks)

    // loads private key
    case cb: PrivateKeyCallback =>
      cb.setAlias(conf.getString("alias"))
      cb.setKey(cb.getKeystore.getKey(conf.getString("alias"), conf.getString("key-password").toCharArray).asInstanceOf[PrivateKey])

    // other things
    case cb => // I didn't need anything else, but just in case
  }
}

class TrustStoreHandler extends CallbackHandler {
  lazy val conf = getMyTrustStoreConfig
}

class KeyStoreHandler extends CallbackHandler {
  lazy val conf = getMyKeyStoreConfig
}

在 java 中只需使用 if (cb isinstanceof Class) 而不是 case cb: Class =>,其他代码实际上是没有分号的java。

I saw some number of questions for wsit security configuration, most of them deal with externalizing SSL configuration, rather than hardcoding into wsdl file. Just because there may be development and production environment, and all in all hardcoded configuration is bad anyway. I spend several days with this issue and found only some (often monstrous) hints here in stackoverflow and various other forums. But the solution turned to be not so complex indeed. I just leave it here for someone (it matches also original question, because it will allow having jks anywhere, also having external config file as well).

Say, you have wsit policy in your wsdl files like this:

<wsp1:Policy wsu:Id="MyBinding_IWebServicePolicy">
    <wsp1:ExactlyOne>
        <wsp1:All>
            <sc:KeyStore wspp:visibility="private" type="JKS" storepass="pass" alias="some-alias" keypass="pass" location="keystore.jks"/>
            <sc:TrustStore wspp:visibility="private" type="JKS" peeralias="other-alias" storepass="pass" location="truststore.jks"/>
        </wsp1:All>
    </wsp1:ExactlyOne>
</wsp1:Policy>

You need to use CallbackHandler instead.

Adjusted policy:

<wsp1:Policy wsu:Id="MyBinding_IWebServicePolicy">
    <wsp1:ExactlyOne>
        <wsp1:All>
            <sc:KeyStore wspp:visibility="private" callbackHandler="com.my.KeyStoreHandler"/>
            <sc:TrustStore wspp:visibility="private" callbackHandler="com.my.TrustStoreHandler"/>
        </wsp1:All>
    </wsp1:ExactlyOne>
</wsp1:Policy>

And handler might look like this (I use scala, but you may translate this to java easily):

import javax.security.auth.callback.{ CallbackHandler => ICallbackHandler, Callback }
import com.sun.xml.wss.impl.callback.{ KeyStoreCallback, PrivateKeyCallback }
import java.security.{ PrivateKey, KeyStore }
import java.io.FileInputStream

abstract class CallbackHandler extends ICallbackHandler {
  def conf: Config // getting external configuration

  def handle(callbacks: Array[Callback]): Unit = callbacks foreach {
    // loads the keystore
    case cb: KeyStoreCallback =>
      val ks = KeyStore.getInstance(conf.getString("type"))
      val is = new FileInputStream(conf.getString("file"))
      try ks.load(is, conf.getString("store-password").toCharArray) finally is.close()
      cb.setKeystore(ks)

    // loads private key
    case cb: PrivateKeyCallback =>
      cb.setAlias(conf.getString("alias"))
      cb.setKey(cb.getKeystore.getKey(conf.getString("alias"), conf.getString("key-password").toCharArray).asInstanceOf[PrivateKey])

    // other things
    case cb => // I didn't need anything else, but just in case
  }
}

class TrustStoreHandler extends CallbackHandler {
  lazy val conf = getMyTrustStoreConfig
}

class KeyStoreHandler extends CallbackHandler {
  lazy val conf = getMyKeyStoreConfig
}

In java just use if (cb isinstanceof Class) instead of case cb: Class =>, the other code is practically java without semicolons.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文