kevin_huo 发表于 2016-9-7 11:26:11

Apache CXF实战之九 发布使用SSL的Web Service

原文来自:http://blog.csdn.net/zhouxinhong/article/details/7766155
在使用Web Service的时候,在很多情况下会要求我们发布ssl的web service,此时如果web service是作为一个war包部署在tomcat之类的web容器中的时候,我们可以通过修改tomcat的配置来比较容易的部署发布成ssl的web service的,当对于独立运行的程序来书,此时发布web service是需要一些操作的,下面看看在CXF中怎样发布并调用SSL的Web Service。
1. 首先是一个pojo的实体类

view plaincopy



[*]package com.googlecode.garbagecan.cxfstudy.ssl;
[*]
[*]public class User {
[*]    private String id;
[*]    private String name;
[*]    private String password;
[*]    public String getId() {
[*]      return id;
[*]    }
[*]    public void setId(String id) {
[*]      this.id = id;
[*]    }
[*]    public String getName() {
[*]      return name;
[*]    }
[*]    public void setName(String name) {
[*]      this.name = name;
[*]    }
[*]    public String getPassword() {
[*]      return password;
[*]    }
[*]    public void setPassword(String password) {
[*]      this.password = password;
[*]    }
[*]}

view plain copy



[*]package com.googlecode.garbagecan.cxfstudy.ssl;
[*]
[*]public class User {
[*]    private String id;
[*]    private String name;
[*]    private String password;
[*]    public String getId() {
[*]      return id;
[*]    }
[*]    public void setId(String id) {
[*]      this.id = id;
[*]    }
[*]    public String getName() {
[*]      return name;
[*]    }
[*]    public void setName(String name) {
[*]      this.name = name;
[*]    }
[*]    public String getPassword() {
[*]      return password;
[*]    }
[*]    public void setPassword(String password) {
[*]      this.password = password;
[*]    }
[*]}

2. 下面是Web Service的接口和实现类,这两个类和前面文章中介绍的没什么区别

view plaincopy



[*]package com.googlecode.garbagecan.cxfstudy.ssl;
[*]
[*]import java.util.List;
[*]
[*]import javax.jws.WebMethod;
[*]import javax.jws.WebResult;
[*]import javax.jws.WebService;
[*]
[*]@WebService
[*]public interface UserService {
[*]    @WebMethod
[*]    @WebResult List<User> list();
[*]
[*]}
[*]
[*]package com.googlecode.garbagecan.cxfstudy.ssl;
[*]
[*]import java.util.ArrayList;
[*]import java.util.List;
[*]
[*]public class UserServiceImpl implements UserService {
[*]
[*]    public List<User> list() {
[*]      List<User> users = new ArrayList<User>();
[*]      for (int i = 0; i < 10; i++) {
[*]            User user = new User();
[*]            user.setId("" + i);
[*]            user.setName("user_" + i);
[*]            user.setPassword("password_" + i);
[*]            users.add(user);
[*]      }
[*]      return users;
[*]    }
[*]
[*]}

view plain copy



[*]package com.googlecode.garbagecan.cxfstudy.ssl;
[*]
[*]import java.util.List;
[*]
[*]import javax.jws.WebMethod;
[*]import javax.jws.WebResult;
[*]import javax.jws.WebService;
[*]
[*]@WebService
[*]public interface UserService {
[*]    @WebMethod
[*]    @WebResult List<User> list();
[*]
[*]}
[*]
[*]package com.googlecode.garbagecan.cxfstudy.ssl;
[*]
[*]import java.util.ArrayList;
[*]import java.util.List;
[*]
[*]public class UserServiceImpl implements UserService {
[*]
[*]    public List<User> list() {
[*]      List<User> users = new ArrayList<User>();
[*]      for (int i = 0; i < 10; i++) {
[*]            User user = new User();
[*]            user.setId("" + i);
[*]            user.setName("user_" + i);
[*]            user.setPassword("password_" + i);
[*]            users.add(user);
[*]      }
[*]      return users;
[*]    }
[*]
[*]}

