tomcat7 ssl、basic认证、digest认证的配置和webservice的混合使用-留作笔记
tomcat7 ssl、basic认证、digest认证的配置和webservice的混合使用-留作笔记
2011年10月28日
环境 tomcat7.0.24 + jdk7 +win7 好吧都是7哈哈管他三七二十一咯
第一步:在myeclipse8.6创建一个webservice要导入一些jar包(下载地址:http://115.com/file/aq633a7t)
package org.service;
import javax.jws.WebMethod;
import javax.jws.WebService;
@WebService
public interface FloatService {
@WebMethod float c2f(float c);
}
package org.service.impl;
import java.util.List;
import java.util.Map;
import javax.annotation.Resource;
import javax.jws.WebService;
import javax.xml.ws.WebServiceContext;
import javax.xml.ws.handler.MessageContext;
import javax.xml.ws.http.HTTPException;
import org.service.FloatService;
@WebService(endpointInterface = "org.service.FloatService")
public class FloatServiceImpl implements FloatService {
@Resource
WebServiceContext ws_ctx;
public float c2f(float c) {
if(authentucated()){
return 32.0f + (c * 0.9f / 5f);
}else{
throw new HTTPException(401);
}
}
public boolean authentucated(){
MessageContext mctx = ws_ctx.getMessageContext();
Map http_headers = (Map) mctx.get(MessageContext.HTTP_REQUEST_HEADERS);
List uList = (List) http_headers.get("username");
List pList = (List) http_headers.get("password");
if(uList.contains("jiangwu")&&pList.contains("1")){
return true;
}
return false;
}
}
在web.xml下有如下配置
com.sun.xml.ws.transport.http.servlet.WSServletContextListener
FloatWS
com.sun.xml.ws.transport.http.servlet.WSServlet
FloatWS
/float
在WEB-INF目录下新建一个sun-javaws.xml
第二步: 打开命令行执行以下命令
cd /d "webservice工程的目录\webRoot\WEB-INF\classes"
D:\My Documents\web\floatservice\WebRoot\WEB-INF\classes>wsgen -cp . org.service.impl.FloatServiceImpl(jdk7的wsgen貌似不能使用jdk6是可用的D:\My Documents\web\floatservice\WebRoot\WEB-INF\classes>"D:\Program Files\Java\jdk1.6.0_24\bin\wsgen.exe" -cp . org.service.impl.FloatServiceImpl)==============生成jws工件
cd ../../
jar cvf float.war WEB-INF===================对工程打包
将war包放到tomcat的webapps目录下
第三步:为tomcat配置ssl
生成证书 keytool -genkey -alias tomcat -keyalg RSA -keystore "d:\.keystore" -dname "CN=localhost, OU=localhost, O=localhost, L=SH, ST=SH, C=CN" -keypass 123456 -storepass 123456
修改tomcat目录下/conf/server.xml文件找到如下代码段,深红色就是需要添加滴
启动tomcat访问https://localhost:8443/如果看到狮子说明配置成功
第四步:编写webservice的客户端代码
首先创建个web工程,接着在工程中新建个类installcert
import java.io.*;
import java.net.URL;
import java.security.*;
import java.security.cert.*;
import javax.net.ssl.*;
public class InstallCert {
public static void main(String[] args) throws Exception {
String host;
int port;
char[] passphrase;
if ((args.length == 1) || (args.length == 2)) {
String[] c = args[0].split(":");
host = c[0];
port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);
String p = (args.length == 1) ? "changeit" : args[1];
passphrase = p.toCharArray();
} else {
System.out.println("Usage: java InstallCert [:port] [passphrase]");
return;
}
File file = new File("jssecacerts");
if (file.isFile() == false) {
char SEP = File.separatorChar;
File dir = new File(System.getProperty("java.home") + SEP
+ "lib" + SEP + "security");
file = new File(dir, "jssecacerts");
if (file.isFile() == false) {
file = new File(dir, "cacerts");
}
}
System.out.println("Loading KeyStore " + file + "...");
InputStream in = new FileInputStream(file);
System.out.println(in.available());
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(in, passphrase);
in.close();
SSLContext context = SSLContext.getInstance("TLS");
TrustManagerFactory tmf =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ks);
X509TrustManager defaultTrustManager = (X509TrustManager)tmf.getTrustManagers()[0];
SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);
context.init(null, new TrustManager[] {tm}, null);
SSLSocketFactory factory = context.getSocketFactory();
System.out.println("Opening connection to " + host + ":" + port + "...");
SSLSocket socket = (SSLSocket)factory.createSocket(host, port);
socket.setSoTimeout(10000);
try {
System.out.println("Starting SSL handshake...");
socket.startHandshake();
socket.close();
System.out.println();
System.out.println("No errors, certificate is already trusted");
} catch (SSLException e) {
System.out.println();
e.printStackTrace(System.out);
}
X509Certificate[] chain = tm.chain;
if (chain == null) {
System.out.println("Could not obtain server certificate chain");
return;
}
BufferedReader reader =
new BufferedReader(new InputStreamReader(System.in));
System.out.println();
System.out.println("Server sent " + chain.length + " certificate(s):");
System.out.println();
MessageDigest sha1 = MessageDigest.getInstance("SHA1");
MessageDigest md5 = MessageDigest.getInstance("MD5");
for (int i = 0; i > 4]);
sb.append(HEXDIGITS[b & 15]);
sb.append(' ');
}
return sb.toString();
}
private static class SavingTrustManager implements X509TrustManager {
private final X509TrustManager tm;
private X509Certificate[] chain;
SavingTrustManager(X509TrustManager tm) {
this.tm = tm;
}
public X509Certificate[] getAcceptedIssuers() {
throw new UnsupportedOperationException();
}
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
throw new UnsupportedOperationException();
}
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
this.chain = chain;
tm.checkServerTrusted(chain, authType);
}
}
}
然后执行在命令行以下命令
cd /d "webservice客户端目录\WebRoot\WEB-INF\classes"
java InstallCert localhost:8443
命令行出现如下
Enter certificate to add to trusted keystore or 'q' to quit: [1]
此时键入1按回车键即可在 "webservice客户端目录\WebRoot\WEB-INF\classes"目录下生成jssecacerts文件,然后将其拷贝到java目录下\jre\lib\security下
cd ../../../src
wsimport -keep http://localhost:8443/工程名/web.xml配置的url-pattern的值?wsdl
刷新工程将看到两个包然后在默认包下新建类FloatClient
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.xml.ws.BindingProvider;
import javax.xml.ws.handler.MessageContext;
import org.apache.catalina.realm.RealmBase;
import org.service.impl.FloatService;
import org.service.impl.FloatServiceImplService;
public class FloatServiceClient {
private static final String endpoint = "https://localhost:8443/float/float";
public static void main(String[] args) {
FloatServiceImplService service = new FloatServiceImplService();
FloatService port = service.getFloatServiceImplPort();
Map req_ctx = ((BindingProvider) port).getRequestContext();
req_ctx.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, endpoint);
Map> hdr = new HashMap>();
hdr.put("username", Collections.singletonList("jiangwu"));
hdr.put("password", Collections.singletonList("1"));
req_ctx.put(MessageContext.HTTP_REQUEST_HEADERS, hdr);
System.out.println("c2f(-40.1) ==> " + port.c2F(-40.1f));
}
}
写好后以application方式运行
如果出现pikx的问题请把生成的jssecacerts复制到所有可能的java运行环境中
第四步:为应用程序和tomcat添加密码摘要的容器管理安全
首先:修改webservice的web.xml的配置,在文件中添加如下代码
admin
sessiontest secruity constraint
Protected Area
/float
admin
CONFIDENTIAL
DIGEST
然后使用tomcat带的digest工具生成铭文密码的摘要在命令行键入digest -a SHA 1(密码明文)
生成密文:356a192b7913b04c54574d18c28d46e6395428ab将他配置到tomcat-users文件中
接着重新打包工程同第二步不重复
再接着 就可以用浏览器访问下https://localhost:8443/float/float?wsdl如果弹出登陆框表示服务端和tomcat都配置好了
用amdin和356a192b7913b04c54574d18c28d46e6395428ab登陆看到wsdl文件那说明就完全ok了
第五步:客户端访问
暂时无解
猜你喜欢
转载自ydys76ydys.iteye.com/blog/1358869
今日推荐
周排行