- 浏览: 548121 次
- 性别:
- 来自: 上海
文章分类
最新评论
-
binglex:
谢谢,出现这个异常,看来这个贴才发现site-packages ...
cx_Oracle的"Unable to acquire Oracle environment handle"异常 -
lizhongkan:
这样过度比较方便。但如果原来的项目,有几十个依赖的jar包,是 ...
maven2的pom的依赖管理 -
landmine:
博文看不清呀楼主,怎么解决的?我也遇到了
applet在IE下运行极慢而且CPU占用很高 -
strivefuture:
这种方法对FF浏览器,有效吗?
Iframe Shim解决applet挡住ExtJS工具栏菜单问题 -
zw:
老大也有粗心的时候啊!
一个属性未设置导致发mail不成功的郁闷。
转载是因为此文网站被墙了。
The next step in rewriting the application was to secure the web services with WS-Security. In this post I get a grails version of the xfire wss example of User Token Authentication up and running. To do this I use (of course) the grails xfire plugin.
After creating a grails project and installing the xfire plugin, the first thing to do is to configure the inHandlers:
to do this add the following to the doWithSpring
closure
in XfireGrailsPlugin.groovy
"xfire.passHandler"(org.codehaus.xfire.demo.PasswordHandler) { bean -> } "xfire.DOMhandler"(org.codehaus.xfire.util.dom.DOMInHandler) { bean -> } "xfire.WSS4JHandler"(org.codehaus.xfire.security.wss4j.WSS4JInHandler) { properties = ["passwordCallbackRef":ref("xfire.passHandler"), "action":"UsernameToken"] } "xfire.ValidateUserTokenHandler"(org.codehaus.xfire.demo.ValidateUserTokenHandler) { }
ValidateUserTokenHandler
and PasswordHandler
are part of the example code distributed with xfire. I just copied
them into the correct package in src/java/
in this
simple grails app. And then add the inHandlers
to the org.grails.xfire.ServiceBean
inHandlers = [ref("xfire.DOMhandler"), ref("xfire.WSS4JHandler"), ref("xfire.ValidateUserTokenHandler")]
doWithSpring
at the end of
this post. Now any service you expose with xfire will require (and
print) a username and password in a WSS UsernameToken header. The simple
service I used to test this is:class TestService { static expose=['xfire'] boolean transactional = true String serviceMethod() { return "You did it!!!" } }I use soapUI to test, here is the request it generated:
1 |
foo |
2 |
bar |
3 |
2008-03-01T19:49:03.627Z |
This is obviously not a perfect solution. You may not want to secure all the web services in your project or at least not all in the same way. After I finish with this project I will have a more general solution to contribute to the grails xfire plugin.But first, I need to do something with the user credentials I am now receiving. Next up, integrating with acegi through the grails acegi plugin…
Full doWithSpring listing:
def doWithSpring = { "xfire.serviceRegistry"(org.codehaus.xfire.service.DefaultServiceRegistry) { bean-> bean.getBeanDefinition().setSingleton(true) } "xfire.transportManager"(org.codehaus.xfire.transport.DefaultTransportManager){ bean-> bean.getBeanDefinition().setSingleton(true) bean.getBeanDefinition().setInitMethodName("initialize") bean.getBeanDefinition().setDestroyMethodName("dispose") } "xfire"(org.codehaus.xfire.DefaultXFire, ref("xfire.serviceRegistry"), ref("xfire.transportManager")) { bean -> bean.getBeanDefinition().setSingleton(true) } "xfire.typeMappingRegistry"(org.codehaus.xfire.aegis.type.DefaultTypeMappingRegistry){ bean -> bean.getBeanDefinition().setSingleton(true) bean.getBeanDefinition().setInitMethodName("createDefaultMappings"); } "xfire.aegisBindingProvider"(org.codehaus.xfire.aegis.AegisBindingProvider, ref("xfire.typeMappingRegistry")) { bean -> bean.getBeanDefinition().setSingleton(true) } "xfire.serviceFactory"(org.codehaus.xfire.service.binding.ObjectServiceFactory, ref("xfire.transportManager"), ref("xfire.aegisBindingProvider")) { bean -> bean.getBeanDefinition().setSingleton(true) } "xfire.servletController"(org.codehaus.xfire.transport.http.XFireServletController, ref("xfire")) { bean -> bean.getBeanDefinition().setSingleton(true) } "grails.xfire"(org.grails.xfire.ServiceFactoryBean, "grails.xfire") { bean -> bean.getBeanDefinition().setInitMethodName("initialize") transportManager = ref("xfire.transportManager") grailsApplication = ref("grailsApplication", true) } "xfire.passHandler"(org.codehaus.xfire.demo.PasswordHandler) { bean -> } "xfire.DOMhandler"(org.codehaus.xfire.util.dom.DOMInHandler) { bean -> } "xfire.WSS4JHandler"(org.codehaus.xfire.security.wss4j.WSS4JInHandler) { properties = ["passwordCallbackRef":ref("xfire.passHandler"), "action":"UsernameToken Timestamp"] } "xfire.ValidateUserTokenHandler"(org.codehaus.xfire.demo.ValidateUserTokenHandler) {} if(application.serviceClasses) { application.serviceClasses.each { service -> def serviceClass = service.getClazz() def exposeList = GrailsClassUtils.getStaticPropertyValue(serviceClass, 'expose') if(exposeList!=null && exposeList.contains('xfire')) { def sName = service.propertyName.replaceFirst("Service","XFire") // "${sName}"(org.grails.xfire.ServiceBean){ // xfire = ref("xfire") // serviceBean = ref("${service.propertyName}") // serviceClass = service.getClazz() // serviceFactory = ref("grails.xfire") inHandlers = [ref("xfire.DOMhandler"), ref("xfire.WSS4JHandler"), ref("xfire.ValidateUserTokenHandler")] } } } } }
评论
inHandlers = [ref("xfire.DOMhandler"),
ref("xfire.WSS4JHandler"),
ref("xfire.ValidateUserTokenHandler")]
这段代码不知道加到哪里去。
发表评论
-
Grails跟Hibernate和Mongodb的组合
2011-08-08 23:19 3426标题看起来很噱头哦 先简要说明一下我在项目中的必要场 ... -
一个属性未设置导致发mail不成功的郁闷。
2011-04-10 20:42 2694难得阳光灿烂的周末啊,确被javamail的一个属性未设置 ... -
Grails 关于单元/集成测试
2011-02-17 11:06 2037Grails提供了比较方便的测试,其默认提供了单元,集成测 ... -
[转载]Grails plugins on Hudson
2010-07-03 11:48 1893此文也是因为被“墙”才转载的,原文地址:http: ... -
Grails 1.3的依赖管理
2010-07-03 11:42 3568用Grails做项目以来,基本上一直都是各自独立的项目,也 ... -
[转载] Reading i18n messages from the database with Grails
2010-06-27 23:45 1494如题,此文是Grails的作者的一篇文章,无奈被墙,同时 ... -
[转载] Adventures in Grails – WS-Security Part 2
2010-06-13 23:10 1284原文url:http://axixmiqui.wordp ... -
grails 1.2 生成相关IDE和ANT的配置文件
2010-01-24 14:48 1256做了一个Grails的小应用测试一下,发现相比1.1.1, ... -
grails,xfire和groovyws共存
2009-09-04 10:25 2229使用Grails开发WebService服务,方便快捷就无须再 ... -
Grails 从1.0.4 到 1.1的升级小结
2009-03-13 13:17 2217先将官方的升级注意事项简单罗列,我也是参照此进行升级的。 ... -
Grails 1.1 正式版发布
2009-03-11 01:57 2550在比较漫长的期待之后(期间经历了Grails被Spring ... -
Grails1.0.4的scaffolding
2008-11-17 16:06 1334使用Grails的动态脚手架(dynamic scaffold ... -
grails JobExecutionException编译错误
2008-07-08 11:46 1610使用Grails插件的要注意了,jsecurity中自带了 ... -
Grails 1.0.3发布
2008-06-07 16:45 1901现在想想Grails1.0.2发布也有些许时间了,其间Gr ... -
Grails中文参考手册一审完毕,初步发行一个beta版
2008-05-06 18:10 4345详细信息请参考Grails参考手册的官方信息: http: ... -
Groovy 1.6-beta-1发布,性能有大幅提高!
