WebService - WSS4J + CXF implements WS-Security (based on UserNameToken) - Based on, CXF, Implementation, security, UserNameToken, WebService, WS, WSS, WSS4J + CXF

Share the security verification of wss4j+cxf based on UsernameToken. Noun explanation:

cxf: An open source project under apache, used to publish webservices.
WSS4J: Web Services Security for Java.

Stop talking nonsense, just go to the code.
1. First, all jar packages in cxf, all jar packages in wss4j and log4j.jar need to be imported.
(The version used in this example is: apache-cxf-2.7.3, wss4j-1.6.9)

2. First create a server project and publish a simple helloWorldService. < /p>

Directory structure diagram:

Webservice interface code:

 Java code  
package com.wss4j.server; 
import javax.jws.WebParam;
import javax.jws.WebService; 
@ WebService 
public< span class="keyword" style="color: #7f0055; font-weight: bold;">interface HelloWorld{ 
public String sayHello(@WebParam(name = “name”) String name); li>
< span style="color: black;">}

Webservice implementation class

 Java code  
packagecom.wss4j. server; 
publicclass HelloWorldImplimplements HelloWorld{
 @Override 
public String sayHello(String name) {
return“Hello”+ name+“^_^!”;
}

Next is the server-side interceptor: ServerPasswordCallback.java

 Java code  
package com.wss4j.interceptor; 
import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
 
importorg.apache.ws.security.WSPasswordCallback;
import org.slf4j.Logger; 
publicclassServerPasswordCallback implements CallbackHandler{
private Logger logger = org.slf4j.LoggerFactory.getLogger(ServerPasswordCallback.class);
@Override< /li>
 publicvoid handle(Callback[]callbacks) throws span> IOException, 
 UnsupportedCallbackException{
< span style="color: black;">WSPasswordCallbackpc=(WSPasswordCallback)callbacks[0];
// identifier /span>
 String identifier= pc.getIdentifier();
// The password obtained here is null, but it does not mean that the server does not get the attribute.  
 String password = pc.getPassword();
 logger.info(< span class="string" style="color: blue;">“identifier:”+identifier);
 logger.info(“password:”+password);
if< /span>(identifier!=null&&identifier.equals(“admin”)) {
/**
 This should be done here:
 1. Query the database and get in the database The username corresponds to the password
 Set a password, wss4j will automatically match the password you set with the password passed by the client
 3. If the same, let it go, otherwise return Insufficient permissions information
 **
*/
 pc.s etPassword(“password”);
 }else{
 logger.info(“Unauthorized user”);
} 

server-beans.xml

 Java code  
“http://www.springframework.org/schema/beans”
 xmlns:xsi=< span class="string" style="color: blue;">“http://www.w3.org/2001/XMLSchema-instance” xmlns:cxf=“http://cxf.apache.org/core”
 xmlns:jaxws=“http://cxf.apache.org/jaxws”
 xsi:schemaLocation=”http://www.springframework.org/schema/beans
 http://www.springframework.org/schema/beans /spring-beans.xsd
 http://cxf.apache.org/co re http://cxf.apache.org/schemas/core.xsd
 http://cxf.apache.org/jaxws
 http://cxf.apache.org/schemas/jaxws.xsd”>  
 
<importresource=“classpath:META-INF/cxf/cxf.xml” 
 importresource=“classpath:META -INF/cxf/cxf-extension-soap.xml” 
 <importresource=“classpath :META-INF/cxf/cxf-servlet.xml” 
 “myPasswordCallback”class=“com.wss4j.interceptor.ServerPasswordCallback” 
“helloword”implementor=“com.wss4j.server.HelloWorldImpl”
 address=“/helloService”> 
 
class=“org.apache .cxf.ws.security.wss4j.WSS4JInInterceptor”> 


 “action” value =“UsernameToken” 
 “passwordType”value= “PasswordText” 
 “signaturePropFile”value=“…” />
                        “user” value=“FHDServer” />  
                        “passwordCallbackRef”>  
                            “myPasswordCallback” />  
                          
  
                  
              
          
      
      
