A.8.2.3. Web Service Requester
本节详细介绍了调用实现端点安全性的 Web 服务的关键元素,如 SAML Bearer 场景中所述。讨论的组件包括:
A.8.2.3.1. Web 服务请求者实施
ws-requester
(客户端)使用了标准步骤来创建对 Web 服务的引用。为解决端点安全要求,Web 服务的"请求上下文"配置了消息生成所需的信息。此外,与 STS 通信的 STSClient
也配置了类似的值。
注意
以 a .it
后缀结尾的密钥字符串将这些设置标记为属于 STSClient
。内部 Apache CXF 代码将此信息分配到此服务调用自动生成的 STSClient
。
还有一种设置 STSCLient
的方法。用户可以提供自己的 STSClient
实例。Apache CXF 代码使用此对象,不自动生成一个对象。以这种方式提供 STSClient
时,用户必须为其提供 org.apache.cxf.Bus
,配置键不得具有 .it
后缀。这可用于 ActAs 和 OnBehalfOf 示例。
String serviceURL = "https://" + getServerHost() + ":8443/jaxws-samples-wsse-policy-trust-bearer/BearerService"; final QName serviceName = new QName("http://www.jboss.org/jbossws/ws-extensions/bearerwssecuritypolicy", "BearerService"); Service service = Service.create(new URL(serviceURL + "?wsdl"), serviceName); BearerIface proxy = (BearerIface) service.getPort(BearerIface.class); Map<String, Object> ctx = ((BindingProvider)proxy).getRequestContext(); // set the security related configuration information for the service "request" ctx.put(SecurityConstants.CALLBACK_HANDLER, new ClientCallbackHandler()); ctx.put(SecurityConstants.SIGNATURE_PROPERTIES, Thread.currentThread().getContextClassLoader().getResource( "META-INF/clientKeystore.properties")); ctx.put(SecurityConstants.ENCRYPT_PROPERTIES, Thread.currentThread().getContextClassLoader().getResource( "META-INF/clientKeystore.properties")); ctx.put(SecurityConstants.SIGNATURE_USERNAME, "myclientkey"); ctx.put(SecurityConstants.ENCRYPT_USERNAME, "myservicekey"); //-- Configuration settings that will be transfered to the STSClient // "alice" is the name provided for the WSS Username. Her password will // be retreived from the ClientCallbackHander by the STSClient. ctx.put(SecurityConstants.USERNAME + ".it", "alice"); ctx.put(SecurityConstants.CALLBACK_HANDLER + ".it", new ClientCallbackHandler()); ctx.put(SecurityConstants.ENCRYPT_PROPERTIES + ".it", Thread.currentThread().getContextClassLoader().getResource( "META-INF/clientKeystore.properties")); ctx.put(SecurityConstants.ENCRYPT_USERNAME + ".it", "mystskey"); ctx.put(SecurityConstants.STS_TOKEN_USERNAME + ".it", "myclientkey"); ctx.put(SecurityConstants.STS_TOKEN_PROPERTIES + ".it", Thread.currentThread().getContextClassLoader().getResource( "META-INF/clientKeystore.properties")); ctx.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO + ".it", "true"); proxy.sayHello();