绿色记忆 » CXF https://blog.gmem.cc Fri, 03 Apr 2026 04:13:36 +0000 en-US hourly 1 http://wordpress.org/?v=3.9.14 CXF带SSL支持的客户端示例 https://blog.gmem.cc/cxf-client-with-ssl https://blog.gmem.cc/cxf-client-with-ssl#comments Sun, 23 Dec 2012 03:14:09 +0000 http://blog.gmem.cc/?p=1495 WebService接口定义 基于JAX-WS定义的接口: [crayon-69d04afa8d8d7383027578/] SSL客户端示例 [crayon-69d04afa8d8dd412462725/]

The post CXF带SSL支持的客户端示例 appeared first on 绿色记忆.

]]>
WebService接口定义

基于JAX-WS定义的接口:

@WebService
public interface DataTransService
{

    @WebMethod ( operationName = "sendXML" )
    @WebResult ( name = "response" )
    String sendXML(
            @WebParam ( name = "userName" ) String userName,
            @WebParam ( name = "password" ) String password,
            @WebParam ( name = "msg" ) String msg );

}
SSL客户端示例
public void send(String username,String password,String xml) {
    String address = "https://127.0.0.1:5051/dataTransService";
    JaxWsProxyFactoryBean proxyFactory = new JaxWsProxyFactoryBean();
    proxyFactory.setServiceClass( DataTransService.class );
    proxyFactory.setAddress( address );
    DataTransService service = (DataTransService) proxyFactory.create();
    org.apache.cxf.endpoint.Client client = ClientProxy.getClient( service );


    HTTPConduit httpConduit = (HTTPConduit) client.getConduit();
    TLSClientParameters tlsParams = initTLSClientParameters();

    httpConduit.setTlsClientParameters( tlsParams );

    service.sendXML( username, password,xml);
}

private TLSClientParameters initTLSClientParameters() throws
    KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, UnrecoverableKeyException
{
    TLSClientParameters tlsParams = new TLSClientParameters();
    tlsParams.setDisableCNCheck( true );
    CanaryConfig cfg = getCanaryConfig();
    {
        KeyStore trustKeyStore = KeyStore.getInstance( cfg.getString( "https.trustManagers.keyStore.type" ) );
        String trustKeyStorePassword = cfg.getString( "https.trustManagers.keyStore.password" );
        String url = cfg.getString( "https.trustManagers.keyStore.url" );
        File trustKeyStoreFile = CanaryHelper.urlToFile( url );
        trustKeyStore.load( new FileInputStream( trustKeyStoreFile ), trustKeyStorePassword.toCharArray() );
        TrustManagerFactory trustFactory = TrustManagerFactory.getInstance( TrustManagerFactory.getDefaultAlgorithm() );
        trustFactory.init( trustKeyStore );
        TrustManager[] tm = trustFactory.getTrustManagers();
        tlsParams.setTrustManagers( tm );
    }
    {
        KeyStore priKeyStore = KeyStore.getInstance( cfg.getString( "https.keyManagers.keyStore.type" ) );
        String priKeyStorePassword = cfg.getString( "https.keyManagers.keyStore.password" );
        String url = cfg.getString( "https.keyManagers.keyStore.url" );
        File priKeyStoreFile = CanaryHelper.urlToFile( url );
        priKeyStore.load( new FileInputStream( priKeyStoreFile ), priKeyStorePassword.toCharArray() );
        KeyManagerFactory keyFactory = KeyManagerFactory.getInstance( KeyManagerFactory.getDefaultAlgorithm() );
        keyFactory.init( priKeyStore, cfg.getString( "https.keyManagers.keyPassword" ).toCharArray() );
        KeyManager[] km = keyFactory.getKeyManagers();
        tlsParams.setKeyManagers( km );
    }
    {
        FiltersType filter = new FiltersType();
        filter.getInclude().add( ".*_EXPORT_.*" );
        filter.getInclude().add( ".*_EXPORT1024_.*" );
        filter.getInclude().add( ".*_WITH_DES_.*" );
        filter.getInclude().add( ".*_WITH_NULL_.*" );
        filter.getExclude().add( ".*_DH_anon_.*" );
        tlsParams.setCipherSuitesFilter( filter );
    }
    return tlsParams;
}

The post CXF带SSL支持的客户端示例 appeared first on 绿色记忆.

]]> https://blog.gmem.cc/cxf-client-with-ssl/feed 0 Spring配置:启用Jetty SSL传输的CXF https://blog.gmem.cc/spring-confg-cxf-with-ssl https://blog.gmem.cc/spring-confg-cxf-with-ssl#comments Sat, 22 Dec 2012 10:34:51 +0000 http://blog.gmem.cc/?p=1144 Spring配置文件 [crayon-69d04afa8dde8070155465/] 使用JDK的keytool密钥对 使用JDK自带的keytool命令可以生成JKS(Java KeyStore)文件,作为数字证书库使用。在配置SSL时,一般需要用到两个JKS:信任库、证书库(对应上节配置文件中的truststore、keystore)。 下面是生成证书库的示例: [crayon-69d04afa8ddf1446777809/]

The post Spring配置:启用Jetty SSL传输的CXF appeared first on 绿色记忆.

