(转自http://blog.progs.be/71/cxf-simple-frontend-allow-all-ssl-certificates-and-set-basic-authentication-credentials)
CXF is a wonderful web services framework. It is mostly configured using spring, however, this falls short when trying to assure that all SSL certificates are accepted. In this case, programmatic configuration is needed.
In the case where I needed this, SSL was used only to assure that the communication is encrypted at the transport level. Though the server certificate is normally used to assure the that it cannot be replaced without being noticed, this was not our concern. Specifically, self signed certificates are used, and there is no guarantee that they will not be changed.
In CXF the configuration of the transport is done by the conduit. The following snippet indicates how this can be accessed for the simple frontend.
ClientProxyFactoryBean factory = new ClientProxyFactoryBean();
factory.setServiceClass( PingService.class );
factory.setAddress( "https://localhost:8443/ca/pxws/1.0/ping" );
PingService client = (PingService) factory.create();
Client proxy = ClientProxy.getClient( client );
HTTPConduit conduit = (HTTPConduit) proxy.getConduit();
TLSClientParameters tcp = new TLSClientParameters();
tcp.setTrustManagers( new TrustManager[]{ new TrustAllX509TrustManager() } );
conduit.setTlsClientParameters( tcp );
Similarly, the conduit can also be used to set the credentials which may be needed when the service is secured using basic authentication (as can be configured in web.xml).
The full code for the test is
package example.ws10.test;
import example.ws10.PingService;
import junit.framework.TestCase;
import org.apache.cxf.configuration.jsse.TLSClientParameters;
import org.apache.cxf.configuration.security.AuthorizationPolicy;
import org.apache.cxf.endpoint.Client;
import org.apache.cxf.frontend.ClientProxy;
import org.apache.cxf.frontend.ClientProxyFactoryBean;
import org.apache.cxf.transport.http.HTTPConduit;
import org.equanda.util.security.SslUtil;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.cert.X509Certificate;
/**
* Test the Ping service
*
* @author <a href="mailto:joachim@progs.be">Joachim Van der Auwera</a>
*/
public class PingTest
extends TestCase
{
public void testPingService()
throws Exception
{
ClientProxyFactoryBean factory = new ClientProxyFactoryBean();
factory.setServiceClass( PingService.class );
factory.setAddress( "https://localhost:8443/ca/pxws/1.0/ping" );
PingService client = (PingService) factory.create();
Client proxy = ClientProxy.getClient( client );
HTTPConduit conduit = (HTTPConduit) proxy.getConduit();
TLSClientParameters tcp = new TLSClientParameters();
tcp.setTrustManagers( new TrustManager[]{ new SslUtil.TrustAllX509TrustManager() } );
conduit.setTlsClientParameters( tcp );
AuthorizationPolicy auth = conduit.getAuthorization();
if ( null == auth ) auth = new AuthorizationPolicy();
auth.setUserName( "local" );
auth.setPassword( "local" );
String res = client.getPing();
assertTrue( res.startsWith( "Ping back @" ) );
}
/**
* This class allow any X509 certificates to be used to authenticate the remote side of a secure socket, including
* self-signed certificates.
*/
public static class TrustAllX509TrustManager
implements X509TrustManager
{
/** Empty array of certificate authority certificates. */
private static final X509Certificate[] acceptedIssuers = new X509Certificate[]{ };
/**
* Always trust for client SSL chain peer certificate chain with any authType authentication types.
*
* @param chain the peer certificate chain.
* @param authType the authentication type based on the client certificate.
*/
public void checkClientTrusted( X509Certificate[] chain, String authType )
{}
/**
* Always trust for server SSL chain peer certificate chain with any authType exchange algorithm types.
*
* @param chain the peer certificate chain.
* @param authType the key exchange algorithm used.
*/
public void checkServerTrusted( X509Certificate[] chain, String authType )
{}
/**
* Return an empty array of certificate authority certificates which are trusted for authenticating peers.
*
* @return a empty array of issuer certificates.
