问题
I am trying to implement security to my proxy service. I have taken help for security implementation from this link:http://evanthika.blogspot.in/2012/12/pox-security-with-wso2-esb-proxy.html. My security is implemented and i can invoke it from try it as well but i want to invoke this service through a client but how to do this part i am unable to find. can anyone provide me a sample with respect to this problem? Thanks in advance
回答1:
Update:
The RampartConfigBuilder class:
package org.wso2.carbon.security.ws;
import org.apache.rampart.policy.model.RampartConfig;
import org.apache.rampart.policy.model.CryptoConfig;
import java.util.Properties;
import java.io.File;
/**
* This class is used to create Rampart Configurations for different security scenarios in WSAS
*/
public class RampartConfigBuilder {
public static RampartConfig createRampartConfig(int securityScenario) {
RampartConfig rampartConfig = null;
Properties merlinProp = new Properties();
merlinProp.put("org.apache.ws.security.crypto.merlin.keystore.type", "JKS");
merlinProp.put("org.apache.ws.security.crypto.merlin.file",
"src" + File.separator + "main" + File.separator + "resources" + File.separator + "wso2carbon.jks");
merlinProp.put("org.apache.ws.security.crypto.merlin.keystore.password", "wso2carbon");
CryptoConfig sigCryptoConfig = new CryptoConfig();
sigCryptoConfig.setProvider("org.apache.ws.security.components.crypto.Merlin");
sigCryptoConfig.setProp(merlinProp);
CryptoConfig encCryptoConfig = new CryptoConfig();
encCryptoConfig.setProvider("org.apache.ws.security.components.crypto.Merlin");
encCryptoConfig.setProp(merlinProp);
switch (securityScenario) {
/**
* Scenario : Username Token
* Rampart Config : username , password callback handler
*/
case 1:
rampartConfig = new RampartConfig();
rampartConfig.setUser("admin");
rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
break;
/**
* Scenario : Non-repudiation
* Rampart Config : signatureCrypto , Password Callback Hanlder , User certificate Alias ,
* Signature CryptoConfig
*/
case 2:
rampartConfig = new RampartConfig();
rampartConfig.setUserCertAlias("wso2carbon");
rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
rampartConfig.setSigCryptoConfig(sigCryptoConfig);
break;
/**
* Scenario : Integrity
* Rampart Config : Encryption user , Signature CryptoConfig
*/
case 3:
rampartConfig = new RampartConfig();
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setSigCryptoConfig(sigCryptoConfig);
break;
/**
* Scenario : Confidentiality :
* Rampart Config : Encryption user , Encryption CryptoConfig
*/
case 4:
rampartConfig = new RampartConfig();
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
break;
/**
* Scenario : Sign and encrypt - X509 Authentication
* Rampart Config : User cert alias , Encryption user , Sign. CryptoConfig , Enc. CryptoConfig ,
* Password Callback Handler
*/
case 5:
rampartConfig = new RampartConfig();
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setUserCertAlias("wso2carbon");
rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
rampartConfig.setSigCryptoConfig(sigCryptoConfig);
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
break;
/**
* Scenario : Sign and Encrypt - Anonymous clients
* Rampart Config : Encryption User , Sign. CryptoConfig | Encr. CryptoConfig
*/
case 6:
rampartConfig = new RampartConfig();
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
break;
/**
* Scenario : Encrypt only - Username Token Authentication
* Rampart Config : Username , PasswordCallbackHandler + Encryption User
* , Sign. CryptoConfig | Encr. CryptoConfig
*/
case 7:
rampartConfig = new RampartConfig();
rampartConfig.setUser("admin");
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
break;
/**
* Scenario : Sign and Encrypt - Username Token Authentication
* Rampart Config : Username + PasswordCallbackhandler , Encryption User ,
* Sign. CryptoConfig | Encr. CryptoConfig
*/
case 8:
rampartConfig = new RampartConfig();
rampartConfig.setUser("admin");
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
break;
/**
* Scenario : SecureConversation - Sign only - Service as STS - Bootstrap policy - Sign and Encrypt ,
* X509 Authentication
* Rampart Config : encryption user, User Cert. Alias, Password Callback Handler, Sign. CryptoConfig,
* Encr. CryptoConfig
*/
case 9:
rampartConfig = new RampartConfig();
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setUserCertAlias("wso2carbon");
rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
rampartConfig.setSigCryptoConfig(sigCryptoConfig);
break;
/**
* Scenario : SecureConversation - Encrypt only - Service as STS - Bootstrap policy - Sign and Encrypt ,
* X509 Authentication Provides Confidentiality. Multiple message exchange.Clients have X509 certificates.
