【问题标题】:client for secured proxy service?安全代理服务的客户端?
【发布时间】:2013-04-22 19:32:15
【问题描述】:

我正在尝试为我的代理服务实施安全性。我从这个链接获得了安全实施帮助:http://evanthika.blogspot.in/2012/12/pox-security-with-wso2-esb-proxy.html。我的安全性已实现,我也可以通过尝试调用它,但我想通过客户端调用此服务,但我无法找到如何执行此部分。谁能给我一个关于这个问题的样本?提前致谢

【问题讨论】:

    标签: axis2 wso2 wso2esb


    【解决方案1】:

    更新:

    RampartConfigBuilder 类:

    package org.wso2.carbon.security.ws;
    
    import org.apache.rampart.policy.model.RampartConfig;
    import org.apache.rampart.policy.model.CryptoConfig;
    
    import java.util.Properties;
    import java.io.File;
    
    /**
     * This class is used to create Rampart Configurations for different security scenarios in WSAS
     */
    public class RampartConfigBuilder {
    
        public static RampartConfig createRampartConfig(int securityScenario) {
    
            RampartConfig rampartConfig = null;
    
            Properties merlinProp = new Properties();
            merlinProp.put("org.apache.ws.security.crypto.merlin.keystore.type", "JKS");
            merlinProp.put("org.apache.ws.security.crypto.merlin.file",
                           "src" + File.separator + "main" + File.separator + "resources" + File.separator + "wso2carbon.jks");
            merlinProp.put("org.apache.ws.security.crypto.merlin.keystore.password", "wso2carbon");
    
            CryptoConfig sigCryptoConfig = new CryptoConfig();
            sigCryptoConfig.setProvider("org.apache.ws.security.components.crypto.Merlin");
            sigCryptoConfig.setProp(merlinProp);
    
            CryptoConfig encCryptoConfig = new CryptoConfig();
            encCryptoConfig.setProvider("org.apache.ws.security.components.crypto.Merlin");
            encCryptoConfig.setProp(merlinProp);
    
            switch (securityScenario) {
    
                /**
                 * Scenario : Username Token
                 * Rampart Config : username , password callback handler
                 */
    
                case 1:
                    rampartConfig = new RampartConfig();
                    rampartConfig.setUser("admin");
                    rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
                    break;
    
                /**
                 * Scenario : Non-repudiation
                 * Rampart Config : signatureCrypto , Password Callback Hanlder , User certificate Alias ,
                 *  Signature CryptoConfig
                 */
                case 2:
                    rampartConfig = new RampartConfig();
                    rampartConfig.setUserCertAlias("wso2carbon");
                    rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
                    rampartConfig.setSigCryptoConfig(sigCryptoConfig);
                    break;
    
                /**
                 * Scenario : Integrity
                 * Rampart Config : Encryption user , Signature CryptoConfig
                 */
                case 3:
                    rampartConfig = new RampartConfig();
                    rampartConfig.setEncryptionUser("wso2carbon");
                    rampartConfig.setSigCryptoConfig(sigCryptoConfig);
                    break;
    
                /**
                 * Scenario : Confidentiality :
                 * Rampart Config : Encryption user , Encryption CryptoConfig
                 */
                case 4:
                    rampartConfig = new RampartConfig();
                    rampartConfig.setEncryptionUser("wso2carbon");
                    rampartConfig.setEncrCryptoConfig(encCryptoConfig);
                    break;
    
                /**
                 * Scenario : Sign and encrypt - X509 Authentication
                 * Rampart Config : User cert alias , Encryption user , Sign. CryptoConfig , Enc. CryptoConfig ,
                 *  Password Callback Handler
                 */
                case 5:
                    rampartConfig = new RampartConfig();
                    rampartConfig.setEncryptionUser("wso2carbon");
                    rampartConfig.setUserCertAlias("wso2carbon");
                    rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
                    rampartConfig.setSigCryptoConfig(sigCryptoConfig);
                    rampartConfig.setEncrCryptoConfig(encCryptoConfig);
                    break;
    
                /**
                 * Scenario : Sign and Encrypt - Anonymous clients 
                 *  Rampart Config : Encryption User , Sign. CryptoConfig | Encr. CryptoConfig
                 */
                case 6:
                    rampartConfig = new RampartConfig();
                    rampartConfig.setEncryptionUser("wso2carbon");
                    rampartConfig.setEncrCryptoConfig(encCryptoConfig);
                    break;
    
