我正在尝试为我的代理服务实现安全性。我从这个链接获得了安全实施方面的帮助:http://evanthika.blogspot.in/2012/12/pox-security-with-wso2-esb-proxy.html。我的安全性已经实现,我可以从尝试中调用它,但我想通过客户端调用此服务,但如何执行此部分我无法找到。任何人都可以提供一个关于这个问题的例子吗?在此先感谢客户端的安全代理服务?
回答
几乎所有的IDE(我个人使用WSO2开发工作室用于WSO2开发)都有能力从WSDL文件生成存根,在ESB中也有一个实用工具(在工具选项卡下)从WSDL生成java代码。您可以选择两种方式来生成Java代码。在从wsdl生成java存根并调用Echo Service(我只是说你的情况)后,可以将Web服务端点切换到代理服务URL。
你可以找到WSO2 Developer Studio中,这是一个Eclipse包,从这里开始:
有关详细信息,从客户端调用Axis2 Web服务,你可以看到:
更新:
RampartConfigBuilder类:
package org.wso2.carbon.security.ws;
import org.apache.rampart.policy.model.RampartConfig;
import org.apache.rampart.policy.model.CryptoConfig;
import java.util.Properties;
import java.io.File;
/**
* This class is used to create Rampart Configurations for different security scenarios in WSAS
*/
public class RampartConfigBuilder {
public static RampartConfig createRampartConfig(int securityScenario) {
RampartConfig rampartConfig = null;
Properties merlinProp = new Properties();
merlinProp.put("org.apache.ws.security.crypto.merlin.keystore.type", "JKS");
merlinProp.put("org.apache.ws.security.crypto.merlin.file",
"src" + File.separator + "main" + File.separator + "resources" + File.separator + "wso2carbon.jks");
merlinProp.put("org.apache.ws.security.crypto.merlin.keystore.password", "wso2carbon");
CryptoConfig sigCryptoConfig = new CryptoConfig();
sigCryptoConfig.setProvider("org.apache.ws.security.components.crypto.Merlin");
sigCryptoConfig.setProp(merlinProp);
CryptoConfig encCryptoConfig = new CryptoConfig();
encCryptoConfig.setProvider("org.apache.ws.security.components.crypto.Merlin");
encCryptoConfig.setProp(merlinProp);
switch (securityScenario) {
/**
* Scenario : Username Token
* Rampart Config : username , password callback handler
*/
case 1:
rampartConfig = new RampartConfig();
rampartConfig.setUser("admin");
rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
break;
/**
* Scenario : Non-repudiation
* Rampart Config : signatureCrypto , Password Callback Hanlder , User certificate Alias ,
* Signature CryptoConfig
*/
case 2:
rampartConfig = new RampartConfig();
rampartConfig.setUserCertAlias("wso2carbon");
rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
rampartConfig.setSigCryptoConfig(sigCryptoConfig);
break;
/**
* Scenario : Integrity
* Rampart Config : Encryption user , Signature CryptoConfig
*/
case 3:
rampartConfig = new RampartConfig();
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setSigCryptoConfig(sigCryptoConfig);
break;
/**
* Scenario : Confidentiality :
* Rampart Config : Encryption user , Encryption CryptoConfig
*/
case 4:
rampartConfig = new RampartConfig();
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
break;
/**
* Scenario : Sign and encrypt - X509 Authentication
* Rampart Config : User cert alias , Encryption user , Sign. CryptoConfig , Enc. CryptoConfig ,
* Password Callback Handler
*/
case 5:
rampartConfig = new RampartConfig();
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setUserCertAlias("wso2carbon");
rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
rampartConfig.setSigCryptoConfig(sigCryptoConfig);
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
break;
/**
* Scenario : Sign and Encrypt - Anonymous clients
* Rampart Config : Encryption User , Sign. CryptoConfig | Encr. CryptoConfig
*/
case 6:
rampartConfig = new RampartConfig();
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
break;
/**
* Scenario : Encrypt only - Username Token Authentication
* Rampart Config : Username , PasswordCallbackHandler + Encryption User
* , Sign. CryptoConfig | Encr. CryptoConfig
*/
case 7:
rampartConfig = new RampartConfig();
rampartConfig.setUser("admin");
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
break;
/**
* Scenario : Sign and Encrypt - Username Token Authentication
* Rampart Config : Username + PasswordCallbackhandler , Encryption User ,
* Sign. CryptoConfig | Encr. CryptoConfig
*/
case 8:
rampartConfig = new RampartConfig();
rampartConfig.setUser("admin");
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
break;
/**
* Scenario : SecureConversation - Sign only - Service as STS - Bootstrap policy - Sign and Encrypt ,
* X509 Authentication
* Rampart Config : encryption user, User Cert. Alias, Password Callback Handler, Sign. CryptoConfig,
* Encr. CryptoConfig
*/
case 9:
rampartConfig = new RampartConfig();
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setUserCertAlias("wso2carbon");
rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
rampartConfig.setSigCryptoConfig(sigCryptoConfig);
break;
/**
* Scenario : SecureConversation - Encrypt only - Service as STS - Bootstrap policy - Sign and Encrypt ,
* X509 Authentication Provides Confidentiality. Multiple message exchange.Clients have X509 certificates.