3. 下面看看Server端代码
view plaincopy



[*]package com.googlecode.garbagecan.cxfstudy.ssl;
[*]
[*]import java.io.File;
[*]import java.io.FileInputStream;
[*]import java.security.KeyStore;
[*]
[*]import javax.net.ssl.KeyManager;
[*]import javax.net.ssl.KeyManagerFactory;
[*]import javax.net.ssl.TrustManager;
[*]import javax.net.ssl.TrustManagerFactory;
[*]
[*]import org.apache.cxf.configuration.jsse.TLSServerParameters;
[*]import org.apache.cxf.configuration.security.ClientAuthentication;
[*]import org.apache.cxf.configuration.security.FiltersType;
[*]import org.apache.cxf.endpoint.Server;
[*]import org.apache.cxf.jaxws.JaxWsServerFactoryBean;
[*]import org.apache.cxf.transport.http_jetty.JettyHTTPServerEngineFactory;
[*]
[*]public class MyServer {
[*]
[*]    private static final int port = 12345;
[*]   
[*]    private static final String address = "https://0.0.0.0:"+port+"/ws/ssl/userService";
[*]
[*]    public static void main(String[] args) throws Exception {
[*]      System.out.println("Starting Server");
[*]         
[*]      configureSSLOnTheServer();
[*]         
[*]      JaxWsServerFactoryBean factoryBean = new JaxWsServerFactoryBean();
[*]      factoryBean.setServiceClass(UserServiceImpl.class);
[*]      factoryBean.setAddress(address);
[*]         
[*]      Server server = factoryBean.create();
[*]      String endpoint = server.getEndpoint().getEndpointInfo().getAddress();
[*]
[*]      System.out.println("Server started at " + endpoint);
[*]    }
[*]
[*]    public static void configureSSLOnTheServer() {
[*]      File file = new File(MyServer.class.getResource("/com/googlecode/garbagecan/cxfstudy/ssl/test.jks").getFile());
[*]         
[*]      try {
[*]            TLSServerParameters tlsParams = new TLSServerParameters();
[*]            KeyStore keyStore = KeyStore.getInstance("JKS");
[*]            String password = "mypassword";
[*]            String storePassword = "mypassword";
[*]            
[*]            keyStore.load(new FileInputStream(file), storePassword.toCharArray());
[*]            KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
[*]            keyFactory.init(keyStore, password.toCharArray());
[*]            KeyManager[] keyManagers = keyFactory.getKeyManagers();
[*]            tlsParams.setKeyManagers(keyManagers);
[*]
[*]            keyStore.load(new FileInputStream(file), storePassword.toCharArray());
[*]            TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
[*]            trustFactory.init(keyStore);
[*]            TrustManager[] trustManagers = trustFactory.getTrustManagers();
[*]            tlsParams.setTrustManagers(trustManagers);
[*]            
[*]            FiltersType filtersTypes = new FiltersType();
[*]            filtersTypes.getInclude().add(".*_EXPORT_.*");
[*]            filtersTypes.getInclude().add(".*_EXPORT1024_.*");
[*]            filtersTypes.getInclude().add(".*_WITH_DES_.*");
[*]            filtersTypes.getInclude().add(".*_WITH_NULL_.*");
[*]            filtersTypes.getExclude().add(".*_DH_anon_.*");
[*]            tlsParams.setCipherSuitesFilter(filtersTypes);
[*]            
[*]            ClientAuthentication ca = new ClientAuthentication();
[*]            ca.setRequired(true);
[*]            ca.setWant(true);
[*]            tlsParams.setClientAuthentication(ca);
[*]            
[*]            JettyHTTPServerEngineFactory factory = new JettyHTTPServerEngineFactory();
[*]            factory.setTLSServerParametersForPort(port, tlsParams);
[*]      } catch (Exception e) {
[*]            e.printStackTrace();
[*]      }
[*]    }
[*]
[*]}

