Apache CXF實戰之九 發佈使用SSL的Web Service

原創 小丫111111 2020-02-23 06:38

在使用Web Service的時候,在很多情況下會要求我們發佈ssl的web service,此時如果web service是作爲一個war包部署在tomcat之類的web容器中的時候,我們可以通過修改tomcat的配置來比較容易的部署發佈成ssl的web service的,當對於獨立運行的程序來書,此時發佈web service是需要一些操作的,下面看看在CXF中怎樣發佈並調用SSL的Web Service。

1. 首先是一個pojo的實體類

[java] view plaincopyprint?
  1. package com.googlecode.garbagecan.cxfstudy.ssl; 
  2.  
  3. public class User { 
  4.     private String id; 
  5.     private String name; 
  6.     private String password; 
  7.     public String getId() { 
  8.         return id; 
  9.     } 
  10.     public void setId(String id) { 
  11.         this.id = id; 
  12.     } 
  13.     public String getName() { 
  14.         return name; 
  15.     } 
  16.     public void setName(String name) { 
  17.         this.name = name; 
  18.     } 
  19.     public String getPassword() { 
  20.         return password; 
  21.     } 
  22.     public void setPassword(String password) { 
  23.         this.password = password; 
  24.     }  
package com.googlecode.garbagecan.cxfstudy.ssl;

public class User {
	private String id;
	private String name;
	private String password;
	public String getId() {
		return id;
	}
	public void setId(String id) {
		this.id = id;
	}
	public String getName() {
		return name;
	}
	public void setName(String name) {
		this.name = name;
	}
	public String getPassword() {
		return password;
	}
	public void setPassword(String password) {
		this.password = password;
	}
}
2. 下面是Web Service的接口和實現類,這兩個類和前面文章中介紹的沒什麼區別

[java] view plaincopyprint?
  1. package com.googlecode.garbagecan.cxfstudy.ssl; 
  2.  
  3. import java.util.List; 
  4.  
  5. import javax.jws.WebMethod; 
  6. import javax.jws.WebResult; 
  7. import javax.jws.WebService; 
  8.  
  9. @WebService 
  10. public interface UserService { 
  11.     @WebMethod 
  12.     @WebResult List<User> list(); 
  13.  
  15.  
  16. package com.googlecode.garbagecan.cxfstudy.ssl; 
  17.  
  18. import java.util.ArrayList; 
  19. import java.util.List; 
  20.  
  21. public class UserServiceImpl implements UserService { 
  22.  
  23.     public List<User> list() { 
  24.         List<User> users = new ArrayList<User>(); 
  25.         for (int i = 0; i < 10; i++) { 
  26.             User user = new User(); 
  27.             user.setId("" + i); 
  28.             user.setName("user_" + i); 
  29.             user.setPassword("password_" + i); 
  30.             users.add(user); 
  31.         } 
  32.         return users; 
  33.     } 
  34.   
package com.googlecode.garbagecan.cxfstudy.ssl;

import java.util.List;

import javax.jws.WebMethod;
import javax.jws.WebResult;
import javax.jws.WebService;

@WebService
public interface UserService {
	@WebMethod
	@WebResult List<User> list();

}

package com.googlecode.garbagecan.cxfstudy.ssl;

import java.util.ArrayList;
import java.util.List;

public class UserServiceImpl implements UserService {

	public List<User> list() {
		List<User> users = new ArrayList<User>();
		for (int i = 0; i < 10; i++) {
			User user = new User();
			user.setId("" + i);
			user.setName("user_" + i);
			user.setPassword("password_" + i);
			users.add(user);
		}
		return users;
	}

