[CXF] Server与Client实现方式五：HTTPS

最新推荐文章于 2019-01-14 09:28:00 发布

原创最新推荐文章于 2019-01-14 09:28:00 发布 · 890 阅读

3 ·

CC 4.0 BY-SA版权

文章标签：

#java

JAX-WS 同时被 2 个专栏收录

11 篇文章

订阅专栏

OpenSource

11 篇文章

订阅专栏

本文介绍如何使用Apache CXF搭建支持HTTPS的安全服务。包括生成密钥文件、定义WebService接口、配置服务引擎以支持HTTPS及客户端配置。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

【参考：http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html 】

【参考：http://cxf.apache.org/docs/configuration.html 】

前几节讲了http和jms的传输协议的实现，这节介绍如何使用https来实现通信。

一、生成密钥

要使用https通信，首先我们需要生成一个用于双方通信的密钥文件，可以使用java自带的keytool工具来生成，例如：

keytool -genkey -alias gliu -keyalg RSA -storepass liu123 -keypass liu123 -keystore gliu.jks -dname "CN=localhost"

如果不指定 -keystore 参数，则会在用户目录下生成一个.keystore 文件。另外这里-dname里的CN参数需要指定为你的website的名字，例如对于本地测试，则使用localhost。

二、接口定义

和前几节一样，接口定义很简单：

@WebService
public interface OrderProcess {

	public String processOrder(Order order);
}

三、创建Service

要使得service支持https的传输协议，就需要用上面生成的密钥文件去配置服务引擎，首先在创建service时取得引擎对象：

		JaxWsServerFactoryBean bean = new JaxWsServerFactoryBean();
		Bus bus = bean.getBus();
		JettyHTTPServerEngineFactory serverEngineFactory = bus
				.getExtension(JettyHTTPServerEngineFactory.class);

然后就是配置引擎对象：

		File file = new File("key/gliu.jks");
		TLSServerParameters tlsParams = new TLSServerParameters();
		KeyStore keyStore = KeyStore.getInstance("JKS");
		String password = "liu123";
		String storePassword = "liu123";

		FileInputStream is = new FileInputStream(file);
		keyStore.load(is, storePassword.toCharArray());
		is.close();
		
		KeyManagerFactory keyFactory = KeyManagerFactory
				.getInstance(KeyManagerFactory.getDefaultAlgorithm());
		keyFactory.init(keyStore, password.toCharArray());
		KeyManager[] keyManagers = keyFactory.getKeyManagers();
		tlsParams.setKeyManagers(keyManagers);

		TrustManagerFactory trustFactory = TrustManagerFactory
				.getInstance(TrustManagerFactory.getDefaultAlgorithm());
		trustFactory.init(keyStore);
		TrustManager[] trustManagers = trustFactory.getTrustManagers();
		tlsParams.setTrustManagers(trustManagers);
		serverEngineFactory.setTLSServerParametersForPort(443, tlsParams);

最后创建服务即可：

		bean.setAddress("https://localhost/security/order");
		bean.setServiceBean(new OrderProcessImpl());
		bean.setServiceClass(OrderProcess.class);
		bean.create();

启动服务后就可以通过以下路径访问生成的wsdl了：

https://localhost/security/order?wsdl

也可以使用Spring配置，如下：

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://cxf.apache.org/configuration/security"
	xmlns:jetty="http://cxf.apache.org/transports/http-jetty/configuration"
	xmlns:jaxws="http://cxf.apache.org/jaxws"
	xsi:schemaLocation="
            http://cxf.apache.org/jaxws 
            http://cxf.apache.org/schemas/jaxws.xsd
            http://cxf.apache.org/configuration/security              
            http://cxf.apache.org/schemas/configuration/security.xsd
            http://cxf.apache.org/transports/http-jetty/configuration
            http://cxf.apache.org/schemas/configuration/http-jetty.xsd
            http://www.springframework.org/schema/beans
            http://www.springframework.org/schema/beans/spring-beans.xsd">

	<import resource="classpath:META-INF/cxf/cxf.xml" />
	<import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
	<import resource="classpath:META-INF/cxf/cxf-servlet.xml" />

