Sign and Encrypt SOAP Messages with Apache CXF

╄→尐↘猪︶ㄣ 提交于 2020-01-13 05:17:30

问题


I'm trying to write a "Secure Hello World" web service using Apache CXF also; I should note that I'm kind of new to Java and WS-* stuff.

Basically, what I want to do is a hello-world web service with soap messages to and from this web service signed and encrypted using x.509 certificate(s).

I have already read the tutorial on Apache CXF site about WS-Security but; I want to use WS-SecurityPolicy instead of Interceptors.

Can anyone point me in the right direction?


回答1:


Here's a blog with details on using Apache CXF: Adding X.509 security headers to Apache CXF SOAP calls (WS-SecurityPolicy method)

There's also a tutorial with source code configured for using the WS-SecurityPolicy Method.

EDIT: fixed broken link, added link to tutorial.

There is now a good overview of the various settings for WS-SecurityPolicy on the CXF site, and it references the link above.

In a nutshell (in case the links are blown away again), the WS-SecurityPolicy is configured similar to the CXF interceptor method described on the CXF wiki except for a few changes in the cxf.xml and the cxf-servlet.xml:

cxf.xml

   <jaxws:client name="{http://myport" createdFromAPI="true">
            <!-- You will need to add the corresponding values to a properties file -->
            <jaxws:properties>
                <entry key="ws-security.callback-handler" value="client.ClientKeystorePasswordCallback"/>        
                <entry key="ws-security.encryption.properties" value=keystore.properties"/>
                <entry key="ws-security.signature.properties" value="keystore.properties"/>
                <entry key="ws-security.encryption.username" value="myservicekey"/>
            </jaxws:properties>

cxf-servlet.xml

  <jaxws:properties>
            <entry key="ws-security.callback-handler">
                <ref bean="myPasswordCallback"/>
            </entry>
            <entry key="ws-security.encryption.properties" value="serviceKeystore.properties"/>
            <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/>
            <entry key="ws-security.encryption.username" value="useReqSigCert"/>
        </jaxws:properties> 



回答2:


Since web services work over HTTP, you can secure them by using the HTTPS protocol.

Here is a resource that can help point you in the right direction: Using JAX-WS-Based Web Services with SSL

While this resource is for JAX-WS, you should find that a lot of it will carry over to Apache CXF.

Cheers.



来源:https://stackoverflow.com/questions/3752075/sign-and-encrypt-soap-messages-with-apache-cxf

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!