2008-05-03 14:57 2329感谢G2One和Groovy开发团队为我们发布了Groovy ... -
Grails喜获JAX大奖
2008-04-27 11:36 1621前几天Grails获得提名,现在终于水到渠成了,获得JAX大奖 ... -
Groovy1.5.6发布
2008-04-26 09:55 1669Groovy1.5.5在编译速度有所提升以后,G2ONE很 ... -
Groovy1.5.5发布
2008-04-15 09:38 1586G2One, Inc和Groovy开发小组非常荣幸的宣布:Gr ... -
通过属性字符格式来访问GPath格式的Xml
2008-04-11 11:52 1595GPath方式的Xml访问,为我们的Xml处理提供了极大的 ...
相关推荐
adventures-in-ml-code, 这个存储库保存了站点http的所有代码 adventures-in-ml-code这个存储库保存了站点 http://www.adventuresinmachinelearning.com的所有代码。这是 neural_network_tutorial.py 开发的代码,它
us-17-Borgaonkar-New-Adventures-In-Spying-3G-And-4G-Users-Locate-Track-And-Monitor
藏经阁-Adventures-In-Attacking-Wind-Farm-Control-Networks.pdf
Borgaonkar-New-Adventures-In-Spying-3G-And-4G-Users-Locate-Track-And-Monitor
藏经阁-The-Adventures-Of-Av-And-The-Leaky-Sandbox.pdf
This book is written for anybody who is ...about how people, animals, things, images and empty space move leads to many adventures. This volume presents the best of them in the domain of everyday motion.
九上牛津版-Unit7-The-Adventures-of-Tom-Sawyer同步练习及答案.doc
Sidney的经典教材Adventures in Stochastic Processes,适合有很强数学或概率基础的人学习
Adventures in Minecraft英文版
adventures-in-managing-short-lived-systems.pdf', 'cxo-f02_securing-innovation-shifting-the-conversation-from-fear-to-possibility.pdf', 'cxo-f03-business-executive-fundamentals-how-to-beat-the-mbas-at-...
Adventures in Stochastic Processes (Sidney Resnick)英文原版 随机过程经典读物
Adventures in Raspberry Pi (3 edition), 数字版。
The Hardware Hacker Adventures in Making and Breaking Hardware 英文azw3 本资源转载自网络,如有侵权,请联系上传者或csdn删除 本资源转载自网络,如有侵权,请联系上传者或csdn删除
经典英文数学教材 数学专业研究生用书 南开大学数学院 随机过程课程教材之一
syzkaller:Adventures_in_Continuous_Coverage-guided_Kernel_Fuzzing 企业安全 金融安全 企业安全 安全架构web安全
很好的设计模式书籍,对了解极限编程有很大的帮助
ARE YOU AN adventurer? Do you boldly embark on new endeavours, tackling new skills and mastering new tools? Do you want to learn how to use technology to make your ideas burst into life?...
深度学习历险记深度学习出版物,框架和资源概述深度卷积神经网络在大规模图像和视频识别方面取得了一系列突破。 该存储库旨在提供自2013年以来深度学习领域最新作品的详尽清单。 这将是一个不断发展的存储库,我将...