                /**
                 * Scenario : Encrypt only - Username Token Authentication 
                 * Rampart Config : Username , PasswordCallbackHandler + Encryption User
                 * , Sign. CryptoConfig | Encr. CryptoConfig
                 */
                case 7:
                    rampartConfig = new RampartConfig();
                    rampartConfig.setUser("admin");
                    rampartConfig.setEncryptionUser("wso2carbon");
                    rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
                    rampartConfig.setEncrCryptoConfig(encCryptoConfig);
                    break;
    
                /**
                 * Scenario : Sign and Encrypt - Username Token Authentication 
                 * Rampart Config : Username + PasswordCallbackhandler , Encryption User ,
                 *  Sign. CryptoConfig | Encr. CryptoConfig
                 */
                case 8:
                    rampartConfig = new RampartConfig();
                    rampartConfig.setUser("admin");
                    rampartConfig.setEncryptionUser("wso2carbon");
                    rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
                    rampartConfig.setEncrCryptoConfig(encCryptoConfig);
                    break;
    
                /**
                 * Scenario : SecureConversation - Sign only - Service as STS - Bootstrap policy - Sign and Encrypt ,
                 * X509 Authentication
                 * Rampart Config : encryption user, User Cert. Alias, Password Callback Handler, Sign. CryptoConfig,
                 * Encr. CryptoConfig
                 */
                case 9:
                    rampartConfig = new RampartConfig();
                    rampartConfig.setEncryptionUser("wso2carbon");
                    rampartConfig.setUserCertAlias("wso2carbon");
                    rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
                    rampartConfig.setEncrCryptoConfig(encCryptoConfig);
                    rampartConfig.setSigCryptoConfig(sigCryptoConfig);
                    break;
    
                /**
                 * Scenario : SecureConversation - Encrypt only - Service as STS - Bootstrap policy - Sign and Encrypt ,
                 * X509 Authentication      Provides Confidentiality. Multiple message exchange.Clients have X509 certificates.
                 * Rampart Config : encryption user, User Cert. Alias, Password Callback Handler, Sign. CryptoConfig,
                 * Encr. CryptoConfig
                 */
                case 10:
                    rampartConfig = new RampartConfig();
                    rampartConfig.setEncryptionUser("wso2carbon");
                    rampartConfig.setUserCertAlias("wso2carbon");
                    rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
                    rampartConfig.setEncrCryptoConfig(encCryptoConfig);
                    rampartConfig.setSigCryptoConfig(sigCryptoConfig);
                    break;
    
                /**
                 * Scenario : SecureConversation - Sign and Encrypt - Service as STS - Bootstrap policy - Sign and Encrypt,
                 *  X509 Authentication
                 * Rampart Config : encryption user, User Cert. Alias, Password Callback Handler, Sign. CryptoConfig,
                 * Encr. CryptoConfig
                 */
                case 11:
                    rampartConfig = new RampartConfig();
                    rampartConfig.setEncryptionUser("wso2carbon");
                    rampartConfig.setUserCertAlias("wso2carbon");
                    rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
                    rampartConfig.setEncrCryptoConfig(encCryptoConfig);
                    rampartConfig.setSigCryptoConfig(sigCryptoConfig);
                    break;
    
                /**
                 * Scenario : SecureConversation - Sign Only - Service as STS - Bootstrap policy - Sign and Encrypt ,
                 * Anonymous clients
                 * Rampart Config : Encryption User, enc. crypto config
                 */
                case 12:
                    rampartConfig = new RampartConfig();
                    rampartConfig.setEncryptionUser("wso2carbon");
                    rampartConfig.setEncrCryptoConfig(encCryptoConfig);
                    break;
    
                /**
                 * Scenario : SecureConversation - Encrypt Only - Service as STS - Bootstrap policy - Sign and Encrypt ,
                 * Anonymous clients
                 * Rampart Config : Encryption User, enc. crypto config
                 */
                case 13:
                    rampartConfig = new RampartConfig();
                    rampartConfig.setEncryptionUser("wso2carbon");
                    rampartConfig.setEncrCryptoConfig(encCryptoConfig);
                    break;
    
