Java 您如何将 TLS/SSL Http 身份验证与 CXF 客户端一起用于 Web 服务?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/543896/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How do you use TLS/SSL Http Authentication with a CXF client to a web service?
提问by ScArcher2
I'm trying to access a web service secured by a certificate. The security is setup on IIS and the web service is behind it.
我正在尝试访问受证书保护的 Web 服务。安全设置在 IIS 上,Web 服务在其后面。
I don't think WS-SECURITY will do this type of authentication. Is there any way to pass the client certificate when you call the web service?
我认为 WS-SECURITY 不会进行这种类型的身份验证。有什么办法可以在调用web服务时通过客户端证书吗?
I'm just getting an IIS Error Page that says "The page requires a client certificate".
我刚刚收到一个 IIS 错误页面,上面写着“该页面需要客户端证书”。
I'm using CXF 2.1.4
我正在使用 CXF 2.1.4
采纳答案by Chris Dail
Yes, this is possible using CXF. You will need to set up the client conduit. You can specify the keystore that contains the certificates that will allow you to access the web service in IIS. As long as the certificate you are using here is a known allowed client in IIS, you should be ok.
是的,这可以使用 CXF。您将需要设置客户端管道。您可以指定包含允许您访问 IIS 中的 Web 服务的证书的密钥库。只要您在此处使用的证书是 IIS 中已知的允许客户端,您就应该没问题。
<http:conduit name="{http://apache.org/hello_world}HelloWorld.http-conduit">
<http:tlsClientParameters>
<sec:keyManagers keyPassword="password">
<sec:keyStore type="JKS" password="password"
file="src/test/java/org/apache/cxf/systest/http/resources/Morpit.jks"/>
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="JKS" password="password"
file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
</sec:trustManagers>
...
</http:tlsClientParameters>
Sample from: CXF Wiki
样本来自:CXF Wiki
回答by haris mohamed
Above answer is correct but adding to that ....
上面的答案是正确的,但要补充....
Your client bean should be as following (for this SSL working fine):
您的客户端 bean 应如下所示(对于此 SSL 工作正常):
<jaxws:client id="helloClient" serviceClass="demo.spring.HelloWorld" address="http://localhost:9002/HelloWorld" />
If you define the client bean as following SSL will not work:
如果您将客户端 bean 定义为以下 SSL 将不起作用:
<bean id="proxyFactory"
class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean">
<property name="serviceClass" value="demo.spring.HelloWorld"/>
<property name="address" value="http://localhost:9002/HelloWorld"/>
</bean>
回答by geg
To do it in programatically, create an interceptor and add it to your JaxWsProxyFactoryBeanwith factory.getOutInterceptors().add(new TLSInterceptor()).
要以编程方式执行此操作,请创建一个拦截器并将其添加到您的JaxWsProxyFactoryBeanwith factory.getOutInterceptors().add(new TLSInterceptor()).
public class TLSInterceptor extends AbstractPhaseInterceptor<Message> {
public TLSInterceptor() {
super(Phase.SETUP);
}
@Override
public void handleMessage(final Message message) throws Fault {
final Conduit conduit = message.getExchange().getConduit(message);
if (conduit instanceof HTTPConduit) {
final HTTPConduit httpConduit = (HTTPConduit) conduit;
final TLSClientParameters tlsClientParameters = ObjectUtils.firstNonNull(httpConduit.getTlsClientParameters(), new TLSClientParameters());
// configure the params
httpConduit.setTlsClientParameters(tlsClientParameters);
}
}
}