  

beans.xml

 Java代码    
“1.0” encoding=“UTF-8”?>  
“http://www.springframework.org/schema/beans”  
    xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance”   
    xmlns:jaxws=“http://cxf.apache.org/jaxws”  
    xsi:schemaLocation=”http://www.springframework.org/schema/beans  
                        http://www.springframework.org/schema/beans/spring-beans.xsd  
                        http://cxf.apache.org/jaxws  
                        http://cxf.apache.org/schemas/jaxws.xsd”>  
  
    <import resource=“../cxf/server-beans.xml”/>  
  

web.xml

 Java代码    
 < ol class="dp-j" style="margin-bottom: 1px; padding-top: 2px; padding-bottom: 2px; border: 1px solid #d1d7dc; color: #2b91af;"> 
“1.0” encoding=“UTF-8”?>  
“http://www.w3.org/2001/XMLSchema-instance”  
    xmlns=“htt p://java.sun.com/xml/ns/javaee” xmlns:web=“http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd”  
    xsi:schemaLocation=“http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd”  
    id=“WebApp_ID” version=“3.0”>  
    wss4j001-cxf-server  
      
        index.html  
        index.htm  
        index.js p  
        default.html  
        default.htm  
        default.jsp  
      
      
        contextConfigLocation  
        classpath:spring/beans.xml  
      
      
        class>org.springframework.web.context.ContextLoaderListenerclass>  
      
      
        CXFServlet  
        class>org.apache.cxf.transport.servlet.CXFServletclass>  
        2  
      
      
        CXFServlet  
        < url-pattern>/ws/*  
      
  

　　此时，我们的server端就已经搞定了。

访问链接：http://localhost:8080/wss4j001-cxf-server/ws/helloService?wsdl

　　即可看到刚刚发布的webservice的wsdl文件。但是不能直接访问方法，因为我们为其增加了安全校验。

接下来，创建client 端项目。

具体项目结构如下：

HelloWorldClient.java

 Java代码    
package com.wss4j.client;  
  
import org.springframework.context.support.ClassPathXmlApplicationContext;  
  
import com.wss4j.server.HelloWorld;  
  
public class HelloWorldClient {  
    public static void main(String[] args) {  
        ClassPathXmlApplicationContext context = new ClassPathXmlApplicationContext(  
                new String[] { “cxf/client-beans.xml” });  
        HelloWorld client = (HelloWorld) context.getBean(“client”);  
        String response = client.sayHello(“Dan”);  
        System.out.println(“Response: “ + response);  
        System.exit (0);  
    }  
  
}  

客户端添加用户认证拦截器 ClientPasswordCallback.java

 Java代码    
package com.wss4j.interceptor;  
  
import java.io.IOException;  
  
import javax.security.auth.callback.Callback;  
import javax.security.auth.callback.CallbackHandler;  
import javax.security.auth.callback.UnsupportedCallbackException;  
  
import org.apache.ws.security.WSPasswordCallback;  
  
public class ClientPasswordCallback implements CallbackHandler {  
    @Override  
    public void handle(Callback[] callbacks) throws IOException,  
            UnsupportedCallbackException {  
        WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];  
        String i dent = “admin”;  
        String passwd = “password”;  
        pc.setPassword(passwd);  
        pc.setIdentifier(ident);  
   
    }  
}  

client-beans.xml

 Java代码    
“1.0” encoding=“UTF-8”?>  
“http://www.springframework.org/schema/beans”  
    xmlns:jaxws=“http://cxf.apache.org/jaxws” xmlns:cxf=“http://cxf.apache.org/core”  
    xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance”  
    xsi:schemaLocation=”  
          http://www.springframework.org/schema/beans   
          http://www.springframework.org/schema/beans/spring-beans.xsd  
          http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd  
          http://cxf.apache.org/jaxws   
          http://cxf.apache.org/schemas/jaxws.xsd”>  
    “clientPasswordCallback” class=“com.wss4j.interceptor.ClientPasswordCallback” />  
      
    “client” serviceClass=“com.wss4j.server.HelloWorld”  
        address=“http://localhost:8080/wss4j001-cxf-server/ws/helloService”>  
          
            class=“org.apache.cxf.interceptor.LoggingOutInterceptor” />  
            class=“org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor”>  
                  
                    