	<jetty:engine-factory bus="cxf">
		<jetty:engine port="443">
			<jetty:tlsServerParameters>
				<sec:keyManagers keyPassword="liu123">
					<sec:keyStore type="JKS" password="liu123" file="key/gliu.jks" />
				</sec:keyManagers>
			</jetty:tlsServerParameters>
		</jetty:engine>
	</jetty:engine-factory>
	
	<jaxws:endpoint id="orderProcess"
		implementorClass="com.liulutu.liugang.https.OrderProcess"
		implementor="com.liulutu.liugang.https.OrderProcessImpl" address="https://localhost:443/security/order">
	</jaxws:endpoint>
</beans>

四、Client设置

一个简单的调用HTTPS服务的方式就是设置系统的ssl属性，例如调用上述service：

		System.setProperty("javax.net.ssl.trustStore", "key/gliu.jks");

		JaxWsDynamicClientFactory factory = JaxWsDynamicClientFactory
				.newInstance();
		Client client = factory
				.createClient("https://localhost/security/order?wsdl");
		Order order = new Order();
		order.setId("helloId");
		Object[] invokeWrapped = client.invoke("processOrder", order);
		System.out.println(invokeWrapped[0]);

也可以通过配置HTTPConduit对象来调用，例如：

		//create and configure client bean
		JaxWsClientFactoryBean jwcfb = new JaxWsClientFactoryBean();
		jwcfb.setServiceClass(OrderProcess.class);
		jwcfb.setAddress("https://localhost/security/order");
		Client client = jwcfb.create();
		
		//configure conduit
		HTTPConduit conduit = (HTTPConduit) client.getConduit();
		configureSecurityInfoFor(conduit);
		
		//invoke
		Order order = new Order();
		order.setId("helloId");
		Object[] invokeWrapped = client.invoke("processOrder", order);
		System.out.println(invokeWrapped[0]);

其中configureSecurityInfoFor(conduit)方法实现如如下：

		TLSClientParameters tlsClientParameters = new TLSClientParameters();
		tlsClientParameters.setSecureSocketProtocol("SSL");

		FileInputStream is = new FileInputStream("key/gliu.jks");
		KeyStore keyStore = KeyStore.getInstance("JKS");
		keyStore.load(is, "liu123".toCharArray());
		is.close();

		//set trust keystore
		TrustManagerFactory trustManagerFactory = TrustManagerFactory
				.getInstance(TrustManagerFactory.getDefaultAlgorithm());
		trustManagerFactory.init(keyStore);
		tlsClientParameters.setTrustManagers(trustManagerFactory
				.getTrustManagers());

		//set keystore
		KeyManagerFactory keyFactory = KeyManagerFactory
				.getInstance(KeyManagerFactory.getDefaultAlgorithm());
		keyFactory.init(keyStore, "liu123".toCharArray());
		tlsClientParameters.setKeyManagers(keyFactory.getKeyManagers());

		conduit.setTlsClientParameters(tlsClientParameters);

也可以使用Spring配置：

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:http-conf="http://cxf.apache.org/transports/http/configuration"
	xmlns:sec="http://cxf.apache.org/configuration/security"
	xsi:schemaLocation="
	   http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd
	   http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
	   http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd 
       http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">

	<http-conf:conduit name="*.http-conduit">
		<http-conf:tlsClientParameters
			secureSocketProtocol="SSL">
			<sec:keyManagers keyPassword="liu123">
				<sec:keyStore type="JKS" password="liu123" file="key/gliu.jks" />
			</sec:keyManagers>
			<sec:trustManagers>
				<sec:keyStore type="JKS" password="liu123" file="key/gliu.jks" />
			</sec:trustManagers>
		</http-conf:tlsClientParameters>
	</http-conf:conduit>

	<jaxws:client id="orderProcessClient"
		serviceClass="com.liulutu.liugang.https.OrderProcess" address="https://localhost:443/security/order">
	</jaxws:client>
</beans>

然后在java代码里：

		ClassPathXmlApplicationContext context = new ClassPathXmlApplicationContext("/com/liulutu/liugang/https/client.xml");
		OrderProcess bean = context.getBean("orderProcessClient", OrderProcess.class);
		Order order = new Order();
		order.setId("hello");
		String processOrder = bean.processOrder(order);
		System.out.println(processOrder);