}
3. 下面看看Server端代碼
[java] view plaincopyprint?
  1. package com.googlecode.garbagecan.cxfstudy.ssl; 
  2.  
  3. import java.io.File; 
  4. import java.io.FileInputStream; 
  5. import java.security.KeyStore; 
  6.  
  7. import javax.net.ssl.KeyManager; 
  8. import javax.net.ssl.KeyManagerFactory; 
  9. import javax.net.ssl.TrustManager; 
  10. import javax.net.ssl.TrustManagerFactory; 
  11.  
  12. import org.apache.cxf.configuration.jsse.TLSServerParameters; 
  13. import org.apache.cxf.configuration.security.ClientAuthentication; 
  14. import org.apache.cxf.configuration.security.FiltersType; 
  15. import org.apache.cxf.endpoint.Server; 
  16. import org.apache.cxf.jaxws.JaxWsServerFactoryBean; 
  17. import org.apache.cxf.transport.http_jetty.JettyHTTPServerEngineFactory; 
  18.  
  19. public class MyServer { 
  20.  
  21.     private static final int port = 12345
  22.      
  23.     private static final String address = "https://0.0.0.0:"+port+"/ws/ssl/userService"
  24.  
  25.     public static void main(String[] args) throws Exception { 
  26.         System.out.println("Starting Server"); 
  27.          
  28.         configureSSLOnTheServer(); 
  29.          
  30.         JaxWsServerFactoryBean factoryBean = new JaxWsServerFactoryBean(); 
  31.         factoryBean.setServiceClass(UserServiceImpl.class); 
  32.         factoryBean.setAddress(address); 
  33.          
  34.         Server server = factoryBean.create(); 
  35.         String endpoint = server.getEndpoint().getEndpointInfo().getAddress(); 
  36.  
  37.         System.out.println("Server started at " + endpoint); 
  38.     } 
  39.  
  40.     public static void configureSSLOnTheServer() { 
  41.         File file = new File(MyServer.class.getResource("/com/googlecode/garbagecan/cxfstudy/ssl/test.jks").getFile()); 
  42.          
  43.         try
  44.             TLSServerParameters tlsParams = new TLSServerParameters(); 
  45.             KeyStore keyStore = KeyStore.getInstance("JKS"); 
  46.             String password = "mypassword"
  47.             String storePassword = "mypassword"
  48.              
  49.             keyStore.load(new FileInputStream(file), storePassword.toCharArray()); 
  50.             KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); 
  51.             keyFactory.init(keyStore, password.toCharArray()); 
  52.             KeyManager[] keyManagers = keyFactory.getKeyManagers(); 
  53.             tlsParams.setKeyManagers(keyManagers); 
  54.  
  55.             keyStore.load(new FileInputStream(file), storePassword.toCharArray()); 
  56.             TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); 
  57.             trustFactory.init(keyStore); 
  58.             TrustManager[] trustManagers = trustFactory.getTrustManagers(); 
  59.             tlsParams.setTrustManagers(trustManagers); 
  60.              
  61.             FiltersType filtersTypes = new FiltersType(); 
  62.             filtersTypes.getInclude().add(".*_EXPORT_.*"); 
  63.             filtersTypes.getInclude().add(".*_EXPORT1024_.*"); 
  64.             filtersTypes.getInclude().add(".*_WITH_DES_.*"); 
  65.             filtersTypes.getInclude().add(".*_WITH_NULL_.*"); 
  66.             filtersTypes.getExclude().add(".*_DH_anon_.*"); 
  67.             tlsParams.setCipherSuitesFilter(filtersTypes); 
  68.              
  69.             ClientAuthentication ca = new ClientAuthentication(); 
  70.             ca.setRequired(true); 
  71.             ca.setWant(true); 
  72.             tlsParams.setClientAuthentication(ca); 
  73.              
  74.             JettyHTTPServerEngineFactory factory = new JettyHTTPServerEngineFactory(); 
  75.             factory.setTLSServerParametersForPort(port, tlsParams); 
  76.         } catch (Exception e) { 
  77.             e.printStackTrace(); 
  78.         } 
  79.     } 
  80.   
package com.googlecode.garbagecan.cxfstudy.ssl;

import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;

import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;

import org.apache.cxf.configuration.jsse.TLSServerParameters;
import org.apache.cxf.configuration.security.ClientAuthentication;
import org.apache.cxf.configuration.security.FiltersType;
import org.apache.cxf.endpoint.Server;
import org.apache.cxf.jaxws.JaxWsServerFactoryBean;
import org.apache.cxf.transport.http_jetty.JettyHTTPServerEngineFactory;

public class MyServer {

	private static final int port = 12345;
	
	private static final String address = "https://0.0.0.0:"+port+"/ws/ssl/userService";

	public static void main(String[] args) throws Exception {
		System.out.println("Starting Server");
		
		configureSSLOnTheServer();
		