  
                        “action” value=“UsernameToken” />  
                        “passwordType” value=“PasswordText” />  
                        “user” value=“FHDClient” />  
                        “passwordCallbackRef”>  
                            “clientPasswordCallback” />  
                          
  
                  
              
          
      
  
  

接下来，我们需要通过wsdl 生成服务端webservice的客户端java文件。这里使用cxf的wsdl2java命令。

打开cmd命令行：

1. 进入到 \apache-cxf-2.7.3\apache-cxf-2.7.3\bin 目录下

2. 执行命令：

wsdl2ava -client http://localhost:8080/wss4j001-cxf-server/ws/helloService?wsdl

3. 生成的java文件就在 \apache-cxf-2.7.3\apache-cxf-2.7.3\bin 目录下，名为com的文件夹。复制文件夹至client项目的src下。

　　接下来，首先将server项目添加到服务器中，启动服务器。然后执行 HelloWorldClient.java中的main方法，就可以访问服务端的webservice了，是不是so easy ^_^ ..

分享一下wss4j+cxf基于UsernameToken的安全验证。名词解释：

cxf : apache下的一个开源项目，用于发布webservice。
WSS4J : Web Services Security for Java.

废话少说，直接上代码。
    1. 首先，需要导入cxf中的所有jar包，及wss4j中的所有jar包与log4j.jar。
          (本例中使用的版本是：apache-cxf-2.7.3，wss4j-1.6.9)

2. 首先建立server 项目，发布一个简单的helloWorldService.

目录结构图：

webservice接口代码：

 Java代码    
package com.wss4j.server;  
  
import javax.jws.WebParam;  
import javax.jws.WebService;  
  
@WebService  
public interface HelloWorld {  
    public String sayHello(@WebParam(name = “name”) String name);  
}  

webservice实现类

 Java代码    
package com.wss4j.server;  
  
  
public class HelloWorldImpl implements HelloWorld {  
  
    @Override  
    public String sayHe llo(String name) {  
        return “Hello “ + name + ” ^_^ !”;  
    }  
  
}  

接下来是服务端拦截器: ServerPasswordCallback.java

 Java代码    
package com.wss4j. interceptor;  
  
import java.io.IOException;  
  
import javax.security.auth.callback.Callb ack;  
import javax.security.auth.callback.CallbackHandler;  
import javax.security.auth.callback.UnsupportedCallbackException;  
  
import org.apache.ws.security.WSPasswordCallback;  
import org.slf4j.Logger;  
  
public class Ser verPasswordCallback implements CallbackHandler {  
  
    private Logger logger = org.slf4j.LoggerFactory.getLogger(ServerPasswordCallback.class);  
  
    @Override  
    public void handle(Callback[] callbacks) throws IOException,  
            UnsupportedCallbackException {  
        WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];  
        // 标识符  
        String identifier = pc.getIdentifier();  
                // 此处获取到的password为null，但是并不代表服务端没有拿到该属性。   
        String password = pc.getPassword();  
        logger.info(“identifier:” + identifier);  
        logger.info(“password:” + password);  
          
        if (identifier != null && identifier.equals(“admin”)) {  
            /**  
             * 此处应该这样做： 
                 * 1. 查询数据库，得到数据库中该用户名对应密码 
                 * 2. 设置密码，wss4j会自动将你设置的密码 与客户端传递的密码进行匹配 
                 * 3. 如果相同，则放行，否则返回权限不足信息  
             *  
             */  
            pc.setPassword(“password”);  
        }else{  
            logger.info(“未授权的用户”);  
        }  
    }  
}  

~~server-beans.xml~~

 Java代码    
“http://www.springframework.org/schema/beans”  
    xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance” xmlns:cxf=“http://cxf.apache.org/core”  
    xmlns:jaxws=“http://cxf.apache.org/jaxws”  
    xsi:schemaLocation=”http://www.springframework.org/schema/beans  
                        http://www.springframework.org/schema/beans/spring-beans.xsd  
                        http://cxf.apache.org/core http://cxf.apache.org/schemas/core. xsd  
                        http://cxf.apache.org/jaxws  
                        http://cxf.apache.org/schemas/jaxws.xsd”>  
  
