带有安全策略的axis2实现方式（一）

服务端

1、所需文件

service.jks，放在src下面（与client.jks是一对，具体生成方式可上网查询）

services.xml

<service name="receiveMsgServer">
  <description>
   server of  receiveMessage  ------服务描述信息
  </description>
  <parameter name="ServiceClass">
   com.test.ReceiveMessageServer  -------服务类，连带包结构
  </parameter>
  <parameter name="ServiceObjectSupplier">
   org.apache.axis2.extensions.spring.receivers.SpringAppContextAwareObjectSupplier
  </parameter>
   -------这是axis2与spring的集成，所以将服务类配成了spring bean，这里直接引用spring bean 的名称
  <parameter name="SpringBeanName" >ReceiveMsgBean</parameter> 

  <messageReceivers> ----定义服务所需的输入输出参数
   <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"   class="org.apache.axis2.rpc.receivers.RPCInOnlyMessageReceiver" />
   <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"    class="org.apache.axis2.rpc.receivers.RPCMessageReceiver" />
  </messageReceivers>
 

  -------安全策略的配置
  <module ref="rampart" />
  <wsp:Policy wsu:Id="SigOnly"
   xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
   xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
   <wsp:ExactlyOne>
    <wsp:All>
     <sp:AsymmetricBinding
      xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
      <wsp:Policy>
       <sp:InitiatorToken>
        <wsp:Policy>
         <sp:X509Token
          sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
          <wsp:Policy>
           <sp:RequireThumbprintReference />
           <sp:WssX509V3Token10 />
          </wsp:Policy>
         </sp:X509Token>
        </wsp:Policy>
       </sp:InitiatorToken>
       <sp:RecipientToken>
        <wsp:Policy>
         <sp:X509Token
          sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
          <wsp:Policy>
           <sp:RequireThumbprintReference />
           <sp:WssX509V3Token10 />
          </wsp:Policy>
         </sp:X509Token>
        </wsp:Policy>
       </sp:RecipientToken>
       <sp:AlgorithmSuite>
        <wsp:Policy>
         <sp:TripleDesRsa15 />
        </wsp:Policy>
       </sp:AlgorithmSuite>
       <sp:Layout>
        <wsp:Policy>
         <sp:Strict />
        </wsp:Policy>
       </sp:Layout>
       <sp:OnlySignEntireHeadersAndBody />
      </wsp:Policy>
     </sp:AsymmetricBinding>
     <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
      <wsp:Policy>
       <sp:MustSupportRefKeyIdentifier />
       <sp:MustSupportRefIssuerSerial />
      </wsp:Policy>
     </sp:Wss10>
     <sp:SignedParts
      xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
      <sp:Body />
     </sp:SignedParts>
     <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
      <ramp:user>service</ramp:user>

      -------判断密码的回调方法的路径，后面有具体代码
      <ramp:passwordCallbackClass>com.test.MsgCallbackHandler</ramp:passwordCallbackClass>

      <ramp:signatureCrypto>
       <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
        <ramp:property
         name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
        <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
        <ramp:property
         name="org.apache.ws.security.crypto.merlin.keystore.password">servicePW</ramp:property>
       </ramp:crypto>
      </ramp:signatureCrypto>
     </ramp:RampartConfig>

    </wsp:All>
   </wsp:ExactlyOne>
  </wsp:Policy>

</service>

3、代码

判断密码的回调方法的具体代码：

import java.io.IOException;

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;

import org.apache.ws.security.WSPasswordCallback;


public class MsgCallbackHandler implements CallbackHandler {

private final static String SERVER_ALIAS = "service";

private final static String SERVER_ALIAS_PASSWORD = "servicePW";

public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
  for (int i = 0; i < callbacks.length; i++) {

   // To use the private key to sign messages, we need to provide  the private key password
   WSPasswordCallback pwcb = (WSPasswordCallback) callbacks[i];

   if (pwcb.getIdentifier().equals(SERVER_ALIAS)) {
    pwcb.setPassword(SERVER_ALIAS_PASSWORD);
    return;
   }
  }
}
}

服务方法的具体代码：


public class ReceiveMessageServer {

    public String receiveMessage(Message message) {
        if (message !=null && StringUtils.isEmpty(message.getMsgId())) {
           System.out.println("成功接收信息！");
           return "0";
        }else{

           System.out.println("接收信息失败！");
           return "1";
    }

}