`
ydys76ydys
  • 浏览: 13221 次
最近访客 更多访客>>
社区版块
存档分类
最新评论

tomcat7 ssl、basic认证、digest认证的配置和webservice的混合使用-留作笔记

阅读更多

tomcat7 ssl、basic认证、digest认证的配置和webservice的混合使用-留作笔记
2011年10月28日
  环境  tomcat7.0.24 + jdk7 +win7  好吧都是7哈哈管他三七二十一咯
  第一步:在myeclipse8.6创建一个webservice要导入一些jar包(下载地址:http://115.com/file/aq633a7t)
  
  
  
  package org.service;
  import javax.jws.WebMethod;
  import javax.jws.WebService;
  @WebService
  public interface FloatService {
  @WebMethod float c2f(float c);
  }
  package org.service.impl;
  import java.util.List;
  import java.util.Map;
  import javax.annotation.Resource;
  import javax.jws.WebService;
  import javax.xml.ws.WebServiceContext;
  import javax.xml.ws.handler.MessageContext;
  import javax.xml.ws.http.HTTPException;
  import org.service.FloatService;
  @WebService(endpointInterface = "org.service.FloatService")
  public class FloatServiceImpl implements FloatService {
  @Resource
  WebServiceContext ws_ctx;
  public float c2f(float c) {
  if(authentucated()){
  return  32.0f + (c * 0.9f / 5f);
  }else{
  throw new HTTPException(401);
  }
  }
  public boolean authentucated(){
  MessageContext mctx = ws_ctx.getMessageContext();
  Map http_headers = (Map) mctx.get(MessageContext.HTTP_REQUEST_HEADERS);
  List uList = (List) http_headers.get("username");
  List pList = (List) http_headers.get("password");
  if(uList.contains("jiangwu")&&pList.contains("1")){
  return true;
  }
  return false;
  }
  }
  在web.xml下有如下配置
  
     
     
  com.sun.xml.ws.transport.http.servlet.WSServletContextListener   
     
     
     
  FloatWS   
     
  com.sun.xml.ws.transport.http.servlet.WSServlet   
     
     
     
  FloatWS   
  /float   
     
  在WEB-INF目录下新建一个sun-javaws.xml
  
     
         
  
  第二步: 打开命令行执行以下命令
  cd /d "webservice工程的目录\webRoot\WEB-INF\classes"
  D:\My Documents\web\floatservice\WebRoot\WEB-INF\classes>wsgen -cp . org.service.impl.FloatServiceImpl(jdk7的wsgen貌似不能使用jdk6是可用的D:\My Documents\web\floatservice\WebRoot\WEB-INF\classes>"D:\Program Files\Java\jdk1.6.0_24\bin\wsgen.exe"  -cp . org.service.impl.FloatServiceImpl)==============生成jws工件
  cd ../../
  jar cvf float.war WEB-INF===================对工程打包
  将war包放到tomcat的webapps目录下
  第三步:为tomcat配置ssl
  生成证书 keytool -genkey -alias tomcat -keyalg RSA -keystore "d:\.keystore"  -dname "CN=localhost, OU=localhost, O=localhost, L=SH, ST=SH, C=CN" -keypass 123456 -storepass 123456
  修改tomcat目录下/conf/server.xml文件找到如下代码段,深红色就是需要添加滴
  
