Web Services Security
UsernameToken :
jax-ws security server side creation steps:
1.we need to create callback implementation class .when ever
soap request comes this handler method
will invoke we need to write authentic logic here
example::
public class
ServerPasswordCallback implements CallbackHandler {
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
{
for (int i = 0; i < callbacks.length; i++) { WSPasswordCallback
pc = (WSPasswordCallback) callbacks[i];
if (pc.getUsage() ==
WSPasswordCallback.USERNAME_TOKEN)
{
//You must set a password for the
user, WSS4J would
compare
//the password with the password
sent by client, if they match
//message will be processed. Any
mismatch in password will result in a SOAP Fault. if(pc.getIdentifier().equalsIgnoreCase("username"))
pc.setPassword("password");
}
}
}
}
2.we need to create logging interceptors in
configuration file
<bean id="logInBound" class="org.apache.cxf.interceptor.LoggingInInterceptor" />
<bean id="logOutBound" class="org.apache.cxf.interceptor.LoggingOutInterceptor"
/>
3.we need to create
inbound-security
bean we need to set properties password type
and action and mainly our callback implementation class.
<bean id="inbound-security" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
<map>
<entry key="action" value="UsernameToken"
/>
<entry key="passwordType" value="PasswordText" />
<entry key="passwordCallbackClass" value="com.iton.jaxws.ServerPasswordCallback"
/>
</map>
</constructor-arg>
</bean>
4.we need to configure interceptors for
endpoints(which required security)
<bean id="jaxwsservices" class="com.iton.jaxws.JaxwsServiceImpl">
</bean>
<jaxws:endpoint implementor="#jaxwsservices"
address="/jaxsws">
<jaxws:inInterceptors>
<ref bean="logInBound" />
<ref bean="inbound-security" />
</jaxws:inInterceptors>
<jaxws:outInterceptors>
<ref bean="logOutBound" />
</jaxws:outInterceptors>
</jaxws:endpoint>
0 comments: