在ApacheCXF的Sample里以及网上很多有关RESTful HTTPS双向认证的文章介绍仅仅是理论,没有涉及实际环境的实现(客户端和服务端都是localhost);这几天使用Apache的CXF以及 Apache portable HttpClient实现跨IP的JAXRS HTTPS双向认证实现。
在实践中发现tomcat版本7.0.70和7.0.68在TLS/SSL支持上也存在差异。
一,尝试成功的环境
1,JDK7u71(Server端&服务端);
2,Service端Tomcat7.0.68
3,ServiceSDK:apache-cxf-3.1.6
二,建立自签名服务端和客户端密钥库并都加入对方导出的授权证书
1,密钥及证书生成和导入过程:
(Server端IP:192.168.245.133,Client端IP:192.168.245.1)
密钥库生成:keytool -genkeypair -validity 730 -alias serverkey -keystore serverkeystore.jks -dname "CN=192.168.245.133"
keytool -genkeypair -validity 730 -alias clientkey -keystore clientkeystore.jks -dname "CN=merrick"
客户端密钥库导入服务端证书:
keytool -export -rfc -keystore serverkeystore.jks -alias serverkey -file myserver.cer
keytool -import -noprompt -trustcacerts -file myserver.cer -alias serverkey -keystore clientkeystore.jks
服务端密钥库导入客户端证书:
keytool -export -rfc -keystore clientkeystore.jks -alias clientkey -file myclient.cer
keytool -import -noprompt -keystore serverkeystore.jks -trustcacerts -file myclient.cer -alias clientkey
三,建立JAX-RS CXF服务端(集成Spring)
1,建立Web项目,导入必要的库文件:
commons-logging-1.0.3.jar
cxf-core-3.1.6.jar
cxf-rt-frontend-jaxrs-3.1.6.jar
cxf-rt-rs-json-basic-3.1.6.jar
cxf-rt-transports-http-3.1.6.jar
javax.annotation-api-1.2.jar
javax.servlet-api-3.1.0.jar
javax.ws.rs-api-2.0.1.jar
spring-aop-4.1.9.RELEASE.jar
spring-beans-4.1.9.RELEASE.jar
spring-context-4.1.9.RELEASE.jar
spring-core-4.1.9.RELEASE.jar
spring-expression-4.1.9.RELEASE.jar
spring-web-4.1.9.RELEASE.jar
woodstox-core-asl-4.4.1.jar
xmlschema-core-2.2.1.jar
2,配置web.xml
<span style="font-size:12px;"><?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0"> <display-name>cxfjaxrsbasicrestserver1</display-name> <context-param> <param-name>contextConfigLocation</param-name> <param-value>WEB-INF/beans.xml</param-value> </context-param> <listener> <listener-class> org.springframework.web.context.ContextLoaderListener </listener-class> </listener> <servlet> <servlet-name>CXFServlet</servlet-name> <servlet-class> org.apache.cxf.transport.servlet.CXFServlet </servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>CXFServlet</servlet-name> <url-pattern>/basiccxf/*</url-pattern> </servlet-mapping> <welcome-file-list> <welcome-file>index.html</welcome-file> <welcome-file>index.htm</welcome-file> <welcome-file>index.jsp</welcome-file> <welcome-file>default.html</welcome-file> <welcome-file>default.htm</welcome-file> <welcome-file>default.jsp</welcome-file> </welcome-file-list> </web-app></span>
3,配置Spring的beans.xml(路径如上述)
<span style="font-size:12px;"><?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop" xmlns:jaxrs="http://cxf.apache.org/jaxrs" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd"> <import resource="classpath:META-INF/cxf/cxf.xml"/> <import resource="classpath:META-INF/cxf/cxf-servlet.xml"/> <bean id="gameinfoservice" class="cxf.rest.basic.server.GameInfoServiceImpl"/> <jaxrs:server id="gameabc" address="/"> <jaxrs:serviceBeans> <ref bean="gameinfoservice"/> </jaxrs:serviceBeans> </jaxrs:server> </beans></span>
4,建立服务接口、服务实现类、XMLBean
<span style="font-size:12px;">package cxf.rest.basic.server; import javax.servlet.http.HttpServletRequest; import javax.ws.rs.GET; import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.Produces; import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; @Path("/gameinfo/") public interface GameInfoService { @GET @Path("/basicinfo/") Response getBasicinfo(@Context HttpServletRequest req); @GET @Path("/basicinfo/{id}/") @Produces(MediaType.APPLICATION_XML) GameEntity getOneGameinfo(@PathParam(value = "id") int id); @GET @Path("/basicinfo2/{id}/") Response getOneGameinfo2(@PathParam("id") String id); @GET @Path("/basicinfo3/") Response getOneGameinfo3(); } </span>
<span style="font-size:12px;">package cxf.rest.basic.server; import javax.xml.bind.annotation.XmlRootElement; @XmlRootElement(name="EGame") public class GameEntity { private int id; private String name; private String publishdate; private String producer; private String type; public int getId() { return id; } public void setId(int id) { this.id = id; } public String getName() { return name; } public void setName(String name) { this.name = name; } public String getPublishdate() { return publishdate; } public void setPublishdate(String publishdate) { this.publishdate = publishdate; } public String getProducer() { return producer; } public void setProducer(String producer) { this.producer = producer; } public String getType() { return type; } public void setType(String type) { this.type = type; } } </span>
<span style="font-size:12px;">package cxf.rest.basic.server; import java.util.Date; import java.util.Hashtable; import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; public class GameInfoServiceImpl implements GameInfoService { Map<Integer,GameEntity> gms = new Hashtable<Integer,GameEntity>(); public GameInfoServiceImpl() { System.out.println("-----GameInfoServiceImpl constructor "); GameEntity et = new GameEntity(); et.setId(123); et.setName("HEROS"); et.setProducer("3DO ltd."); et.setPublishdate("1995-01-01"); et.setType("Stratigy 回合游戏"); gms.put(123, et); } @Override public Response getBasicinfo(HttpServletRequest req) { System.out.println("-------Invoking "+ this.getClass().getName() + ".getBasicinfo(), "+ req.getServletContext().getServerInfo()); Response r = Response.ok(new String("123"),MediaType.TEXT_PLAIN).build(); return r; } @Override public GameEntity getOneGameinfo(int id) { System.out.println("-------Invoking "+ this.getClass().getName() + ".getOneGameinfo(), " + id); System.out.println(new Date().toString()); GameEntity e = gms.get(123); System.out.println("entity null? " + (e==null)); return e; } @Override public Response getOneGameinfo2(String id) { System.out.println("-------Invoking "+ this.getClass().getName() + ".getOneGameinfo2()"); Response r = Response.ok(gms.get(123),MediaType.APPLICATION_XML_TYPE).build(); return r; } @Override public Response getOneGameinfo3() { System.out.println("-------Invoking "+ this.getClass().getName() + ".getOneGameinfo3()"); GameEntity e = gms.get(123); Response r = Response.ok(gms.get(123),MediaType.APPLICATION_JSON_TYPE).build(); //to be continued..............................//JSON return r; } } </span>
5,RuntimeServer Tomcat7.0.68的Server.xml中配置HTTPS有关的Connector
由于是双向认证,服务端同样需要验证客户端,所以clientAuth需要配置为true
<span style="font-size:12px;"><Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="true" sslProtocol="TLS" keystoreFile="conf/serverkeystore.jks" keystorePass="passwd" truststoreFile="conf/serverkeystore.jks" truststorePass="passwd" /></span>
四,建立Client端
仅列出无论localhost还是跨IP的情况下都成功的code:
public static void getEntity_51() throws Throwable{//SSL client get /** * Fail!: Javax.net.ssl.sslhandshakeexception: * received fatal alert: handshake_failure(when Server tomcat7.0.70, Server JDK 7u9; Client JDK 7u71) * * Fail!: javax.net.ssl.SSLHandshakeException: * Received fatal alert: handshake_failure(when Server tomcat7.0.70, Server JDK 7u71; Client JDK 7u71) * * Success !(server tomcat7.0.68, JDK 7u71; client JDK 7u71) * * tomcat7.0.70的ssl支持有问题 * * */ DefaultHttpClient httpclient = getHTTPsClient("/clientkeystore.jks","passwd",8443); HttpGet httpget = new HttpGet("https://192.168.245.133:8443/cxfjaxrsbasicrestserver1/basiccxf/gameinfo/basicinfo2/1234/"); // httpget.addHeader(new BasicHeader("Accept" , "text/xml")); httpclient.addRequestInterceptor(new HttpRequestInterceptor() { @Override public void process(HttpRequest arg0, HttpContext arg1) throws HttpException, IOException { Header[] h = arg0.getAllHeaders(); for (int i = 0; i < h.length; i++) { System.out.println("---request header: "+h[i]); } } }); httpclient.addResponseInterceptor(new HttpResponseInterceptor() { @Override public void process(HttpResponse arg0, HttpContext arg1) throws HttpException, IOException { Header[] h = arg0.getAllHeaders(); for (int i = 0; i < h.length; i++) { System.out.println("reponse header: "+h[i]); } } }); HttpResponse response = httpclient.execute(httpget); HttpEntity entity = response.getEntity(); String rss = EntityUtils.toString(entity, "utf-8"); System.out.println(rss);//注意字符编码 XMLparse.parsestringtoxml(rss);//Dom4j API, be used to parse response string to xml document object//DocumentHelper.parseText(s); // entity.writeTo(System.out); httpclient.getConnectionManager().shutdown(); httpclient.close(); }