    <import resource=“classpath:META-INF/cxf/cxf.xml” />  
  
    <import resource=“classpath:META-INF/cxf/cxf-extension-soap.xml” />  
  
    <import resource=“classpath:META-INF/cxf/cxf-servlet.xml” />  
    “myPasswordCallback” class=“com.wss4j.interceptor.ServerPasswordCallback” />  
  
    “helloword” implementor=“com.wss4j.server.HelloWorldImpl”  
        address=“/helloService”>  
          
            class=“org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor”>  
                  
                        “action” value=“UsernameToken” />  
                        “passwordType” value=“PasswordText” />  
                        “signaturePropFile” value=“…” />  
                        “user” value=“FHDServer” />  
                        “passwordCallbackRef”>  
                            “myPasswordCallback” />

beans.xml

 Java代码    
“1.0” encoding=“UTF-8”?>  
“http://www.springframework.org/schema/beans”  
    xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance”   
    xmlns:jaxws=“http://cxf.apache.org/jaxws”  
    xsi:schemaLocation=”http://www.springframework.org/schema/beans  
                        http://www.springframework.org/schema/beans/spring-beans.xsd  
                        http://cxf.apache.org/jaxws  
                        http://cxf.apache.org/schemas/jaxws.xsd”>  
  
    <import resource=“../cxf/server-beans.xml”/>  
  

web.xml

 Java代码    
“1.0” encoding=“UTF-8”?>  
“http://www.w3.org/2001/XMLSchema-instance”  
    xmlns=“http://java.sun.com/xml/ns/javaee” xmlns:web=“http://java.sun.com/x ml/ns/javaee/web-app_2_5.xsd”  
    xsi:schemaLocation=“http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd”  
    id=“WebApp_ID” version=“3.0”>  
    wss4j001-cxf-server  
      
        index.html  
        index.htm  
        index.jsp  
        default.html  
        default.htm  
        default.jsp  
      
      
        contextConfigLocation  
        classpath:spring/beans.xml  
      
      
        class>org.springframework.web.context.ContextLoaderListenerclass>  
      
      
        CXFServlet  
        class>org.apache.cxf.transport.servlet.CXFServletclass>  
        2  
      
      
        CXFServlet  
        /ws/*  
      
  

　　此时，我们的server端就已经搞定了。

访问链接：http://localhost:8080/wss4j001-cxf-server/ws/helloService?wsdl

　　即可看到刚刚发布的webservice的wsdl文件。但是不能直接访问方法，因为我们为其增加了安全校验。

接下来，创建client 端项目。

具体项目结构如下：

HelloWorldClient.java

 Java代码    
package com.wss4j.client;  
  
import org.springframework.context.support.ClassPathXmlApplicationContext;  
  
import com.wss4j.server.HelloWorld;  
  
public class HelloWorldClient {  
    public static void main(String[] args) {  
        ClassPathXmlApplicationContext context = new ClassPathXmlApplicationContext(  
                new String[] { “cxf/client-beans.xml” });  
        HelloWorld client = (HelloWorld) context.getBean(“client”);  
        String response = client.sayHello(“Dan”);  
        System.out.println(“Response: “ + response);  
        System.exit(0);  
    }  
  
}  

客户端添加用户认证拦截器 ClientPasswordCallback.java

Java代码

package com.wss4j.interceptor;



import java.io.IOException;



import javax.security.auth.callback.Callback;

import javax.security.auth.callback.CallbackHandler;

import javax.security.auth.callback.UnsupportedCallbackException;



import org.apache.ws.security.WSPasswordCallback;



public class ClientPasswordCallback implements CallbackHandler {

    @Override

    public void handle(Callback[] callbacks) throws IOException,

            UnsupportedCallbackException {

        WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];

        String ident = “admin”;

        String passwd = “password”;

        pc.setPassword(passwd);

        pc.setIdentifier(ident);