		JaxWsServerFactoryBean factoryBean = new JaxWsServerFactoryBean();
		factoryBean.setServiceClass(UserServiceImpl.class);
		factoryBean.setAddress(address);
		
		Server server = factoryBean.create();
		String endpoint = server.getEndpoint().getEndpointInfo().getAddress();

		System.out.println("Server started at " + endpoint);
	}

	public static void configureSSLOnTheServer() {
		File file = new File(MyServer.class.getResource("/com/googlecode/garbagecan/cxfstudy/ssl/test.jks").getFile());
		
		try {
			TLSServerParameters tlsParams = new TLSServerParameters();
			KeyStore keyStore = KeyStore.getInstance("JKS");
			String password = "mypassword";
			String storePassword = "mypassword";
			
			keyStore.load(new FileInputStream(file), storePassword.toCharArray());
			KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
			keyFactory.init(keyStore, password.toCharArray());
			KeyManager[] keyManagers = keyFactory.getKeyManagers();
			tlsParams.setKeyManagers(keyManagers);

			keyStore.load(new FileInputStream(file), storePassword.toCharArray());
			TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
			trustFactory.init(keyStore);
			TrustManager[] trustManagers = trustFactory.getTrustManagers();
			tlsParams.setTrustManagers(trustManagers);
			
			FiltersType filtersTypes = new FiltersType();
			filtersTypes.getInclude().add(".*_EXPORT_.*");
			filtersTypes.getInclude().add(".*_EXPORT1024_.*");
			filtersTypes.getInclude().add(".*_WITH_DES_.*");
			filtersTypes.getInclude().add(".*_WITH_NULL_.*");
			filtersTypes.getExclude().add(".*_DH_anon_.*");
			tlsParams.setCipherSuitesFilter(filtersTypes);
			
			ClientAuthentication ca = new ClientAuthentication();
			ca.setRequired(true);
			ca.setWant(true);
			tlsParams.setClientAuthentication(ca);
			
			JettyHTTPServerEngineFactory factory = new JettyHTTPServerEngineFactory();
			factory.setTLSServerParametersForPort(port, tlsParams);
		} catch (Exception e) {
			e.printStackTrace();
		}
	}

