我正在尝试对我的代理服务实施安全性。我从这个链接获得了安全实施的帮助:http: //evanthika.blogspot.in/2012/12/pox-security-with-wso2-esb-proxy.html。我的安全性已实现,我也可以通过尝试调用它,但我想通过客户端调用此服务,但我无法找到如何执行此部分。谁能给我一个关于这个问题的样本?提前致谢
问问题
1069 次
2 回答
2
更新:
RampartConfigBuilder 类:
package org.wso2.carbon.security.ws;
import org.apache.rampart.policy.model.RampartConfig;
import org.apache.rampart.policy.model.CryptoConfig;
import java.util.Properties;
import java.io.File;
/**
* This class is used to create Rampart Configurations for different security scenarios in WSAS
*/
public class RampartConfigBuilder {
public static RampartConfig createRampartConfig(int securityScenario) {
RampartConfig rampartConfig = null;
Properties merlinProp = new Properties();
merlinProp.put("org.apache.ws.security.crypto.merlin.keystore.type", "JKS");
merlinProp.put("org.apache.ws.security.crypto.merlin.file",
"src" + File.separator + "main" + File.separator + "resources" + File.separator + "wso2carbon.jks");
merlinProp.put("org.apache.ws.security.crypto.merlin.keystore.password", "wso2carbon");
CryptoConfig sigCryptoConfig = new CryptoConfig();
sigCryptoConfig.setProvider("org.apache.ws.security.components.crypto.Merlin");
sigCryptoConfig.setProp(merlinProp);
CryptoConfig encCryptoConfig = new CryptoConfig();
encCryptoConfig.setProvider("org.apache.ws.security.components.crypto.Merlin");
encCryptoConfig.setProp(merlinProp);
switch (securityScenario) {
/**
* Scenario : Username Token
* Rampart Config : username , password callback handler
*/
case 1:
rampartConfig = new RampartConfig();
rampartConfig.setUser("admin");
rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
break;
/**
* Scenario : Non-repudiation
* Rampart Config : signatureCrypto , Password Callback Hanlder , User certificate Alias ,
* Signature CryptoConfig
*/
case 2:
rampartConfig = new RampartConfig();
rampartConfig.setUserCertAlias("wso2carbon");
rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
rampartConfig.setSigCryptoConfig(sigCryptoConfig);
break;
/**
* Scenario : Integrity
* Rampart Config : Encryption user , Signature CryptoConfig
*/
case 3:
rampartConfig = new RampartConfig();
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setSigCryptoConfig(sigCryptoConfig);
break;
/**
* Scenario : Confidentiality :
* Rampart Config : Encryption user , Encryption CryptoConfig
*/
case 4:
rampartConfig = new RampartConfig();
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
break;
/**
* Scenario : Sign and encrypt - X509 Authentication
* Rampart Config : User cert alias , Encryption user , Sign. CryptoConfig , Enc. CryptoConfig ,
* Password Callback Handler
*/
case 5:
rampartConfig = new RampartConfig();
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setUserCertAlias("wso2carbon");
rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
rampartConfig.setSigCryptoConfig(sigCryptoConfig);
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
break;
/**
* Scenario : Sign and Encrypt - Anonymous clients
* Rampart Config : Encryption User , Sign. CryptoConfig | Encr. CryptoConfig
*/
case 6:
rampartConfig = new RampartConfig();
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
break;
/**
* Scenario : Encrypt only - Username Token Authentication
* Rampart Config : Username , PasswordCallbackHandler + Encryption User
* , Sign. CryptoConfig | Encr. CryptoConfig
*/
case 7:
rampartConfig = new RampartConfig();
rampartConfig.setUser("admin");
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
break;
/**
* Scenario : Sign and Encrypt - Username Token Authentication
* Rampart Config : Username + PasswordCallbackhandler , Encryption User ,
* Sign. CryptoConfig | Encr. CryptoConfig
*/
case 8:
rampartConfig = new RampartConfig();
rampartConfig.setUser("admin");
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
break;
/**
* Scenario : SecureConversation - Sign only - Service as STS - Bootstrap policy - Sign and Encrypt ,
* X509 Authentication
* Rampart Config : encryption user, User Cert. Alias, Password Callback Handler, Sign. CryptoConfig,
* Encr. CryptoConfig
*/
case 9:
rampartConfig = new RampartConfig();
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setUserCertAlias("wso2carbon");
rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
rampartConfig.setSigCryptoConfig(sigCryptoConfig);
break;
/**
* Scenario : SecureConversation - Encrypt only - Service as STS - Bootstrap policy - Sign and Encrypt ,
* X509 Authentication Provides Confidentiality. Multiple message exchange.Clients have X509 certificates.