* Rampart Config : encryption user, User Cert. Alias, Password Callback Handler, Sign. CryptoConfig,
* Encr. CryptoConfig
*/
case 10:
rampartConfig = new RampartConfig();
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setUserCertAlias("wso2carbon");
rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
rampartConfig.setSigCryptoConfig(sigCryptoConfig);
break;
/**
* Scenario : SecureConversation - Sign and Encrypt - Service as STS - Bootstrap policy - Sign and Encrypt,
* X509 Authentication
* Rampart Config : encryption user, User Cert. Alias, Password Callback Handler, Sign. CryptoConfig,
* Encr. CryptoConfig
*/
case 11:
rampartConfig = new RampartConfig();
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setUserCertAlias("wso2carbon");
rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
rampartConfig.setSigCryptoConfig(sigCryptoConfig);
break;
/**
* Scenario : SecureConversation - Sign Only - Service as STS - Bootstrap policy - Sign and Encrypt ,
* Anonymous clients
* Rampart Config : Encryption User, enc. crypto config
*/
case 12:
rampartConfig = new RampartConfig();
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
break;
/**
* Scenario : SecureConversation - Encrypt Only - Service as STS - Bootstrap policy - Sign and Encrypt ,
* Anonymous clients
* Rampart Config : Encryption User, enc. crypto config
*/
case 13:
rampartConfig = new RampartConfig();
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
break;
/**
* Scenario : SecureConversation - Encrypt Only - Service as STS - Bootstrap policy - Sign and Encrypt ,
* Username Token Authentication
* Rampart Config : Username, encryption user, Password Callback Handler, enc. crypto config
*/
case 14:
rampartConfig = new RampartConfig();
rampartConfig.setUser("admin");
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
break;
/**
* Scenario : SecureConversation - Sign and Encrypt - Service as STS - Bootstrap policy - Sign and Encrypt,
* Username Token Authentication
* Rampart Config : Username, encryption user, Password Callback Handler, Encryption Crypto Config
*/
case 15:
rampartConfig = new RampartConfig();
rampartConfig.setUser("admin");
rampartConfig.setEncryptionUser("wso2carbon");
rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
rampartConfig.setEncrCryptoConfig(encCryptoConfig);
break;
}
return rampartConfig;
}
}
The PasswordCallbackHandler class:
package org.wso2.carbon.security.ws;
import org.apache.ws.security.WSPasswordCallback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;
import java.io.IOException;
public class PasswordCallbackHandler implements CallbackHandler{
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
String id = pwcb.getIdentifer();
if("admin".equals(id)) {
pwcb.setPassword("admin");
} else if("wso2carbon".equals(id)) {
pwcb.setPassword("wso2carbon");
}
}
}
}
Original:
Following Java code allows you to invoke a secured service. You can invoke a service that could be secured using the 15 default security scenarios [1]. You need to change "/path/to/keystore" to point to the location of wso2carbon.jks which is shipped with wso2esb by default (ESB_HOME/repository/resources/security/wso2carbon.jks). Also change /path/to/repo to point to client axis2 repository. The file structure is as follows. The EPRs are hard-coded. So, you might want to change those to match with your service.