    }

}

client-beans.xml

Java代码

“1.0” encoding=“UTF-8”?>

“http://www.springframework.org/schema/beans”

    xmlns:jaxws=“http://cxf.apache.org/jaxws” xmlns:cxf=“http://cxf.apache.org/core”

    xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance”

    xsi:schemaLocation=”

          http://www.springframework.org/schema/beans

          http://www.springframework.org/schema/beans/spring-beans.xsd

          http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd

          http://cxf.apache.org/jaxws

          http://cxf.apache.org/schemas/jaxws.xsd”>

    “clientPasswordCallback” class=“com.wss4j.interceptor.ClientPasswordCallback” />



    “client” serviceClass=“com.wss4j.server.HelloWorld”

        address=“http://localhost:8080/wss4j001-cxf-server/ws/helloService”>



            class=“org.apache.cxf.interceptor.LoggingOutInterceptor” />

            class=“org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor”>






                        “action” value=“UsernameToken” />

                        “passwordType” value=“PasswordText” />

< span style="color: black;">                        “user” value=“FHDClient” />

                        “passwordCallbackRef”>

                            “clientPasswordCallback” />


















接下来，我们需要通过wsdl 生成服务端webservice的客户端java文件。这里使用cxf的wsdl2java命令。

打开cmd命令行：

      1. 进入到 \apache-cxf-2.7.3\apache-cxf-2.7.3\bin 目录下



       2. 执行命令：

               wsdl2ava -client http://localhost:8080/wss4j001-cxf-server/ws/helloService?wsdl

     3. 生成的java文件就在 \apache-cxf-2.7.3\apache-cxf-2.7.3\bin 目录下，名为com的文件夹。复制文件夹至client项目的src下。

　　接下来，首先将server项目添加到服务器中，启动服务器。然后执行 HelloWorldClient.java中的main方法，就可以访问服务端的webservice了，是不是so easy ^_^ ..

Java代码

package com.wss4j.server;



import javax.jws.WebParam;

import javax.jws.WebService;



@WebService

public interface HelloWorld {

    public String sayHello(@WebParam(name = “name”) String name);

}

Java代码

Java代码

Java代码

package com.wss4j.server;





public class HelloWorldImpl implements HelloWorld {



    @Override

    public String sayHello(String name) {

        return “Hello “ + name + ” ^_^ !”;

    }



}

Java代码

Java代码

Java代码

package com.wss4j.interceptor;



import java.io.IOException;



import javax.security.auth.callback.Callback;

import javax.security.auth.callback.CallbackH andler;

import javax.security.auth.callback.UnsupportedCallbackException;



import org.apache.ws.security.WSPasswordCallback;

import org.slf4j.Logger;



public class ServerPasswordCallback implements CallbackHandler {



    private Logger logger = org.slf4j.LoggerFactory.getLogger(ServerPasswordCallback.class);



    @Override

    public void handle(Callback[] callbacks) throws IOException,

            UnsupportedCallbackException {

        WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];

        // 标识符

        String identifier = pc.getIdentifier();

                // 此处获取到的password为null，但是并不代表服务端没有拿到该属性。

        String password = pc.getPassword();

        logger.info(“identifier:” + identifier);

        logger.info(“password:” + password);



        if (identifier != null && identifier.equals(“admin”)) {

            /**

             * 此处应该这样做：

                 * 1. 查询数据库，得到数据库中该用户名对应密码

                 * 2. 设置密码，wss4j会自动将你设置的密码与客户端传递的密码进行匹配

                 * 3. 如果相同，则放行，否则返回权限不足信息

             *

             */

            pc.setPassword(“password”);

        }else{

            logger.info(“未授权的用户”);

        }

    }

}

Java代码

Java代码

Java代码

“http://www.springframework.org/schema/beans”

    xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance” xmlns:cxf=“http://cxf.apache.org/core”

    xmlns:jaxws=“http://cxf.apache.org/jaxws”

    xsi:schemaLocation=”http://www.springframework.org/schema/beans

                        http://www.springframework.org/schema/beans/spring-beans.xsd

                        http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd

                        http://cxf.apache.org/jaxws

                        http://cxf.apache.org/schemas/jaxws.xsd”>






    <import resource=“classpath:META-INF/cxf/cxf.xml” />



    <import resource=“classpath:META-INF/cxf/cxf-extension-soap.xml” />



    <import resource=“classpath:META-INF/cxf/cxf-servlet.xml” />

    “myPasswordCallback” class=“com.wss4j.interceptor.ServerPasswordCallback” />



    “helloword” implementor=“com.wss4j.server.HelloWorldImpl”