}
4. 下面看看Client端代碼

[java] view plaincopyprint?
  1. package com.googlecode.garbagecan.cxfstudy.ssl; 
  2.  
  3. import java.io.File; 
  4. import java.io.FileInputStream; 
  5. import java.security.KeyStore; 
  6.  
  7. import javax.net.ssl.KeyManager; 
  8. import javax.net.ssl.KeyManagerFactory; 
  9. import javax.net.ssl.TrustManager; 
  10. import javax.net.ssl.TrustManagerFactory; 
  11.  
  12. import org.apache.cxf.configuration.jsse.TLSClientParameters; 
  13. import org.apache.cxf.configuration.security.FiltersType; 
  14. import org.apache.cxf.endpoint.Client; 
  15. import org.apache.cxf.frontend.ClientProxy; 
  16. import org.apache.cxf.jaxws.JaxWsProxyFactoryBean; 
  17. import org.apache.cxf.transport.http.HTTPConduit; 
  18.  
  19. public class MyClient { 
  20.  
  21.     private static final String address = "https://localhost:12345/ws/ssl/userService"
  22.  
  23.     public static void main(String[] args) throws Exception { 
  24.         JaxWsProxyFactoryBean factoryBean = new JaxWsProxyFactoryBean(); 
  25.         factoryBean.setAddress(address); 
  26.         factoryBean.setServiceClass(UserService.class); 
  27.         Object obj = factoryBean.create(); 
  28.         UserService userService = (UserService) obj; 
  29.          
  30.         configureSSLOnTheClient(userService); 
  31.  
  32.         System.out.println(userService.list()); 
  33.     } 
  34.  
  35.     private static void configureSSLOnTheClient(Object obj) { 
  36.         File file = new File(MyServer.class.getResource("/com/googlecode/garbagecan/cxfstudy/ssl/test.jks").getFile()); 
  37.          
  38.         Client client = ClientProxy.getClient(obj); 
  39.         HTTPConduit httpConduit = (HTTPConduit) client.getConduit(); 
  40.  
  41.         try
  42.             TLSClientParameters tlsParams = new TLSClientParameters(); 
  43.             tlsParams.setDisableCNCheck(true); 
  44.  
  45.             KeyStore keyStore = KeyStore.getInstance("JKS"); 
  46.             String password = "mypassword"
  47.             String storePassword = "mypassword"
  48.              
  49.             keyStore.load(new FileInputStream(file), storePassword.toCharArray()); 
  50.             TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); 
  51.             trustFactory.init(keyStore); 
  52.             TrustManager[] trustManagers = trustFactory.getTrustManagers(); 
  53.             tlsParams.setTrustManagers(trustManagers); 
  54.  
  55.             keyStore.load(new FileInputStream(file), storePassword.toCharArray()); 
  56.             KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); 
  57.             keyFactory.init(keyStore, password.toCharArray()); 
  58.             KeyManager[] keyManagers = keyFactory.getKeyManagers(); 
  59.             tlsParams.setKeyManagers(keyManagers); 
  60.              
  61.             FiltersType filtersTypes = new FiltersType(); 
  62.             filtersTypes.getInclude().add(".*_EXPORT_.*"); 
  63.             filtersTypes.getInclude().add(".*_EXPORT1024_.*"); 
  64.             filtersTypes.getInclude().add(".*_WITH_DES_.*"); 
  65.             filtersTypes.getInclude().add(".*_WITH_NULL_.*"); 
  66.             filtersTypes.getExclude().add(".*_DH_anon_.*"); 
  67.             tlsParams.setCipherSuitesFilter(filtersTypes); 
  68.  
  69.             httpConduit.setTlsClientParameters(tlsParams); 
  70.         } catch (Exception e) { 
  71.             e.printStackTrace(); 
  72.         } 
  73.     }  
package com.googlecode.garbagecan.cxfstudy.ssl;

import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;

import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;

import org.apache.cxf.configuration.jsse.TLSClientParameters;
import org.apache.cxf.configuration.security.FiltersType;
import org.apache.cxf.endpoint.Client;
import org.apache.cxf.frontend.ClientProxy;
import org.apache.cxf.jaxws.JaxWsProxyFactoryBean;
import org.apache.cxf.transport.http.HTTPConduit;

public class MyClient {

	private static final String address = "https://localhost:12345/ws/ssl/userService";

	public static void main(String[] args) throws Exception {
		JaxWsProxyFactoryBean factoryBean = new JaxWsProxyFactoryBean();
		factoryBean.setAddress(address);
		factoryBean.setServiceClass(UserService.class);
		Object obj = factoryBean.create();
		UserService userService = (UserService) obj;
		
		configureSSLOnTheClient(userService);

		System.out.println(userService.list());
	}

	private static void configureSSLOnTheClient(Object obj) {
		File file = new File(MyServer.class.getResource("/com/googlecode/garbagecan/cxfstudy/ssl/test.jks").getFile());
		
		Client client = ClientProxy.getClient(obj);
		HTTPConduit httpConduit = (HTTPConduit) client.getConduit();

		try {
			TLSClientParameters tlsParams = new TLSClientParameters();
			tlsParams.setDisableCNCheck(true);