                /**
                 * Scenario : SecureConversation - Encrypt Only - Service as STS - Bootstrap policy - Sign and Encrypt ,
                 * Username Token Authentication
                 * Rampart Config : Username, encryption user, Password Callback Handler, enc. crypto config
                 */
                case 14:
                    rampartConfig = new RampartConfig();
                    rampartConfig.setUser("admin");
                    rampartConfig.setEncryptionUser("wso2carbon");
                    rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
                    rampartConfig.setEncrCryptoConfig(encCryptoConfig);
                    break;
    
                /**
                 * Scenario : SecureConversation - Sign and Encrypt - Service as STS - Bootstrap policy - Sign and Encrypt,
                 *  Username Token Authentication
                 * Rampart Config : Username, encryption user, Password Callback Handler, Encryption Crypto Config
                 */
                case 15:
                    rampartConfig = new RampartConfig();
                    rampartConfig.setUser("admin");
                    rampartConfig.setEncryptionUser("wso2carbon");
                    rampartConfig.setPwCbClass("org.wso2.carbon.security.ws.PasswordCallbackHandler");
                    rampartConfig.setEncrCryptoConfig(encCryptoConfig);
                    break;
    
            }
    
    
            return rampartConfig;
        }
    }
    

    PasswordCallbackHandler 类:

    package org.wso2.carbon.security.ws;
    
    import org.apache.ws.security.WSPasswordCallback;
    
    import javax.security.auth.callback.CallbackHandler;
    import javax.security.auth.callback.Callback;
    import javax.security.auth.callback.UnsupportedCallbackException;
    import java.io.IOException;
    
    
    public class PasswordCallbackHandler implements CallbackHandler{
         public void handle(Callback[] callbacks) throws IOException,
                 UnsupportedCallbackException {
            for (int i = 0; i < callbacks.length; i++) {
                WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
                String id = pwcb.getIdentifer();
                if("admin".equals(id)) {
                    pwcb.setPassword("admin");
                } else if("wso2carbon".equals(id)) {
                    pwcb.setPassword("wso2carbon");
                }
            }
        }
    }
    

    原文:

    以下 Java 代码允许您调用安全服务。您可以调用可以使用 15 种默认安全方案 [1] 保护的服务。您需要更改“/path/to/keystore”以指向默认情况下随 wso2esb 提供的 wso2carbon.jks 的位置(ESB_HOME/repository/resources/security/wso2carbon.jks)。 还将 /path/to/repo 更改为指向客户端 axis2 存储库。文件结构如下。 EPR 是硬编码的。因此,您可能需要更改这些以匹配您的服务。

    repository/
    └── modules
        ├── addressing-1.6.1-wso2v1.mar
        ├── rahas-1.6.1-wso2v1.mar
        └── rampart-1.6.1-wso2v1.mar
    

    [1]http://docs.wso2.org/wiki/display/AS510/QoS+-+Security+and+Reliable+Messaging

    package org.wso2.carbon.security.ws;
    
    import org.apache.axis2.addressing.EndpointReference;
    import org.apache.axis2.context.ConfigurationContext;
    import org.apache.axis2.context.ConfigurationContextFactory;
    import org.apache.axis2.description.AxisBinding;
    import org.apache.axis2.description.AxisEndpoint;
    import org.apache.axis2.rpc.client.RPCServiceClient;
    import org.apache.neethi.Policy;
    
    import javax.xml.namespace.QName;
    import java.io.BufferedReader;
    import java.io.File;
    import java.io.InputStreamReader;
    import java.net.URL;
    import java.util.Map;
    
    public class HelloServiceClient {
    
        static {
            System.setProperty("javax.net.ssl.trustStore", "/path/to/keystore" + File.separator+ "wso2carbon.jks");
            System.setProperty("javax.net.ssl.trustStorePassword", "wso2carbon");
        }
    
        public static void main(String[] args) {
            try {
    
                int securityScenario = getSecurityScenario();
    
                String repository = "/path/to/repo" + File.separator + "repository";
    
                ConfigurationContext confContext =
                        ConfigurationContextFactory.
                                createConfigurationContextFromFileSystem(repository, null);
    