view plain copy



[*]package com.googlecode.garbagecan.cxfstudy.ssl;
[*]
[*]import java.io.File;
[*]import java.io.FileInputStream;
[*]import java.security.KeyStore;
[*]
[*]import javax.net.ssl.KeyManager;
[*]import javax.net.ssl.KeyManagerFactory;
[*]import javax.net.ssl.TrustManager;
[*]import javax.net.ssl.TrustManagerFactory;
[*]
[*]import org.apache.cxf.configuration.jsse.TLSServerParameters;
[*]import org.apache.cxf.configuration.security.ClientAuthentication;
[*]import org.apache.cxf.configuration.security.FiltersType;
[*]import org.apache.cxf.endpoint.Server;
[*]import org.apache.cxf.jaxws.JaxWsServerFactoryBean;
[*]import org.apache.cxf.transport.http_jetty.JettyHTTPServerEngineFactory;
[*]
[*]public class MyServer {
[*]
[*]    private static final int port = 12345;
[*]      
[*]    private static final String address = "https://0.0.0.0:"+port+"/ws/ssl/userService";
[*]
[*]    public static void main(String[] args) throws Exception {
[*]      System.out.println("Starting Server");
[*]         
[*]      configureSSLOnTheServer();
[*]         
[*]      JaxWsServerFactoryBean factoryBean = new JaxWsServerFactoryBean();
[*]      factoryBean.setServiceClass(UserServiceImpl.class);
[*]      factoryBean.setAddress(address);
[*]         
[*]      Server server = factoryBean.create();
[*]      String endpoint = server.getEndpoint().getEndpointInfo().getAddress();
[*]
[*]      System.out.println("Server started at " + endpoint);
[*]    }
[*]
[*]    public static void configureSSLOnTheServer() {
[*]      File file = new File(MyServer.class.getResource("/com/googlecode/garbagecan/cxfstudy/ssl/test.jks").getFile());
[*]         
[*]      try {
[*]            TLSServerParameters tlsParams = new TLSServerParameters();
[*]            KeyStore keyStore = KeyStore.getInstance("JKS");
[*]            String password = "mypassword";
[*]            String storePassword = "mypassword";
[*]            
[*]            keyStore.load(new FileInputStream(file), storePassword.toCharArray());
[*]            KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
[*]            keyFactory.init(keyStore, password.toCharArray());
[*]            KeyManager[] keyManagers = keyFactory.getKeyManagers();
[*]            tlsParams.setKeyManagers(keyManagers);
[*]
[*]            keyStore.load(new FileInputStream(file), storePassword.toCharArray());
[*]            TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
[*]            trustFactory.init(keyStore);
[*]            TrustManager[] trustManagers = trustFactory.getTrustManagers();
[*]            tlsParams.setTrustManagers(trustManagers);
[*]            
[*]            FiltersType filtersTypes = new FiltersType();
[*]            filtersTypes.getInclude().add(".*_EXPORT_.*");
[*]            filtersTypes.getInclude().add(".*_EXPORT1024_.*");
[*]            filtersTypes.getInclude().add(".*_WITH_DES_.*");
[*]            filtersTypes.getInclude().add(".*_WITH_NULL_.*");
[*]            filtersTypes.getExclude().add(".*_DH_anon_.*");
[*]            tlsParams.setCipherSuitesFilter(filtersTypes);
[*]            
[*]            ClientAuthentication ca = new ClientAuthentication();
[*]            ca.setRequired(true);
[*]            ca.setWant(true);
[*]            tlsParams.setClientAuthentication(ca);
[*]            
[*]            JettyHTTPServerEngineFactory factory = new JettyHTTPServerEngineFactory();
[*]            factory.setTLSServerParametersForPort(port, tlsParams);
[*]      } catch (Exception e) {
[*]            e.printStackTrace();
[*]      }
[*]    }
[*]
[*]}

