CXF+Spring+Tomcat开发webservice接口,并添加SSL双向认证
环境信息:CXF2.7 Spring3.1 tomcat6.0java
1、建立webservice接口web
web.xml算法
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name></display-name>
<!-- spring须要加载的配置文件 -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:com/server/spring-cxf.xml
</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<!-- cxf服务启动servlet -->
<servlet>
<servlet-name>CXFServlet</servlet-name>
<servlet-class>
org.apache.cxf.transport.servlet.CXFServletspring
</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>CXFServlet</servlet-name>
<url-pattern>/service/*</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>apache
spring-cxf.xml浏览器
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:jaxws="http://cxf.apache.org/jaxws"
xmlns:cxf="http://cxf.apache.org/core"
xmlns:wsa="http://cxf.apache.org/ws/addressing"
xsi:schemaLocation="
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.1.xsd
http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">
<import resource="classpath:META-INF/cxf/cxf.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
<import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
<!-- <cxf:bus>
<cxf:features>
日志拦截功能,用于监控soap内容,开发后能够删除
<cxf:logging/>
<wsa:addressing/>
</cxf:features>
</cxf:bus> -->
<bean id="hello" class="com.server.HelloWorldImpl" />
<jaxws:endpoint id="helloWorld" implementor="#hello" address="/HelloWorld" publish="true"/>
</beans>
tomcat
HelloWorld.java服务器
package com.server;
import javax.jws.WebService;
/**
* Web Service 接口声明
*/
@WebService(targetNamespace = "server.com")
public interface HelloWorld {
/**
* sayHi
* @param text
* @return
*/
String sayHi(String text);
}
app
HelloWorldImpl.javafrontend
package com.server;
import javax.jws.WebService;
/**
* Web Service接口实现
*
*/
@WebService(endpointInterface = "com.server.HelloWorld")
public class HelloWorldImpl implements HelloWorld {
@Override
public String sayHi(String text) {
// TODO Auto-generated method stub
return "Hello, " + text;
}
}
部署代码后可在浏览器打开http://locahost:8080/项目名称/service/HelloWorld?wsdl
此时webservice接口开发完成!
2、添加SSL双向认证
利用JDK自带keytool工具:直接cmd后执行:
keytool -genkey -alias test -keyalg RSA -keystore test.keystore -validity 3650
名字和姓氏要填域名或者IP名:服务器端IP。其余能够随便填
这步操做之后,获得test.keystore
keytool -export -alias test -file test.cer -keystore test.keystore
获得一个test.cer,而后把test.cer给到客户端,客户端用如下命令:
keytool -import -alias test -file test.cer -keystore server.keystore
获得server.keystore,把这个文件做为客户端代码的truststore,才能正常访问到。能够理解为由于是用代码 来访问服务端,没有用户手工确认的过程,因此须要把证书加进来进行确认
那本地想要调用到服务端,就也须要作证书,一样先用这个命令:
keytool -genkey -alias test1 -keyalg RSA -keystore test1.keystore -validity 3650
名字和姓氏要填域名或者IP名:客户端IP。其余能够随便填
获得test1.keystore
而后:
keytool -export -alias test1 -file test1.cer -keystore test1.keystore
获得test1.cer,把test1.cer发给服务端,服务端用如下命令:
keytool -import -alias test1 -file test1.cer -keystore client.keystore
获得了client.keystore,这里面就包含了客户端IP地址信息的证书信息,能够用如下命令查看:
keytool -list -v -keystore client.keystore
配置tomcat-》conf-》server.xml
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="true" sslProtocol="TLS" keystoreFile="conf/test.keystore"
keystorePass="密码口令" keystoreType="jks" truststoreFile="conf/client.keystore"
truststorePass="密码口 令" truststoreType="jks" />
客户端调用代码:ClientTest.java
package com.client;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import com.server.HelloWorld;
import com.util.ClientUtils;
/**
* 客户端访问服务器Web Service
*
*/
public final class ClientTest {
public static void main(String args[]) throws Exception {
