XFIRE安全整体方案

来源： 作者： 时间：2008-07-03 Tag： 点击：

XFIRE安全整体方案
调用时验证密码+加密+签名
返回结果加密
得到结果解密

服务端配置：
XFIRE的配置文件修改点，applicationContext-webservice.xml:
<bean name="userServiceEnc" parent="baseWebService">
<property name="serviceBean" ref="UserServiceImpl" />
<property name="serviceClass"
   value="com.megaeyes.ipcamera.service.webservice.iface.UserServiceEnc" />
<property name="inHandlers">
   <list>
    <ref bean="domInHandler" />
    <ref bean="wss4jInHandlerEncSign" />
    <ref bean="validateUserTokenHandler" />
   </list>
</property>
<property name="outHandlers">
   <list>
    <ref bean="domOutHandler" />
    <ref bean="wss4jOutHandlerEncSign" />
   </list>
</property>
</bean>

<bean id="wss4jInHandlerEncSign"
class="org.codehaus.xfire.security.wss4j.WSS4JInHandler">
<property name="properties">
   <props>
    <prop key="action">
     UsernameToken Encrypt Signature
    </prop>
    <prop key="decryptionPropFile">
     insecurity_enc.properties
    </prop>
    <prop key="passwordCallbackClass">
     com.megaeyes.ipcamera.service.webservice.tools.PasswordHandler
    </prop>
    <prop key="signaturePropFile">
     insecurity_sign.properties
    </prop>
   </props>
</property>
</bean>

<bean id="wss4jOutHandlerEncSign"
class="org.codehaus.xfire.security.wss4j.WSS4JOutHandler">
<property name="properties">
   <props>
    <prop key="action">Encrypt</prop>
    <prop key="encryptionUser">client</prop>
    <prop key="encryptionPropFile">
     outsecurity_enc.properties
    </prop>
   </props>
</property>
</bean>

insecurity_enc.properties配置文件：
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=kaishi
org.apache.ws.security.crypto.merlin.file=server_private.jks

insecurity_sign.properties配置文件：
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=kaishi
org.apache.ws.security.crypto.merlin.file=client_public.jks

outsecurity_enc.properties配置文件：
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=kaishi
org.apache.ws.security.crypto.merlin.file=client_public.jks

客户端配置
只用修改XFireClientFactory.java文件就可以了，不过可以改成配置的，不用每次都来修改，有空再改改吧
getEncSign(obj);

public void getEncSign(Object service) {
Client client = ((XFireProxy) Proxy.getInvocationHandler(service))
.getClient();
// 挂上WSS4JOutHandler，提供认证
client.addOutHandler(new DOMOutHandler());
Properties properties = new Properties();

properties.setProperty(WSHandlerConstants.ACTION,
    WSHandlerConstants.USERNAME_TOKEN + " "
      + WSHandlerConstants.ENCRYPT + " "
      + WSHandlerConstants.SIGNATURE);
properties.setProperty(WSHandlerConstants.PASSWORD_TYPE,
    WSConstants.PASSWORD_DIGEST);
properties.setProperty(WSHandlerConstants.USER, "server");

properties.setProperty(WSHandlerConstants.ENCRYPTION_USER, "server");
properties.setProperty(WSHandlerConstants.ENC_PROP_FILE,
"outsecurity_enc.properties");

properties.setProperty(WSHandlerConstants.USER, "client");
properties.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS,
PasswordHandler.class.getName());
properties.setProperty(WSHandlerConstants.SIG_PROP_FILE,
"outsecurity_sign.properties");
properties.setProperty(WSHandlerConstants.SIG_KEY_ID, "IssuerSerial");
client.addOutHandler(new WSS4JOutHandler(properties));

[收藏] [推荐] [评论] [打印] [关闭]

顶一下

上一篇：网络存储：SAN与NAS
下一篇：ssl vpn

◇eG Citrix 监控器	◇Ethernet的帧格式和结构
◇华为(Quidway AR18-22-24)路由器配置实例	◇简单利用路由黑洞解决DDOS流量攻击
◇我的linux试验题目	◇如何在HMC上激活网络时间协议NTP
◇Resin泛解析 - 三级域名最优应用方案	◇Resin多域名绑定 + 泛解析
◇resin 负载均衡	◇linksys wap54g 设置注意事项
◇acegi RememberMe&退出&匿名登陆	◇vnd命令~
◇LINUX网卡绑定	◇TCP包首部
◇IP包首部格式	◇指纹锁也不靠谱电脑“破解”六大事件!
◇linux配置网关	◇使用 SCTP 优化网络
◇IPv4/IPv6过渡技术和方案分析	◇用三个源码包libnet、libnids、libpcap轻松搭建Li
◇Extensible Messaging and Presence Protocol (XM	◇组建CISCO多层交换网络入门
◇CISCO多层交换机的初始配置和排错	◇实施和配置VLAN
◇理解和配置802.1Q/802.1S和802.1W生成树协议	◇理解和配置cisco特定的生成树协议特性和STP排错
◇配置第二层和第三层的特性	◇理解和配置VLAN间的路由选择
◇理解和配置多层交换	◇理解和配置cisco多层交换网络中的服务质量

91Linux!