如何调用具有消息安全和客户端证书认证的Web安全?

发布于 2024-11-05 23:57:25 字数 273 浏览 6 评论 0 原文

我需要使用 java 客户端调用 Web 服务。 此服务通过消息级别的证书(Ws-Security,而不是 SSL)对客户端进行身份验证。

这应该是可能的,因为我可以在 此对话框中使用具有相互证书安全性的 JAX-WS 生成 Web 服务< /a>.

但我无法创建客户。有人有想法吗?

I need to call a web service with a java client.
This service authenticates clients through certificates at the message level (Ws-Security, not SSL).

It should be possible since, I can generate web services with JAX-WS with mutual certificate security in this dialog.

But I don't manage to create a client. Does anyone has an idea ?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

就是爱搞怪 2024-11-12 23:57:25

我自己没有尝试过,而是来自http://download.oracle.com/docs/cd/E17802_01/webservices/webservices/docs/2.0/tutorial/doc/

使用XWSS配置消息安全

应用程序服务器包含所有使用 XWS-Security 保护 JAX-WS 应用程序所需的 JAR 文件的数量,但是,为了查看示例应用程序,您必须下载并安装独立的 Java WSDP 捆绑包。您可以从 http://java.sun.com/webservices/downloads 下载 Java WSDP /webservicespack.html

要使用 XWSS 将消息安全添加到现有 JAX-WS 应用程序,请在客户端执行以下步骤:

  • 创建客户端安全配置。客户端安全配置文件指定将用于客户端应用程序的消息安全操作的顺序和类型。例如,执行数字签名操作的简单安全配置如下所示:

     
                
            
    
        
    
    
        simple.client.SecurityEnvironmentHandler
    
    

    有关编写和理解安全配置以及设置 SecurityEnvironmentHandler 的更多信息,请参阅 Java Web Services Developer Pack 1.6 教程,网址为 http://java.sun.com/webservices/docs/1.6/tutorial/doc/index.html

  • 在您的客户端代码中,创建一个使用生成的安全配置进行初始化的 XWSSecurityConfiguration 对象。以下是您将在客户端文件中使用的代码示例。有关使用此代码的完整文件的示例,请查看 \jaxws2.0\simple-doclit\src\simple\client\ 目录中的示例客户端。

    FileInputStream f = new FileInputStream("./etc/client_security_config.xml"); 
    XWSSecurityConfiguration config = SecurityConfigurationFactory.newXWSSecurityConfiguration(f);  
    
  • 使用 XWSSecurityConfiguration.MESSAGE_SECURITY_CONFIGURATION 属性在 RequestContext 上设置安全配置信息。有关使用此代码的完整文件的示例,请查看 \jaxws2.0\simple-doclit\src\simple\client\ 目录中的示例客户端。

    //放置安全配置信息
    ((BindingProvider)存根).getRequestContext().put(
        XWSSecurityConfiguration.MESSAGE_SECURITY_CONFIGURATION,
        配置); 
    
  • 像编写客户端一样调用存根上的方法,而不考虑添加 XWS-Security。 \jaxws2.0\simple-doclit\src\simple\client\ 目录中的应用程序示例如下所示:

    Holder;持有=新持有者(“你好!”);
    Stub.ping(票,保留); 
    

I did not tried it myself, but from http://download.oracle.com/docs/cd/E17802_01/webservices/webservices/docs/2.0/tutorial/doc/ :

Configuring Message Security Using XWSS

The Application Server contains all of the JAR files necessary to use XWS-Security for securing JAX-WS applications, however, in order to view the sample applications, you must download and install the standalone Java WSDP bundle. You can download the Java WSDP from http://java.sun.com/webservices/downloads/webservicespack.html.

To add message security to an existing JAX-WS application using XWSS, follow these steps on the client side:

  • Create a client security configuration. The client security configuration file specifies the order and type of message security operations that will be used for the client application. For example, a simple security configuration to perform a digital signature operation looks like this:

            <xwss:Sign id="s" includeTimestamp="true">
                <xwss:X509Token encodingType="http://docs.oasis-
                  open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
                                valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-
                  x509-token-profile-1.0#X509SubjectKeyIdentifier"
                                certificateAlias="xws-security-client"
                                keyReferenceType="Identifier"/>
            </xwss:Sign>
    
        </xwss:SecurityConfiguration>
    </xwss:Service>
    <xwss:SecurityEnvironmentHandler>
        simple.client.SecurityEnvironmentHandler
    </xwss:SecurityEnvironmentHandler>
    

    For more information on writing and understanding security configurations and setting up SecurityEnvironmentHandlers, please see the Java Web Services Developer Pack 1.6 Tutorial at http://java.sun.com/webservices/docs/1.6/tutorial/doc/index.html.

  • In your client code, create an XWSSecurityConfiguration object initialized with the security configuration generated. Here is an example of the code that you would use in your client file. For an example of a complete file that uses this code, look at the example client in the \jaxws2.0\simple-doclit\src\simple\client\ directory.

    FileInputStream f = new FileInputStream("./etc/client_security_config.xml"); 
    XWSSecurityConfiguration config = SecurityConfigurationFactory.newXWSSecurityConfiguration(f);  
    
  • Set security configuration information on the RequestContext by using the XWSSecurityConfiguration.MESSAGE_SECURITY_CONFIGURATION property. For an example of a complete file that uses this code, look at the example client in the \jaxws2.0\simple-doclit\src\simple\client\ directory.

    // put the security config info
    ((BindingProvider)stub).getRequestContext().put(
        XWSSecurityConfiguration.MESSAGE_SECURITY_CONFIGURATION,
        config); 
    
  • Invoke the method on the stub as you would if you were writing the client without regard to adding XWS-Security. The example for the application from the \jaxws2.0\simple-doclit\src\simple\client\ directory is as shown below:

    Holder<String> hold = new Holder("Hello !");
    stub.ping(ticket, hold); 
    
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文