                String endPoint = "HelloServiceHttpSoap12Endpoint";
                if(securityScenario == 1){
                    endPoint = "HelloServiceHttpsSoap12Endpoint";   // scenario 1 uses HelloServiceHttpsSoap12Endpoint
                }
    
                RPCServiceClient dynamicClient =
                        new RPCServiceClient(confContext,
                                             new URL("http://127.0.0.1:9763/services/HelloService?wsdl"),
                                             new QName("http://www.wso2.org/types", "HelloService"),
                                             endPoint);
    
                //Engage Modules
                dynamicClient.engageModule("rampart");
                dynamicClient.engageModule("addressing");
    
                //TODO : Change the port to monitor the messages through TCPMon
                if(securityScenario != 1){
                    dynamicClient.getOptions().setTo(new EndpointReference("http://127.0.0.1:9763/services/HelloService/"));
                }
    
                //Get the policy from the binding and append the rampartconfig assertion
                Map endPoints = dynamicClient.getAxisService().getEndpoints();
                AxisBinding axisBinding = ((AxisEndpoint) endPoints.values().iterator().next()).getBinding();
                Policy policy = axisBinding.getEffectivePolicy();
                policy.addAssertion(RampartConfigBuilder.createRampartConfig(securityScenario));
                axisBinding.applyPolicy(policy);
    
                //Invoke the service
                Object[] returnArray = dynamicClient.invokeBlocking(new QName("http://www.wso2.org/types","greet"),
                                                                    new Object[]{"Alice"},
                                                                    new Class[]{String.class});
    
                System.out.println((String) returnArray[0]);
    
            } catch (Exception ex) {
                ex.printStackTrace();
            }
        }
    
        private static int getSecurityScenario() {
            int scenarioNumber = 0;
            while (scenarioNumber < 1 || scenarioNumber > 15) {
                System.out.print("Insert the security scenario no : ");
                String inputString = readOption();
                try {
                    scenarioNumber = new Integer(inputString);
                } catch (Exception e) {
                    System.out.println("invalid input, insert a integer between 1 and 15");
                }
                if(scenarioNumber < 1 || scenarioNumber > 15){
                    System.out.println("Scenario number should be between 1 and 15");
                }
            }
            return scenarioNumber;
        }
        private static String readOption() {
            try {
                BufferedReader console = new BufferedReader(new InputStreamReader(System.in));
                String str;
                while ((str = console.readLine()).equals("")) {
                }
                return str;
            } catch (Exception e) {
                return null;
            }
        }
    }
    

    【讨论】:

    • 感谢卡松的回复。我对 policy.addAssertion(RampartConfigBuilder.createRampartConfig(securityScenario)); 有疑问行代码。在壁垒 jar 中没有名为 createRampartConfig 这样的方法,所以我被困在这条线上。请帮助
    【解决方案2】:

    几乎所有的 IDE(我个人使用 WSO2 开发人员工作室进行 WSO2 开发)都具有从 WSDL 文件生成存根的能力,在 ESB 中也有一个实用程序(在工具选项卡下)从 WSDL 生成 java 代码。您可以选择两种方式来生成 java 代码。从 wsdl 生成 java 存根并调用 Echo 服务(我说的只是针对您的情况)后,您可以将 Web 服务端点切换到代理服务 url。

    您可以从这里找到 WSO2 developer Studio,它是一个 Eclipse 包:

    WSO2 Developer Studio

    有关从客户端调用 Axis2 Web 服务的详细信息,您可以查看:

    Axis2 client invocation

    【讨论】:

    • 我已经从 esb 的 Generate client 生成了客户端,但是如何在 eclipse 中导入它?抱歉这个愚蠢的问题,但我是这个部门的新人
    • 如果你想这样做,你必须在你的eclipse中设置m2eclipse插件,因为从ESB生成的客户端代码可以由maven构建。
    • 如果我想使用回调处理程序并通过它调用我的代理服务该怎么办?
    • @Roy,我认为在这种情况下,您可能希望向您的代理服务添加一个中介(发送中介),以便将响应发送给请求者,而不是您必须走的路。我的意思是你可以在调用普通服务时使用你的调用器。
    猜你喜欢
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2011-08-14
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2012-03-31
    相关资源
    最近更新 更多