* Rampart Config : encryption user, User Cert. Alias, Password Callback Handler, Sign. CryptoConfig,
* Encr. CryptoConfig
*/
case 10:
rampartConfig = new RampartConfig();
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setUserCertAlias("wso2carbon");
rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
rampartConfig.setSigCryptoConfig(sigCryptoConfig);
break;
/**
* Scenario : SecureConversation - Sign and Encrypt - Service as STS - Bootstrap policy - Sign and Encrypt,
* X509 Authentication
* Rampart Config : encryption user, User Cert. Alias, Password Callback Handler, Sign. CryptoConfig,
* Encr. CryptoConfig
*/
case 11:
rampartConfig = new RampartConfig();
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setUserCertAlias("wso2carbon");
rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
rampartConfig.setSigCryptoConfig(sigCryptoConfig);
break;
/**
* Scenario : SecureConversation - Sign Only - Service as STS - Bootstrap policy - Sign and Encrypt ,
* Anonymous clients
* Rampart Config : Encryption User, enc. crypto config
*/
case 12:
rampartConfig = new RampartConfig();
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
break;
/**
* Scenario : SecureConversation - Encrypt Only - Service as STS - Bootstrap policy - Sign and Encrypt ,
* Anonymous clients
* Rampart Config : Encryption User, enc. crypto config
*/
case 13:
rampartConfig = new RampartConfig();
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
break;
/**
* Scenario : SecureConversation - Encrypt Only - Service as STS - Bootstrap policy - Sign and Encrypt ,
* Username Token Authentication
* Rampart Config : Username, encryption user, Password Callback Handler, enc. crypto config
*/
case 14:
rampartConfig = new RampartConfig();
rampartConfig.setUser("admin");
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
break;
/**
* Scenario : SecureConversation - Sign and Encrypt - Service as STS - Bootstrap policy - Sign and Encrypt,
* Username Token Authentication
* Rampart Config : Username, encryption user, Password Callback Handler, Encryption Crypto Config
*/
case 15:
rampartConfig = new RampartConfig();
rampartConfig.setUser("admin");
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
break;
}
return rampartConfig;
}
}
的PasswordCallbackHandler类:
package org.wso2.carbon.security.ws;
import org.apache.ws.security.WSPasswordCallback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;
import java.io.IOException;
public class PasswordCallbackHandler implements CallbackHandler{
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
String id = pwcb.getIdentifer();
if("admin".equals(id)) {
pwcb.setPassword("admin");
} else if("wso2carbon".equals(id)) {
pwcb.setPassword("wso2carbon");
}
}
}
}
原文:
下面的Java代码,您可以调用安全服务。您可以调用可使用15种默认安全方案进行保护的服务[1]。您需要将“/ path/to/keystore”更改为默认指定wso2carbon.jks的位置(ESB_HOME/repository/resources/security/wso2carbon.jks)。 还要将/ path/to/repo指向客户端axis2存储库。文件结构如下。 EPR是硬编码的。所以,你可能想要改变这些以配合你的服务。
repository/
└── modules
├── addressing-1.6.1-wso2v1.mar
├── rahas-1.6.1-wso2v1.mar
└── rampart-1.6.1-wso2v1.mar
[1] http://docs.wso2.org/wiki/display/AS510/QoS+-+Security+and+Reliable+Messaging
package org.wso2.carbon.security.ws;
import org.apache.axis2.addressing.EndpointReference;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.axis2.context.ConfigurationContextFactory;
import org.apache.axis2.description.AxisBinding;
import org.apache.axis2.description.AxisEndpoint;
import org.apache.axis2.rpc.client.RPCServiceClient;
import org.apache.neethi.Policy;
import javax.xml.namespace.QName;
import java.io.BufferedReader;
import java.io.File;
import java.io.InputStreamReader;
import java.net.URL;
import java.util.Map;
public class HelloServiceClient {
static {
System.setProperty("javax.net.ssl.trustStore", "/path/to/keystore" + File.separator+ "wso2carbon.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "wso2carbon");
}
public static void main(String[] args) {
try {
int securityScenario = getSecurityScenario();
String repository = "/path/to/repo" + File.separator + "repository";
ConfigurationContext confContext =
ConfigurationContextFactory.