HelloWorld client = ClientUtils.getInstance();
String response = client.sayHi("Joe");
System.out.println("Response: " + response);
System.exit(0);
}
}
ClientUtils.java
package com.util;import java.io.File;import java.io.FileInputStream;import java.io.IOException;import java.io.InputStream;import java.security.KeyStore;import javax.net.ssl.KeyManager;import javax.net.ssl.KeyManagerFactory;import javax.net.ssl.TrustManager;import javax.net.ssl.TrustManagerFactory;import org.apache.cxf.configuration.jsse.TLSClientParameters;import org.apache.cxf.endpoint.Client;import org.apache.cxf.frontend.ClientProxy;import org.apache.cxf.jaxws.JaxWsProxyFactoryBean;import org.apache.cxf.transport.http.HTTPConduit;import com.server.HelloWorld;public class ClientUtils { private static HelloWorld helloWorld; public static HelloWorld getInstance(){ if(null != helloWorld){ return helloWorld; } try{ String addr = "https://localhost:8443/cxf-demo/service/HelloWorld"; JaxWsProxyFactoryBean factoryBean = new JaxWsProxyFactoryBean(); factoryBean.setAddress(addr); factoryBean.setServiceClass(HelloWorld.class); helloWorld = (HelloWorld) factoryBean.create(); Client proxy = ClientProxy.getClient(helloWorld); HTTPConduit conduit = (HTTPConduit) proxy.getConduit(); TLSClientParameters tlsParams = conduit.getTlsClientParameters(); if (tlsParams == null) { tlsParams = new TLSClientParameters(); } tlsParams.setDisableCNCheck(true); //设置keystore tlsParams.setKeyManagers(ClientUtils.getKeyManagers()); // 设置信任证书 tlsParams.setTrustManagers(ClientUtils.getTrustManagers()); conduit.setTlsClientParameters(tlsParams); }catch(Exception e){ e.printStackTrace(); } return helloWorld; } public static KeyManager[] getKeyManagers() { InputStream is = null; try { // 获取默认的 X509算法 String alg = KeyManagerFactory.getDefaultAlgorithm(); // 建立密钥管理工厂 KeyManagerFactory factory = KeyManagerFactory.getInstance(alg); File certFile = new File("D://cer//222.keystore"); if (!certFile.exists() || !certFile.isFile()) { return null; } is = new FileInputStream(certFile); // 构建以证书相应格式的证书仓库 KeyStore ks = KeyStore.getInstance("JKS"); // 加载证书 ks.load(is, "qfkj2015".toCharArray()); factory.init(ks, "qfkj2015".toCharArray()); KeyManager[] keyms = factory.getKeyManagers(); return keyms; } catch (Exception e) { e.printStackTrace(); } finally { if (is != null) { try { is.close(); } catch (IOException e) { e.printStackTrace(); } } } return null; } public static TrustManager[] getTrustManagers() { // 读取证书仓库输入流 InputStream is = null; try { // 信任仓库的默认算法X509 String alg = TrustManagerFactory.getDefaultAlgorithm(); // 获取信任仓库工厂 TrustManagerFactory factory = TrustManagerFactory.getInstance(alg); // 读取信任仓库 is = new FileInputStream(new File("D://cer//server.keystore")); // 密钥类型 KeyStore ks = KeyStore.getInstance("JKS"); // 加载密钥 ks.load(is, "qfkj2015".toCharArray()); factory.init(ks); TrustManager[] tms = factory.getTrustManagers(); return tms; } catch (Exception e) { e.printStackTrace(); } finally { if (is != null) { try { is.close(); } catch (IOException e) { e.printStackTrace(); } } } return null; }}
- 1. SSL 双向认证
- 2. SSL双向认证
- 3. Java SSL双向认证
- 4. SSL 双向认证过程
- 5. NGINX SSL 的双向认证
- 6. Netty ssl双向认证
- 7. SSL/TLS 双向认证(二) -- 基于mosquittto的MQTT双向认证
- 8. SSL/TLS 双向认证(三) -- ESP8266与mosquitto的MQTT双向认证
- 9. SSL-TLS 双向认证(二) -- 基于mosquittto的MQTT双向认证
- 10. SSL-TLS 双向认证(三) -- ESP8266与mosquitto的MQTT双向认证
- 更多相关文章...
- • Eclipse 添加书签 - Eclipse 教程
- • ADO 添加记录 - ADO 教程
- • PHP开发工具
- • 算法总结-双指针
-
每一个你不满意的现在,都有一个你没有努力的曾经。