]]>
Spring配置文件
<beans 
    xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:sec="http://cxf.apache.org/configuration/security"
    xmlns:http="http://cxf.apache.org/transports/http/configuration"
    xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
    xmlns:cxf="http://cxf.apache.org/core"
    xmlns:jaxws="http://cxf.apache.org/jaxws"

    xsi:schemaLocation="
        http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd
        http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
        http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
        http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd ">

    <import resource="classpath:META-INF/cxf/cxf.xml" />
    <import resource="classpath:META-INF/cxf/cxf-extension-jaxws.xml" />

    <cxf:bus>
        <cxf:features>
            <cxf:logging />
        </cxf:features>
    </cxf:bus>
    <bean id="cfg" class="sparknet.canary.core.cfg" init-method="init">
        <property name="params">
            <value>
            <![CDATA[
                http.port=5050
                https.port=5051
                https.keyManagers.keyStore.type=JKS
                https.keyManagers.keyPassword=sparknet
                https.keyManagers.keyStore.password=sparknet
                https.keyManagers.keyStore.url=#{@cfg.baseDirUrl}/work/security/key/platform.jks
                https.trustManagers.keyStore.type=JKS
                https.trustManagers.keyStore.password=sparknet
                https.trustManagers.keyStore.url=#{@cfg.baseDirUrl}/work/security/cert/trust.jks
                http.minThreads=5
                http.maxThreads=50
            ]]>
            </value>
        </property>
    </bean>
    <bean name="dataTransServiceImplHttp" class="cc.gmem.demo.ws.DataTransServiceImpl" autowire="byName">
        <property name="https" value="false" />
    </bean>
    <bean name="dataTransServiceImplHttps" class="cc.gmem.demo.ws.DataTransServiceImpl" autowire="byName">
        <property name="https" value="true" />
    </bean>
    <jaxws:endpoint id="dataTransServiceHttp" implementor="#dataTransServiceImplHttp" address="http://0.0.0.0:#{@cfg.params['http.port']}/dataTransService" publish="true" />
    <jaxws:endpoint id="dataTransServiceHttps" implementor="#dataTransServiceImplHttps" address="https://0.0.0.0:#{@cfg.params['https.port']}/dataTransService" publish="true" />

    <httpj:engine-factory bus="cxf">

        <httpj:identifiedThreadingParameters id="threadPool">
            <httpj:threadingParameters minThreads="#{@cfg.params['http.minThreads']}" maxThreads="#{@cfg.params['http.maxThreads']}" />
        </httpj:identifiedThreadingParameters>

        <httpj:engine port="#{@cfg.params['http.port']}">
            <httpj:threadingParametersRef id="threadPool" />
            <httpj:connector>
                <bean class="org.eclipse.jetty.server.bio.SocketConnector">
                    <property name="port" value="#{@cfg.params['http.port']}" />
                </bean>
            </httpj:connector>
        </httpj:engine>
        <httpj:engine port="#{@cfg.params['https.port']}">
            <httpj:tlsServerParameters>
                <sec:keyManagers keyPassword="#{@cfg.params['https.keyManagers.keyPassword']}">
                    <sec:keyStore type="#{@cfg.params['https.keyManagers.keyStore.type']}" url="#{@cfg.params['https.keyManagers.keyStore.url']}" password="#{@cfg.params['https.keyManagers.keyStore.password']}" />
                </sec:keyManagers>
                <sec:trustManagers>
                    <sec:keyStore type="#{@cfg.params['https.trustManagers.keyStore.type']}" url="#{@cfg.params['https.trustManagers.keyStore.url']}" password="#{@cfg.params['https.trustManagers.keyStore.password']}" />
                </sec:trustManagers>
                <sec:cipherSuitesFilter>
                    <sec:include>.*_EXPORT_.*</sec:include>
                    <sec:include>.*_EXPORT1024_.*</sec:include>
                    <sec:include>.*_WITH_DES_.*</sec:include>
                    <sec:include>.*_WITH_AES_.*</sec:include>
                    <sec:include>.*_WITH_NULL_.*</sec:include>
                    <sec:exclude>.*_DH_anon_.*</sec:exclude>
                </sec:cipherSuitesFilter>
                <sec:clientAuthentication want="true" required="true" />
            </httpj:tlsServerParameters>
            <httpj:threadingParametersRef id="threadPool" />
            <httpj:connector>
                <bean class="org.eclipse.jetty.server.ssl.SslSocketConnector">
                    <property name="port" value="#{@cfg.params['https.port']}" />
                    <property name="password" value="#{@cfg.params['https.keyManagers.keyStore.password']}" />
                    <property name="trustPassword" value="#{@cfg.params['https.trustManagers.keyStore.password']}" />
                    <property name="keyPassword" value="#{@cfg.params['https.keyManagers.keyPassword']}" />
                    <property name="protocol" value="TLS" />
                    <property name="keystore" value="#{@cfg.params['https.keyManagers.keyStore.url']}" />
                    <property name="keystoreType" value="#{@cfg.params['https.keyManagers.keyStore.type']}" />
                    <property name="truststore" value="#{@cfg.params['https.trustManagers.keyStore.url']}" />
                    <property name="truststoreType" value="#{@cfg.params['https.trustManagers.keyStore.type']}" />
                    <property name="wantClientAuth" value="false" />
                    <property name="needClientAuth" value="false" />
                </bean>
            </httpj:connector>
        </httpj:engine>
    </httpj:engine-factory>
</beans>
使用JDK的keytool密钥对

使用JDK自带的keytool命令可以生成JKS(Java KeyStore)文件,作为数字证书库使用。在配置SSL时,一般需要用到两个JKS:信任库、证书库(对应上节配置文件中的truststore、keystore)。
下面是生成证书库的示例:

keytool -genkey -alias platform -keyalg RSA -keypass key_password -storepass store_password -dname "CN=DataTrans Platform, OU=, O=Gmem.cc, L=Nan Jing, ST=Jiang Su, C=CN" -validity 3650 -keystore platform.jks

The post Spring配置:启用Jetty SSL传输的CXF appeared first on 绿色记忆.

]]> https://blog.gmem.cc/spring-confg-cxf-with-ssl/feed 0