			KeyStore keyStore = KeyStore.getInstance("JKS");
			String password = "mypassword";
			String storePassword = "mypassword";
			
			keyStore.load(new FileInputStream(file), storePassword.toCharArray());
			TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
			trustFactory.init(keyStore);
			TrustManager[] trustManagers = trustFactory.getTrustManagers();
			tlsParams.setTrustManagers(trustManagers);

			keyStore.load(new FileInputStream(file), storePassword.toCharArray());
			KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
			keyFactory.init(keyStore, password.toCharArray());
			KeyManager[] keyManagers = keyFactory.getKeyManagers();
			tlsParams.setKeyManagers(keyManagers);
			
			FiltersType filtersTypes = new FiltersType();
			filtersTypes.getInclude().add(".*_EXPORT_.*");
			filtersTypes.getInclude().add(".*_EXPORT1024_.*");
			filtersTypes.getInclude().add(".*_WITH_DES_.*");
			filtersTypes.getInclude().add(".*_WITH_NULL_.*");
			filtersTypes.getExclude().add(".*_DH_anon_.*");
			tlsParams.setCipherSuitesFilter(filtersTypes);

			httpConduit.setTlsClientParameters(tlsParams);
		} catch (Exception e) {
			e.printStackTrace();
		}
	}
}
5. 我們需要手動生成jks文件,並將其放在maven工程resources的/com/googlecode/garbagecan/cxfstudy/ssl/目錄下,下面是手動生成時使用的命令

[plain] view plaincopyprint?
  1. keytool -genkey -alias test -keyalg RSA -keypass mypassword -storepass mypassword -dname "CN=, OU=, O=, L=, ST=, C=" -validity 3650 -keystore test.jks  
keytool -genkey -alias test -keyalg RSA -keypass mypassword -storepass mypassword -dname "CN=, OU=, O=, L=, ST=, C=" -validity 3650 -keystore test.jks
6. 最後我們可以通過啓動MyServer和MyClient來驗證我們的測試。


發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章

mybatis開啓MapperScannerConfigurer導致properties不生效

背景 spring和mybatis集成過程中,我們可以通過MapperFactoryBean的方式配置Mapper接口。但是這樣需要在配置文件中,爲每個mapper配置相同的代碼塊,浪費時間。關鍵對於代碼潔癖的人來說,一點不能忍。 <bea

原創 2024-02-07 13:55:41

Java字符串的一些理解

爲什麼要研究字符串? 人機交互的過程中,文字、數字、字母、符號都是字符表現形式,這部分內容佔了人機信息交互的大部分內容,所以有必要明確一些基本問題。因此大部分數據類型都應該有字符串表達形式,我們在定義新類型的時候可以根據需要來定義新類型的

原創 2023-10-31 09:11:32

(二)java版spring boot 社交電子商務平臺-security簡單使用

security的簡單原理: 使用衆多的攔截器對url攔截,以此來管理權限。但是這麼多攔截器,不可能對其一一來講,主要講裏面核心流程的兩個。 首先,權限管理離不開登陸驗證的,所以登陸驗證攔截器AuthenticationProcessing

原創 2023-10-10 11:05:06

(三)java版spring cloud+spring boot+redis多租戶社交電子商務平臺-Spring Cloud實戰隨機端口

我們經常會需要啓動多個實例的情況來測試註冊中心、配置中心等基礎設施的高可用,也會用來測試客戶端負載均衡的調用等。但是,我們一個應用只能有一個端口號,這就使得在本機測試的時候,不得不爲同一個服務設置不同的端口來進行啓動。 在本地用不同端口啓動

原創 2023-10-10 11:05:04

如何使用 Java 反射?反射的用法及案例

簡介     Java Reflection,稱爲 Java 反射,是Java基礎部分的一個比較難的點。Reflection(反射)是被視爲動態語言的關鍵,通過反射機制,我們可以在運行時(runtime)獲取類的完整結構。例如,可以獲取到

原創 2023-10-10 02:23:57

最新美團面試集合(一面+二面+三面+重點技術面試題)附面試解析

一面 1. 簡短自我介紹 2. 事務的ACID,其中把事務的隔離性詳細解釋一遍 3. 髒讀、幻影讀、不可重複讀 4. 紅黑樹、二叉樹的算法 5. 平常用到哪些集合類?ArrayList和LinkedList區別?HashMap內部數據結構

原創 2023-10-10 01:43:49

Java程序員不想被裁員困擾,應該怎樣築基、發展才能越走越遠?

  當我們站在技術之路的原點,未來可能充滿了迷茫,也存在着很多不同的可能。在這個知識爆炸與終身學習/碎片化學習爲主的時代,我們面臨的問題之一就是如何進行有效學習,不僅能有效平衡廣度與深度,並且能真正的積澱下來,提升自己的研發效能。於筆者而

原創 2023-10-10 01:43:34

阿里巴巴Java開發手冊 梳理筆記 - finally 塊必須對資源對象、流對象進行關閉

阿里巴巴Java開發手冊 梳理筆記 - finally 塊必須對資源對象、流對象進行關閉 規約內容: 2.1 異常處理 6. 【強制】 finally 塊必須對資源對象、流對象進行關閉,有異常也要做 try - catch 。 說明:如果

原創 2023-08-02 10:29:06

java併發-CAS的理解

在Java方面,能夠實現多線程安全修改對象值得方法只有2個 1.原子操作 2.互斥方法 而在Java當中,或是其他語言中,基本上也都是使用CAS實現。CAS是比較並交換的意思,這個操作包含2個連續的操作,比較,還有賦值,因爲2個操作在cpu

原創 2023-05-29 01:40:21

java併發-Timer類的使用和原理

單線程輪詢並執行任務,有可能會導致飢餓。比較適合於一些具有一個任務的週期調度。 任務列表用數組存儲,元素最前面的元素是最先被執行的任務。 schedule方法是固定間隔執行,根據上一次執行的結束時間來定義間隔的開始時間 scheduleAt

原創 2023-03-28 01:52:22

java併發-ReadWriteLock代碼理解

創建的ReadWriteLock需要使用兩個方法來繼續創造2個對象,分別是ReadLock和WriteLock。 這兩個鎖對象的方法調用都會匯聚到ReadWriteLock的Sync類中。多個對象的方法調用匯聚到一個對象上面,這個設計模式是

原創 2023-03-28 01:52:20

java併發-synchronized關鍵字

synchronized關鍵字可以修飾普通方法,靜態方法,當修飾普通方法,鎖對象是當前對象,當修飾靜態方法,鎖對象是當前類的class synchroinzed關鍵字可以使用同步代碼塊實現同步,此時可以指定鎖對象。 同步方法的實現方式 同步

原創 2023-03-28 01:52:18

java併發-AQS總結-原理

AQS是Java多線程編程的重入鎖,管程,工具類的基礎類,是必須要掌握的。不掌握這個類,根本不能稱之爲合格的Java程序員。 即使是把這個類所有的代碼都背會,也是值得的。 如何標識已經有線程在執行呢? 有兩個變量,一個state變量,一個e

原創 2023-03-28 01:52:16

java併發-緩存一致性協議和內存屏障的思考和理解

################這是之前的思考 內存屏障只是保證清空流水線,如何保證高速緩存的內容更新到最新或刷新到主存呢?這個問題突然想到了,不知道這個需要怎回答。 內存屏障保證的CPU執行執行序列能夠順序執行,而不是亂序執行。當然,前提

原創 2023-03-28 01:52:14

Java併發-volidate關鍵字

使用volidate關鍵字修飾的成員變量,保證可見性,也就是當一個線程修改這樣的成員變量後,其他的線程能夠立即看到這次的修改。有兩個方面的原因: 1.編譯器不優化對這樣的關鍵字修飾變量的一些訪問操作 2.對讀,寫這個關鍵字修飾的變量前後,會

原創 2023-03-28 01:52:13