  启动tomcat访问https://localhost:8443/如果看到狮子说明配置成功
  第四步:编写webservice的客户端代码
  首先创建个web工程,接着在工程中新建个类installcert
  import java.io.*;
  import java.net.URL;
  import java.security.*;
  import java.security.cert.*;
  import javax.net.ssl.*;
  public class InstallCert {
  public static void main(String[] args) throws Exception {
  String host;
  int port;
  char[] passphrase;
  if ((args.length == 1) || (args.length == 2)) {
  String[] c = args[0].split(":");
  host = c[0];
  port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);
  String p = (args.length == 1) ? "changeit" : args[1];
  passphrase = p.toCharArray();
  } else {
  System.out.println("Usage: java InstallCert [:port] [passphrase]");
  return;
  }
  File file = new File("jssecacerts");
  if (file.isFile() == false) {
  char SEP = File.separatorChar;
  File dir = new File(System.getProperty("java.home") + SEP
  + "lib" + SEP + "security");
  file = new File(dir, "jssecacerts");
  if (file.isFile() == false) {
  file = new File(dir, "cacerts");
  }
  }
  System.out.println("Loading KeyStore " + file + "...");
  InputStream in = new FileInputStream(file);
  System.out.println(in.available());
  KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
  ks.load(in, passphrase);
  in.close();
  SSLContext context = SSLContext.getInstance("TLS");
  TrustManagerFactory tmf =
  TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
  tmf.init(ks);
  X509TrustManager defaultTrustManager = (X509TrustManager)tmf.getTrustManagers()[0];
  SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);
  context.init(null, new TrustManager[] {tm}, null);
  SSLSocketFactory factory = context.getSocketFactory();
  System.out.println("Opening connection to " + host + ":" + port + "...");
  SSLSocket socket = (SSLSocket)factory.createSocket(host, port);
  socket.setSoTimeout(10000);
  try {
  System.out.println("Starting SSL handshake...");
  socket.startHandshake();
  socket.close();
  System.out.println();
  System.out.println("No errors, certificate is already trusted");
  } catch (SSLException e) {
  System.out.println();
  e.printStackTrace(System.out);
  }
  X509Certificate[] chain = tm.chain;
  if (chain == null) {
  System.out.println("Could not obtain server certificate chain");
  return;
  }
  BufferedReader reader =
  new BufferedReader(new InputStreamReader(System.in));
  System.out.println();
  System.out.println("Server sent " + chain.length + " certificate(s):");
  System.out.println();
  MessageDigest sha1 = MessageDigest.getInstance("SHA1");
  MessageDigest md5 = MessageDigest.getInstance("MD5");
  for (int i = 0; i > 4]);
  sb.append(HEXDIGITS[b & 15]);
  sb.append(' ');
  }
  return sb.toString();
  }
  private static class SavingTrustManager implements X509TrustManager {
  private final X509TrustManager tm;
  private X509Certificate[] chain;
  SavingTrustManager(X509TrustManager tm) {
  this.tm = tm;
  }
  public X509Certificate[] getAcceptedIssuers() {
  throw new UnsupportedOperationException();
  }
  public void checkClientTrusted(X509Certificate[] chain, String authType)
  throws CertificateException {
  throw new UnsupportedOperationException();
  }
  public void checkServerTrusted(X509Certificate[] chain, String authType)
  throws CertificateException {
  this.chain = chain;
  tm.checkServerTrusted(chain, authType);
  }
  }
  }
  然后执行在命令行以下命令
  cd /d "webservice客户端目录\WebRoot\WEB-INF\classes"
  java InstallCert localhost:8443
  命令行出现如下
  Enter certificate to add to trusted keystore or 'q' to quit: [1]
  此时键入1按回车键即可在 "webservice客户端目录\WebRoot\WEB-INF\classes"目录下生成jssecacerts文件,然后将其拷贝到java目录下\jre\lib\security下
  cd ../../../src
  wsimport -keep http://localhost:8443/工程名/web.xml配置的url-pattern的值?wsdl
  刷新工程将看到两个包然后在默认包下新建类FloatClient
  import java.util.Collections;
  import java.util.HashMap;
  import java.util.List;
  import java.util.Map;
  import javax.xml.ws.BindingProvider;
  import javax.xml.ws.handler.MessageContext;
  import org.apache.catalina.realm.RealmBase;
  import org.service.impl.FloatService;
  import org.service.impl.FloatServiceImplService;
  public class FloatServiceClient {
  private static final String endpoint = "https://localhost:8443/float/float";
  public static void main(String[] args) {
  FloatServiceImplService service = new FloatServiceImplService();
  FloatService port = service.getFloatServiceImplPort();
  Map req_ctx = ((BindingProvider) port).getRequestContext();
  req_ctx.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, endpoint);
  Map> hdr = new HashMap>();
  hdr.put("username", Collections.singletonList("jiangwu"));
  hdr.put("password", Collections.singletonList("1"));
  req_ctx.put(MessageContext.HTTP_REQUEST_HEADERS, hdr);
  System.out.println("c2f(-40.1) ==> " + port.c2F(-40.1f));
  }
  }
  写好后以application方式运行
  如果出现pikx的问题请把生成的jssecacerts复制到所有可能的java运行环境中
  第四步:为应用程序和tomcat添加密码摘要的容器管理安全
  首先:修改webservice的web.xml的配置,在文件中添加如下代码
  
  
  admin
  
  
  sessiontest secruity constraint
  
  Protected Area
  /float
  
  
  admin
  
  
  CONFIDENTIAL
  
  
  
  DIGEST
  
  然后使用tomcat带的digest工具生成铭文密码的摘要在命令行键入digest -a SHA 1(密码明文)
  生成密文:356a192b7913b04c54574d18c28d46e6395428ab将他配置到tomcat-users文件中
  
  
  
  接着重新打包工程同第二步不重复
  再接着 就可以用浏览器访问下https://localhost:8443/float/float?wsdl如果弹出登陆框表示服务端和tomcat都配置好了
  用amdin和356a192b7913b04c54574d18c28d46e6395428ab登陆看到wsdl文件那说明就完全ok了
  第五步:客户端访问
  暂时无解
分享到:
评论

相关推荐

Global site tag (gtag.js) - Google Analytics