* Rampart Config : encryption user, User Cert. Alias, Password Callback Handler, Sign. CryptoConfig,
* Encr. CryptoConfig
*/
case 10:
rampartConfig = new RampartConfig();
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setUserCertAlias("wso2carbon");
rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
rampartConfig.setSigCryptoConfig(sigCryptoConfig);
break;
/**
* Scenario : SecureConversation - Sign and Encrypt - Service as STS - Bootstrap policy - Sign and Encrypt,
* X509 Authentication
* Rampart Config : encryption user, User Cert. Alias, Password Callback Handler, Sign. CryptoConfig,
* Encr. CryptoConfig
*/
case 11:
rampartConfig = new RampartConfig();
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setUserCertAlias("wso2carbon");
rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
rampartConfig.setSigCryptoConfig(sigCryptoConfig);
break;
/**
* Scenario : SecureConversation - Sign Only - Service as STS - Bootstrap policy - Sign and Encrypt ,
* Anonymous clients
* Rampart Config : Encryption User, enc. crypto config
*/
case 12:
rampartConfig = new RampartConfig();
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
break;
/**
* Scenario : SecureConversation - Encrypt Only - Service as STS - Bootstrap policy - Sign and Encrypt ,
* Anonymous clients
* Rampart Config : Encryption User, enc. crypto config
*/
case 13:
rampartConfig = new RampartConfig();
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
break;
/**
* Scenario : SecureConversation - Encrypt Only - Service as STS - Bootstrap policy - Sign and Encrypt ,
* Username Token Authentication
* Rampart Config : Username, encryption user, Password Callback Handler, enc. crypto config
*/
case 14:
rampartConfig = new RampartConfig();
rampartConfig.setUser("admin");
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
break;
/**
* Scenario : SecureConversation - Sign and Encrypt - Service as STS - Bootstrap policy - Sign and Encrypt,
* Username Token Authentication
* Rampart Config : Username, encryption user, Password Callback Handler, Encryption Crypto Config
*/
case 15:
rampartConfig = new RampartConfig();
rampartConfig.setUser("admin");
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
break;
}
return rampartConfig;
}
}
PasswordCallbackHandler 类:
package org.wso2.carbon.security.ws;
import org.apache.ws.security.WSPasswordCallback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;
import java.io.IOException;
public class PasswordCallbackHandler implements CallbackHandler{
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
String id = pwcb.getIdentifer();
if("admin".equals(id)) {
pwcb.setPassword("admin");
} else if("wso2carbon".equals(id)) {
pwcb.setPassword("wso2carbon");
}
}
}
}
原来的:
以下 Java 代码允许您调用安全服务。您可以调用可以使用 15 种默认安全方案 [1] 保护的服务。您需要更改“/path/to/keystore”以指向默认情况下随 wso2esb 提供的 wso2carbon.jks 的位置(ESB_HOME/repository/resources/security/wso2carbon.jks)。还将 /path/to/repo 更改为指向客户端 axis2 存储库。文件结构如下。EPR 是硬编码的。因此,您可能希望更改这些以与您的服务相匹配。
repository/
└── modules
├── addressing-1.6.1-wso2v1.mar
├── rahas-1.6.1-wso2v1.mar
└── rampart-1.6.1-wso2v1.mar
[1] http://docs.wso2.org/wiki/display/AS510/QoS+-+Security+and+Reliable+Messaging
package org.wso2.carbon.security.ws;
import org.apache.axis2.addressing.EndpointReference;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.axis2.context.ConfigurationContextFactory;
import org.apache.axis2.description.AxisBinding;
import org.apache.axis2.description.AxisEndpoint;
import org.apache.axis2.rpc.client.RPCServiceClient;
import org.apache.neethi.Policy;
import javax.xml.namespace.QName;
import java.io.BufferedReader;
import java.io.File;
import java.io.InputStreamReader;
import java.net.URL;
import java.util.Map;
public class HelloServiceClient {
static {
System.setProperty("javax.net.ssl.trustStore", "/path/to/keystore" + File.separator+ "wso2carbon.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "wso2carbon");
}
public static void main(String[] args) {
try {
int securityScenario = getSecurityScenario();
String repository = "/path/to/repo" + File.separator + "repository";
ConfigurationContext confContext =
ConfigurationContextFactory.