4. 下面看看Client端代码

view plaincopy



[*]package com.googlecode.garbagecan.cxfstudy.ssl;
[*]
[*]import java.io.File;
[*]import java.io.FileInputStream;
[*]import java.security.KeyStore;
[*]
[*]import javax.net.ssl.KeyManager;
[*]import javax.net.ssl.KeyManagerFactory;
[*]import javax.net.ssl.TrustManager;
[*]import javax.net.ssl.TrustManagerFactory;
[*]
[*]import org.apache.cxf.configuration.jsse.TLSClientParameters;
[*]import org.apache.cxf.configuration.security.FiltersType;
[*]import org.apache.cxf.endpoint.Client;
[*]import org.apache.cxf.frontend.ClientProxy;
[*]import org.apache.cxf.jaxws.JaxWsProxyFactoryBean;
[*]import org.apache.cxf.transport.http.HTTPConduit;
[*]
[*]public class MyClient {
[*]
[*]    private static final String address = "https://localhost:12345/ws/ssl/userService";
[*]
[*]    public static void main(String[] args) throws Exception {
[*]      JaxWsProxyFactoryBean factoryBean = new JaxWsProxyFactoryBean();
[*]      factoryBean.setAddress(address);
[*]      factoryBean.setServiceClass(UserService.class);
[*]      Object obj = factoryBean.create();
[*]      UserService userService = (UserService) obj;
[*]         
[*]      configureSSLOnTheClient(userService);
[*]
[*]      System.out.println(userService.list());
[*]    }
[*]
[*]    private static void configureSSLOnTheClient(Object obj) {
[*]      File file = new File(MyServer.class.getResource("/com/googlecode/garbagecan/cxfstudy/ssl/test.jks").getFile());
[*]         
[*]      Client client = ClientProxy.getClient(obj);
[*]      HTTPConduit httpConduit = (HTTPConduit) client.getConduit();
[*]
[*]      try {
[*]            TLSClientParameters tlsParams = new TLSClientParameters();
[*]            tlsParams.setDisableCNCheck(true);
[*]
[*]            KeyStore keyStore = KeyStore.getInstance("JKS");
[*]            String password = "mypassword";
[*]            String storePassword = "mypassword";
[*]            
[*]            keyStore.load(new FileInputStream(file), storePassword.toCharArray());
[*]            TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
[*]            trustFactory.init(keyStore);
[*]            TrustManager[] trustManagers = trustFactory.getTrustManagers();
[*]            tlsParams.setTrustManagers(trustManagers);
[*]
[*]            keyStore.load(new FileInputStream(file), storePassword.toCharArray());
[*]            KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
[*]            keyFactory.init(keyStore, password.toCharArray());
[*]            KeyManager[] keyManagers = keyFactory.getKeyManagers();
[*]            tlsParams.setKeyManagers(keyManagers);
[*]            
[*]            FiltersType filtersTypes = new FiltersType();
[*]            filtersTypes.getInclude().add(".*_EXPORT_.*");
[*]            filtersTypes.getInclude().add(".*_EXPORT1024_.*");
[*]            filtersTypes.getInclude().add(".*_WITH_DES_.*");
[*]            filtersTypes.getInclude().add(".*_WITH_NULL_.*");
[*]            filtersTypes.getExclude().add(".*_DH_anon_.*");
[*]            tlsParams.setCipherSuitesFilter(filtersTypes);
[*]
[*]            httpConduit.setTlsClientParameters(tlsParams);
[*]      } catch (Exception e) {
[*]            e.printStackTrace();
[*]      }
[*]    }
[*]}