        address=“/helloService”>





            class=“org.apache .cxf.ws.security.wss4j.WSS4JInInterceptor”>






                        “action” value=“UsernameToken” />

                        “passwordType” value=“PasswordText” />

                        “signaturePropFile” value=“…” />

                        “user” value=“FHDServer” />

                        “passwordCallbackRef”>

                            “myPasswordCallback” />


















Java代码

Java代码

Java代码

“1.0” encoding=“UTF-8”?>

“http://www.springframework.org/schema/beans”

    xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance”

    xmlns:jaxws=“http://cxf.apache.org/jaxws”

    xsi:schemaLocation=”http://www.springframework.org/schema/beans

                        http://www.springframework.org/schema/beans/spring-beans.xsd

                        http://cxf.apache.org/jaxws

                        http://cxf.apache.org/schemas/jaxws.xsd”>



    <import resource=“../cxf/server-beans.xml”/>



Java代码

Java代码

Java代码

“1.0” encoding=“UTF-8”?>

“http://www.w3.org/2001/XMLSchema-instance”

    xmlns=“http://java.sun.com/xml/ns/javaee” xmlns:web=“http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd”

    xsi:schemaLocation=“http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd”

    id=“WebApp_ID” version=“3.0”>

    wss4j001-cxf-server



        index.html

        index.htm

        index.jsp

        default.html

        default.htm

        default.jsp





        contextConfigLocation

        classpath:spring/beans.xml





        class>org.springframework.web.context.ContextLoaderListenerclass>





        CXFServlet

        class>org.apache.cxf.transport.servlet.CXFServletclass>

        2





        CXFServlet

        /ws/*





Java代码

Java代码

Java代码

package com.wss4j.client;



import org.springframework.context.support.ClassPathXmlApplicationContext;



import com.wss4j.server.HelloWorld;



public class HelloWorldClient {

    public static void main(String[] args) {

        ClassPathXmlApplicationContext context = new ClassPathXmlApplicationContext(

                new String[] { “cxf/client-beans.xml” });

        HelloWorld client = (HelloWorld) context.getBean(“client”);

        String response = client.sayHello(“Dan”);

        System.out.println(“Response: “ + response);

        System.exit(0);

    }



}

Java代码

Java代码

Java代码

package com.wss4j.interceptor;



import java.io.IOException;



import javax.security.auth.callback.Callback;

import javax.security.auth.callback.CallbackHandler;

import javax.security.auth.callback.UnsupportedCallbackException;


import org.apache.ws.security.WSPasswordCallback;



public class ClientPasswordCallback implements CallbackHandler {

    @Override

    public void handle(Callback[] callbacks) throws IOException,

            UnsupportedCallbackException {

        WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];

        String ident = “admin”;

        String passwd = “password”;

        pc.setPassword(passwd);

        pc.setIdentifier(ident);



    }

}

Java代码

Java代码

Java代码

“1.0” encoding=“UTF-8”?>

“http://www.springframework.org/schema/beans”

    xmlns:jaxws=“http://cxf.apache.org/jaxws” xmlns:cxf=“http://cxf.apache.org/core”

    xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance”

    xsi:schemaLocation=”

          http://www.springframework.org/schema/beans

          http://www.springframework.org/schema/beans/spring-beans.xsd

          http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd

          http://cxf.apache.org/jaxws

          http://cxf.apache.org/schemas/jaxws.xsd”>

    “clientPasswordCallback” class=“com.wss4j.interceptor.ClientPasswordCallback” />



    “client” serviceClass=“com.wss4j.server.HelloWorld”

        address=“http://localhost:8080/wss4j001-cxf-server/ws/helloService”>



            class=“org.apache.cxf.interceptor.LoggingOutInterceptor” />

            class=“org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor”>






                        “action” value=“UsernameToken” />

                        “passwordType” value=“PasswordText” />

                        “user” value=“FHDClient” />

                        “passwordCallbackRef”>

                            “clientPasswordCallback” />


















Java代码

Java代码

WebService —- WSS4J + CXF implements WS-Security (based on UserNameToken)

Leave a Comment Cancel reply