HTTPS是HTTP和安全协议的联合,用于访问敏感的信息。HTTPS在正常的协议之上创建一个安全传输层,
Client与Server之间的交互需要通过Certificate Authorities (CA)进行。下面展示一个例子:
完整代码参考http://springsfeng.iteye.com/blog/1634753附件。
1. 创建接口和实现类
import javax.jws.WebService; @WebService public interface OrderProcess { String processOrder(Order order); }
import javax.jws.WebService; @WebService(portName = "OrderProcessSSLPort") public class OrderProcessImpl implements OrderProcess { public String processOrder(Order order) { System.out.println("Processing order..."); String orderID = validate(order); return orderID; } /** * Validates the order and returns the order ID **/ private String validate(Order order) { String custID = order.getCustomerID(); String itemID = order.getItemID(); int qty = order.getQty(); double price = order.getPrice(); if (custID != null && itemID != null && qty > 0 && price > 0.0) { return "ORD1234"; } return null; } }
2. 创建一个密钥
keytool -genkey -alias Tomcat -keyalg RSA -storepass changeit -keypass changeit -keystore \
orderprocess.jks -dname "cn=localhost"
3. 创建服务器端和客户端配置文件
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:http-conf="http://cxf.apache.org/transports/http/configuration" xsi:schemaLocation=" http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd"> <import resource="classpath:META-INF/cxf/cxf.xml" /> <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" /> <import resource="classpath:META-INF/cxf/cxf-servlet.xml" /> <jaxws:endpoint id="orderProcess" implementor="org.pbdp.sample.https.OrderProcessImpl" address="/OrderProcess" /> </beans>
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:http-conf="http://cxf.apache.org/transports/http/configuration" xsi:schemaLocation=" http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd"> <jaxws:client id="orderClient" serviceClass="org.pbdp.sample.https.OrderProcess" address="https://localhost:8443/ws/OrderProcess" /> <http-conf:conduit name="*.http-conduit"> <http-conf:tlsClientParameters secureSocketProtocol="SSL"> <sec:trustManagers> <sec:keyStore type="JKS" password="changeit" file="/home/fdc/orderprocess.jks" /> </sec:trustManagers> </http-conf:tlsClientParameters> </http-conf:conduit> </beans>
4. 配置服务器以支持SSL
配置文件:TOMCAT_HOME/conf/server.xml:
<Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/home/fdc/orderprocess.jks" keystorePass="changeit"/>
5. 开发客户端组件
import org.pbdp.sample.https.Order; import org.pbdp.sample.https.OrderProcess; import org.springframework.context.support.ClassPathXmlApplicationContext; public final class Client { public Client() { } public static void main(String args[]) throws Exception { ClassPathXmlApplicationContext context = new ClassPathXmlApplicationContext( new String[] { "org/pbdp/sample/https/client/client-bean.xml" }); OrderProcess client = (OrderProcess) context.getBean("orderClient"); Order order = new Order(); order.setCustomerID("C001"); order.setItemID("I001"); order.setQty(100); order.setPrice(200.00); String orderID = client.processOrder(order); String message = (orderID == null) ? "Order not approved": "Order approved; order ID is " + orderID; System.out.println(message); System.exit(0); } }