createConfigurationContextFromFileSystem(repository, null);
String endPoint = "HelloServiceHttpSoap12Endpoint";
if(securityScenario == 1){
endPoint = "HelloServiceHttpsSoap12Endpoint"; // scenario 1 uses HelloServiceHttpsSoap12Endpoint
}
RPCServiceClient dynamicClient =
new RPCServiceClient(confContext,
new URL("http://127.0.0.1:9763/services/HelloService?wsdl"),
new QName("http://www.wso2.org/types", "HelloService"),
endPoint);
//Engage Modules
dynamicClient.engageModule("rampart");
dynamicClient.engageModule("addressing");
//TODO : Change the port to monitor the messages through TCPMon
if(securityScenario != 1){
dynamicClient.getOptions().setTo(new EndpointReference("http://127.0.0.1:9763/services/HelloService/"));
}
//Get the policy from the binding and append the rampartconfig assertion
Map endPoints = dynamicClient.getAxisService().getEndpoints();
AxisBinding axisBinding = ((AxisEndpoint) endPoints.values().iterator().next()).getBinding();
Policy policy = axisBinding.getEffectivePolicy();
policy.addAssertion(RampartConfigBuilder.createRampartConfig(securityScenario));
axisBinding.applyPolicy(policy);
//Invoke the service
Object[] returnArray = dynamicClient.invokeBlocking(new QName("http://www.wso2.org/types","greet"),
new Object[]{"Alice"},
new Class[]{String.class});
System.out.println((String) returnArray[0]);
} catch (Exception ex) {
ex.printStackTrace();
}
}
private static int getSecurityScenario() {
int scenarioNumber = 0;
while (scenarioNumber < 1 || scenarioNumber > 15) {
System.out.print("Insert the security scenario no : ");
String inputString = readOption();
try {
scenarioNumber = new Integer(inputString);
} catch (Exception e) {
System.out.println("invalid input, insert a integer between 1 and 15");
}
if(scenarioNumber < 1 || scenarioNumber > 15){
System.out.println("Scenario number should be between 1 and 15");
}
}
return scenarioNumber;
}
private static String readOption() {
try {
BufferedReader console = new BufferedReader(new InputStreamReader(System.in));
String str;
while ((str = console.readLine()).equals("")) {
}
return str;
} catch (Exception e) {
return null;
}
}
}
于 2013-04-29T11:23:24.417 回答
0
几乎所有 IDE(我个人使用 WSO2 开发人员工作室进行 WSO2 开发)都有能力从 WSDL 文件生成存根,在 ESB 中也有一个实用程序(在 Tool 选项卡下)从 WSDL 生成 java 代码。您可以选择两种方式来生成 java 代码。从 wsdl 生成 java 存根并调用 Echo 服务(我说的只是针对您的情况)后,您可以将 Web 服务端点切换到代理服务 url。
您可以从这里找到 WSO2 开发人员 Studio,它是一个 Eclipse 包:
有关从客户端调用 Axis2 Web 服务的详细信息,您可以查看:
于 2013-04-29T07:51:43.233 回答