repository/
└── modules
├── addressing-1.6.1-wso2v1.mar
├── rahas-1.6.1-wso2v1.mar
└── rampart-1.6.1-wso2v1.mar
[1] http://docs.wso2.org/wiki/display/AS510/QoS+-+Security+and+Reliable+Messaging
package org.wso2.carbon.security.ws;
import org.apache.axis2.addressing.EndpointReference;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.axis2.context.ConfigurationContextFactory;
import org.apache.axis2.description.AxisBinding;
import org.apache.axis2.description.AxisEndpoint;
import org.apache.axis2.rpc.client.RPCServiceClient;
import org.apache.neethi.Policy;
import javax.xml.namespace.QName;
import java.io.BufferedReader;
import java.io.File;
import java.io.InputStreamReader;
import java.net.URL;
import java.util.Map;
public class HelloServiceClient {
static {
System.setProperty("javax.net.ssl.trustStore", "/path/to/keystore" + File.separator+ "wso2carbon.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "wso2carbon");
}
public static void main(String[] args) {
try {
int securityScenario = getSecurityScenario();
String repository = "/path/to/repo" + File.separator + "repository";
ConfigurationContext confContext =
ConfigurationContextFactory.
createConfigurationContextFromFileSystem(repository, null);
String endPoint = "HelloServiceHttpSoap12Endpoint";
if(securityScenario == 1){
endPoint = "HelloServiceHttpsSoap12Endpoint"; // scenario 1 uses HelloServiceHttpsSoap12Endpoint
}
RPCServiceClient dynamicClient =
new RPCServiceClient(confContext,
new URL("http://127.0.0.1:9763/services/HelloService?wsdl"),
new QName("http://www.wso2.org/types", "HelloService"),
endPoint);
//Engage Modules
dynamicClient.engageModule("rampart");
dynamicClient.engageModule("addressing");
//TODO : Change the port to monitor the messages through TCPMon
if(securityScenario != 1){
dynamicClient.getOptions().setTo(new EndpointReference("http://127.0.0.1:9763/services/HelloService/"));
}
//Get the policy from the binding and append the rampartconfig assertion
Map endPoints = dynamicClient.getAxisService().getEndpoints();
AxisBinding axisBinding = ((AxisEndpoint) endPoints.values().iterator().next()).getBinding();
Policy policy = axisBinding.getEffectivePolicy();
policy.addAssertion(RampartConfigBuilder.createRampartConfig(securityScenario));
axisBinding.applyPolicy(policy);
//Invoke the service
Object[] returnArray = dynamicClient.invokeBlocking(new QName("http://www.wso2.org/types","greet"),
new Object[]{"Alice"},
new Class[]{String.class});
System.out.println((String) returnArray[0]);
} catch (Exception ex) {
ex.printStackTrace();
}
}
private static int getSecurityScenario() {
int scenarioNumber = 0;
while (scenarioNumber < 1 || scenarioNumber > 15) {
System.out.print("Insert the security scenario no : ");
String inputString = readOption();
try {
scenarioNumber = new Integer(inputString);
} catch (Exception e) {
System.out.println("invalid input, insert a integer between 1 and 15");
}
if(scenarioNumber < 1 || scenarioNumber > 15){
System.out.println("Scenario number should be between 1 and 15");
}
}
return scenarioNumber;
}
private static String readOption() {
try {
BufferedReader console = new BufferedReader(new InputStreamReader(System.in));
String str;
while ((str = console.readLine()).equals("")) {
}
return str;
} catch (Exception e) {
return null;
}
}
}
回答2:
Almost all IDE's (I personnaly use WSO2 developer studio for WSO2 developments) have their ability to generate stub from WSDL file, also in ESB there is a utility (under Tool tab) generate java code from WSDL. You can choose both way to generate java code. After you generate your java stub from wsdl and invoke the Echo Service (I am saying for just in your case), you can switch the web service endpoint to proxy service url.
You can find WSO2 developer Studio, which is an Eclipse bundle, from here:
WSO2 Developer Studio
For detailed information about invoking Axis2 web service from a client you can see:
Axis2 client invocation
来源:https://stackoverflow.com/questions/16273476/client-for-secured-proxy-service