createConfigurationContextFromFileSystem(repository, null);
String endPoint = "HelloServiceHttpSoap12Endpoint";
if(securityScenario == 1){
endPoint = "HelloServiceHttpsSoap12Endpoint"; // scenario 1 uses HelloServiceHttpsSoap12Endpoint
}
RPCServiceClient dynamicClient =
new RPCServiceClient(confContext,
new URL("http://127.0.0.1:9763/services/HelloService?wsdl"),
new QName("http://www.wso2.org/types", "HelloService"),
endPoint);
//Engage Modules
dynamicClient.engageModule("rampart");
dynamicClient.engageModule("addressing");
//TODO : Change the port to monitor the messages through TCPMon
if(securityScenario != 1){
dynamicClient.getOptions().setTo(new EndpointReference("http://127.0.0.1:9763/services/HelloService/"));
}
//Get the policy from the binding and append the rampartconfig assertion
Map endPoints = dynamicClient.getAxisService().getEndpoints();
AxisBinding axisBinding = ((AxisEndpoint) endPoints.values().iterator().next()).getBinding();
Policy policy = axisBinding.getEffectivePolicy();
policy.addAssertion(RampartConfigBuilder.createRampartConfig(securityScenario));
axisBinding.applyPolicy(policy);
//Invoke the service
Object[] returnArray = dynamicClient.invokeBlocking(new QName("http://www.wso2.org/types","greet"),
new Object[]{"Alice"},
new Class[]{String.class});
System.out.println((String) returnArray[0]);
} catch (Exception ex) {
ex.printStackTrace();
}
}
private static int getSecurityScenario() {
int scenarioNumber = 0;
while (scenarioNumber < 1 || scenarioNumber > 15) {
System.out.print("Insert the security scenario no : ");
String inputString = readOption();
try {
scenarioNumber = new Integer(inputString);
} catch (Exception e) {
System.out.println("invalid input, insert a integer between 1 and 15");
}
if(scenarioNumber < 1 || scenarioNumber > 15){
System.out.println("Scenario number should be between 1 and 15");
}
}
return scenarioNumber;
}
private static String readOption() {
try {
BufferedReader console = new BufferedReader(new InputStreamReader(System.in));
String str;
while ((str = console.readLine()).equals("")) {
}
return str;
} catch (Exception e) {
return null;
}
}
}
感谢您的回复Kasun。我有一个关于policy.addAssertion(RampartConfigBuilder.createRampartConfig(securityScenario))的问题;代码行。在垒板jar中没有这样的方法称为createRampartConfig,所以我卡在这一行。请帮助 – Roy 2013-07-01 12:54:35
- 1. java客户端服务器安全
- 2. Flash客户端 - 服务器安全
- 3. 客户端 - 服务器REST APIs安全
- 4. 与客户端安全服务器javascript
- 5. 安全客户端服务器通道
- 6. java web服务代理客户端
- 7. Jersey REST服务器安全和Android客户端安全
- 8. 当客户端可以使用Javascript时客户端WCF服务的安全性客户端
- 9. Glassfish上的安全Web服务客户端
- 10. 跨域的Java客户端/服务器配置和安全性
- 11. 编写安全的RMI服务器 - 客户端应用程序
- 12. 没有SSL的服务器和客户端安全标识
- 13. 客户端服务器应用程序的安全
- 14. 客户端 - 服务器的安全性和认证
- 15. 在C#/ SQL Server中的客户端/服务器安全
- 16. 使用OpenSSL C安全的客户端/服务器程序
- 17. Oracle客户端和Oracle服务器之间的安全连接
- 18. 从手机到网站的客户端/服务器安全
- 19. c#客户端和java服务器之间的安全通信
- 20. 客户端和RESTful服务之间的安全
- 21. C#客户端和PHP服务器之间的安全通信
- 22. 安全的服务器 - 客户端握手方法
- 23. 如何提高客户端 - 服务器系统的安全性?
- 24. X.509安全网络服务的Java客户端
- 25. 客户端和服务器之间的安全连接
- 26. Socket.IO客户端安全
- 27. CXF客户端安全
- 28. javascript客户端安全
- 29. 从Java客户端连接到App Engine上的管理员安全Web服务
- 30. 如何在Delphi中处理安全Web服务的客户端身份验证?
我已经产生了从ESB的生成客户,但我怎么能导入Eclipse中的客户端?对不起,这个愚蠢的问题,但我在这个部门是非常新的 – Roy 2013-04-29 09:00:42
如果你想这样做,你必须在你的eclipse中设置m2eclipse插件,因为从ESB生成的客户端代码可以由maven构建。 – Alper 2013-04-29 10:18:31
和如果我想使用回调处理程序,并通过我想调用我的代理服务,那我应该怎么做呢? – Roy 2013-04-29 10:43:32