*/
public X509Certificate[] getAcceptedIssuers()
{
return ( acceptedIssuers );
}
}
}
分享到:
相关推荐
赠送jar包:cxf-rt-frontend-simple-3.0.1.jar; 赠送原API文档:cxf-rt-frontend-simple-3.0.1-javadoc.jar; 赠送源代码:cxf-rt-frontend-simple-3.0.1-sources.jar; 赠送Maven依赖信息文件:cxf-rt-frontend-...
CXF中使用Simple FrontEnd Project方式发布并获取webservice服务
赠送jar包:cxf-rt-frontend-jaxws-3.0.1.jar; 赠送原API文档:cxf-rt-frontend-jaxws-3.0.1-javadoc.jar; 赠送源代码:cxf-rt-frontend-jaxws-3.0.1-sources.jar; 赠送Maven依赖信息文件:cxf-rt-frontend-jaxws...
cxf中会出现编码问题的cxf-rt-frontend-simple-3.1.13.jar的源码
CXF实现SSL安全验证,实现https的WebService
赠送jar包:cxf-rt-frontend-jaxrs-3.0.1.jar; 赠送原API文档:cxf-rt-frontend-jaxrs-3.0.1-javadoc.jar; 赠送源代码:cxf-rt-frontend-jaxrs-3.0.1-sources.jar; 赠送Maven依赖信息文件:cxf-rt-frontend-jaxrs...
CXF提供两种类型的前端(Frontend):JAX-WS和简单前端(Simple Frontend)。本节将详细介绍JAX-WS前端。 JAX-WS前端 Code-First方式 创建Service Endpoint Interface ( SEI) 添加Java注解 发布服务 开发客户端 ...
cxf-rt-frontend-jaxws-3.0.16.jar jar包下载3.0.16版本下载
CXF helps you build and develop services using frontend programming APIs, like JAX-WS and JAX-RS. These services can speak a variety of protocols such as SOAP, XML/HTTP, RESTful HTTP, or CORBA and ...
NULL 博文链接:https://wangwengcn.iteye.com/blog/1881535
Frontends:CXF 支持多种“Frontend”编程模型,CXF 实现了JAX-WS API (遵循 JAX-WS 2.0 TCK 版本),它也包含一个“simple frontend”允许客户端和 EndPoint 的创建,而不需要 Annotation 注解。CXF 既支持 WSDL...
spring 4.2.0 集成的cxf3.1.18的jar包,cxf-core-3.1.18.jar、cxf-rt-bindings-soap-3.1.18.jar、cxf-rt-databinding-jaxb-3.1.18.jar、cxf-rt-frontend-jaxws-3.1.18.jar、cxf-rt-frontend-simple-3.1.18.jar、cxf-...
android client ksoap2 token apache cxf wss4j authentication
基于SSL验证的Apache CXF客户端设计 1,服务器端Tomcat配置SSL支持 2,服务器端Web Service接口设计 3,客户端访问设计,包括代码和配置文件 详情请看博客:...
JaxWsDynamicClientFactory调用Webservice时所用jar包
2. Frontends:CXF 支持多种“Frontend”编程模型,CXF 实现了 JAX-WS API (遵循 JAX-WS 2.0 TCK 版本),它也包含一个“simple frontend”允许客户端和 EndPoint 的创建,而不需要 Annotation 注解。CXF 既支持 ...
利用Apache CXF开发webservice接口需要用到的jar集合 cxf-core-3.0.15.jar cxf-rt-bindings-soap-3.0.15.jar ...cxf-rt-frontend-simple-3.0.15.jar cxf-rt-transports-http-3.0.15.jar cxf-rt-wsdl-3.0.15.jar
ph-commons.zip,Java 1.6+库,包含所有项目所需的大量实用程序类Java 1.8+库,包含所有项目所需的大量实用程序类
Frontends:CXF 支持多种“Frontend”编程模型,CXF 实现了 JAX-WS API (遵循 JAX-WS 2.0 TCK 版本),它也包含一个“simple frontend”允许客户端和 EndPoint 的创建,而不需要 Annotation 注解。CXF 既支持 WSDL ...