public static DefaultHttpClient getHTTPsClient(String jksname, String password, int httpsserverport){//success DefaultHttpClient httpclient = null; try { String keyStoreLoc = Client1.class.getClassLoader().getResource("").getPath() + jksname; System.out.println("jks path: " + keyStoreLoc); KeyStore trustStore = KeyStore.getInstance("JKS"); trustStore.load(new FileInputStream(keyStoreLoc), password.toCharArray()); SSLSocketFactory sf = new SSLSocketFactory(trustStore, password, trustStore); Scheme httpsScheme = new Scheme("https", httpsserverport, sf); httpclient = new DefaultHttpClient(); httpclient.getConnectionManager().getSchemeRegistry().register(httpsScheme); } catch (Throwable e) { e.printStackTrace(); } return httpclient; }
测试情况:
jks path: /D:/workspace_ElipseJEE_mars2/cxfjaxrsbasicrestclient1/bin//clientkeystore.jks
---request header: Host: 192.168.245.133:8443
---request header: Connection: Keep-Alive
---request header: User-Agent: Apache-HttpClient/4.5.2 (Java/1.7.0_71)
reponse header: Server: Apache-Coyote/1.1
reponse header: Date: Tue, 18 Oct 2016 05:58:41 GMT
reponse header: Content-Type: application/xml
reponse header: Content-Length: 200
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><EGame><id>123</id><name>HEROS</name><producer>3DO ltd.</producer><publishdate>1995-01-01</publishdate><type>Stratigy 回合游戏</type></EGame>
root name: EGame
Node : id ====> 123
Node : name ====> HEROS
Node : producer ====> 3DO ltd.
Node : publishdate ====> 1995-01-01
Node : type ====> Stratigy 回合游戏
相关推荐
[奥莱理] RESTful Java 开发 (Jax-RS 2.0 实现) (英文版) [奥莱理] RESTful Java with JAX-RS 2.0 (E-Book) ☆ 图书概要:☆ Learn how to design and develop distributed web services in Java, using RESTful ...
[奥莱理] RESTful Java 开发 (Jax-RS 实现) (英文版) [奥莱理] RESTful Java with Jax-RS (E-Book) ☆ 图书概要:☆ Learn how to design and develop distributed web services in Java using RESTful ...
使用Eclipse开发基于SpringBoot+JAX-RS的Restful服务.docx使用Eclipse开发基于SpringBoot+JAX-RS的Restful服务.docx使用Eclipse开发基于SpringBoot+JAX-RS的Restful服务.docx使用Eclipse开发基于SpringBoot+JAX-RS的...
restlet_jax-rs列子 可直接运行 在我的博客里有一些描述。希望能给大家提供点帮助
jax-ws客户端与服务端工程.rar-------------
NULL 博文链接:https://hwei199.iteye.com/blog/2272572
公司代码实现,简单的webservice服务 发布,实现客户端的调用。
MyEclipse基于JAX-WS开发Webservice+WebserviceClient客户端调用.zip
调试环境:mycelipse10+tomcat7 包含调用简单数据类型,List类型,下载javabean对象,上传图像文件,上传javabean复杂数据对象等5个代码例子。 调试环境的配置,网上很多文章都写了。
javax.xml.ws.Service 报错需要的包,亲测可以用,直接下载在ide里buildpath一下就可以,四个jar包 ,整合了其他的jar所以配置简单
RESTful Java with JAX-RS 2.0.pdf
目前共有4种JAX-RS实现,所有这些实现都支持Spring,Jersey则是JAX-RS的参考实现,也是本文所用的实现。 如果你使用Spring进行开发,那可能想知道(或者有人曾问过你)Spring MVC与JAX-RS有何异同点?更进一步,...
基于JAX-WS实现的WebService服务 资源包含的文件如下: 1、JAX-WS实现WebService文档 2、WebService服务端实现源码 3、WebService客户端实现源码
使用jax-ws和jax-rs ,maven、java、spring 分别创建soap类型的webservice和restful类型的webservice,文档附有代码
MyEclipse8_0中使用 JAX-WS 部署 WebService 实例 - 外衣 - 博客频道 - CSDN_NET.mht
JAX-WS发布webservice例子,基于http://blog.csdn.net/yy_love_my/article/details/44938329所说的做的一个简单且能运行的列子,基于maven工程,如果使用servlet发布方式,执行命令:mvn tomcat7:run
srb4j, Simple RESTFul backend for Java, 一个JAX-RS服务端代码脚手架(就像AppFuse之于Webapp),基于OAuth2提供了完整的注册、登录、密码恢复等功能。 它本质是一个Maven Archetype, 所以你可以用它快速生成一个...
关于JAX-RS的注解详细,本人通过网络及实际应用收集的资料
使用到的外部jar包有(必须的部分,需要加到Web容器中) •neethi-3.0.2.jar •jsr311-api-1.1.1.jar •cxf-bundle-2.6.0.jar 使用到的外部jar包有(可选的部分,当且仅当作为一个独立的application运行时) ...