view plain copy



[*]package com.googlecode.garbagecan.cxfstudy.ssl;
[*]
[*]import java.io.File;
[*]import java.io.FileInputStream;
[*]import java.security.KeyStore;
[*]
[*]import javax.net.ssl.KeyManager;
[*]import javax.net.ssl.KeyManagerFactory;
[*]import javax.net.ssl.TrustManager;
[*]import javax.net.ssl.TrustManagerFactory;
[*]
[*]import org.apache.cxf.configuration.jsse.TLSClientParameters;
[*]import org.apache.cxf.configuration.security.FiltersType;
[*]import org.apache.cxf.endpoint.Client;
[*]import org.apache.cxf.frontend.ClientProxy;
[*]import org.apache.cxf.jaxws.JaxWsProxyFactoryBean;
[*]import org.apache.cxf.transport.http.HTTPConduit;
[*]
[*]public class MyClient {
[*]
[*]    private static final String address = "https://localhost:12345/ws/ssl/userService";
[*]
[*]    public static void main(String[] args) throws Exception {
[*]      JaxWsProxyFactoryBean factoryBean = new JaxWsProxyFactoryBean();
[*]      factoryBean.setAddress(address);
[*]      factoryBean.setServiceClass(UserService.class);
[*]      Object obj = factoryBean.create();
[*]      UserService userService = (UserService) obj;
[*]         
[*]      configureSSLOnTheClient(userService);
[*]
[*]      System.out.println(userService.list());
[*]    }
[*]
[*]    private static void configureSSLOnTheClient(Object obj) {
[*]      File file = new File(MyServer.class.getResource("/com/googlecode/garbagecan/cxfstudy/ssl/test.jks").getFile());
[*]         
[*]      Client client = ClientProxy.getClient(obj);
[*]      HTTPConduit httpConduit = (HTTPConduit) client.getConduit();
[*]
[*]      try {
[*]            TLSClientParameters tlsParams = new TLSClientParameters();
[*]            tlsParams.setDisableCNCheck(true);
[*]
[*]            KeyStore keyStore = KeyStore.getInstance("JKS");
[*]            String password = "mypassword";
[*]            String storePassword = "mypassword";
[*]            
[*]            keyStore.load(new FileInputStream(file), storePassword.toCharArray());
[*]            TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
[*]            trustFactory.init(keyStore);
[*]            TrustManager[] trustManagers = trustFactory.getTrustManagers();
[*]            tlsParams.setTrustManagers(trustManagers);
[*]
[*]            keyStore.load(new FileInputStream(file), storePassword.toCharArray());
[*]            KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
[*]            keyFactory.init(keyStore, password.toCharArray());
[*]            KeyManager[] keyManagers = keyFactory.getKeyManagers();
[*]            tlsParams.setKeyManagers(keyManagers);
[*]            
[*]            FiltersType filtersTypes = new FiltersType();
[*]            filtersTypes.getInclude().add(".*_EXPORT_.*");
[*]            filtersTypes.getInclude().add(".*_EXPORT1024_.*");
[*]            filtersTypes.getInclude().add(".*_WITH_DES_.*");
[*]            filtersTypes.getInclude().add(".*_WITH_NULL_.*");
[*]            filtersTypes.getExclude().add(".*_DH_anon_.*");
[*]            tlsParams.setCipherSuitesFilter(filtersTypes);
[*]
[*]            httpConduit.setTlsClientParameters(tlsParams);
[*]      } catch (Exception e) {
[*]            e.printStackTrace();
[*]      }
[*]    }
[*]}

5. 我们需要手动生成jks文件,并将其放在maven工程resources的/com/googlecode/garbagecan/cxfstudy/ssl/目录下,下面是手动生成时使用的命令

view plaincopy



[*]keytool -genkey -alias test -keyalg RSA -keypass mypassword -storepass mypassword -dname "CN=, OU=, O=, L=, ST=, C=" -validity 3650 -keystore test.jks
http://static.blog.csdn.net/images/save_snippets_01.png

view plain copy



[*]keytool -genkey -alias test -keyalg RSA -keypass mypassword -storepass mypassword -dname "CN=, OU=, O=, L=, ST=, C=" -validity 3650 -keystore test.jks

6. 最后我们可以通过启动MyServer和MyClient来验证我们的测试。
页: [1]
查看完整版本: Apache CXF实战之九 发布使用SSL的Web Service