📄 security7.html
字号:
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <meta http-equiv="Content-Style-Type" content="text/css" /> <title>XML and Web Services Security </title> <link rel="StyleSheet" href="document.css" type="text/css" media="all" /> <link rel="StyleSheet" href="catalog.css" type="text/css" media="all" /> <link rel="Table of Contents" href="J2EETutorialTOC.html" /> <link rel="Previous" href="Security6.html" /> <link rel="Next" href="Security8.html" /> <link rel="Index" href="J2EETutorialIX.html" /> </head> <body> <table width="550" summary="layout" id="SummaryNotReq1"> <tr> <td align="left" valign="center"> <font size="-1"> <a href="http://java.sun.com/j2ee/1.4/download.html#tutorial" target="_blank">Download</a> <br> <a href="http://java.sun.com/j2ee/1.4/docs/tutorial/information/faq.html" target="_blank">FAQ</a> <br> <a href="http://java.sun.com/j2ee/1.4/docs/tutorial/information/history.html" target="_blank">History</a> </td> <td align="center" valign="center"><a accesskey="p" href="Security6.html"><img id="LongDescNotReq1" src="images/PrevArrow.gif" width="26" height="26" border="0" alt="Prev" /></a><a accesskey="c" href="J2EETutorialFront.html"><img id="LongDescNotReq1" src="images/UpArrow.gif" width="26" height="26" border="0" alt="Home" /></a><a accesskey="n" href="Security8.html"><img id="LongDescNotReq3" src="images/NextArrow.gif" width="26" height="26" border="0" alt="Next" /></a><a accesskey="i" href="J2EETutorialIX.html"></a> </td> <td align="right" valign="center"> <font size="-1"> <a href="http://java.sun.com/j2ee/1.4/docs/api/index.html" target="_blank">API</a> <br> <a href="http://java.sun.com/j2ee/1.4/docs/tutorial/information/search.html" target="_blank">Search</a> <br> <a href="http://java.sun.com/j2ee/1.4/docs/tutorial/information/sendusmail.html" target="_blank">Feedback</a></font> </font> </td> </tr> </table> <img src="images/blueline.gif" width="550" height="8" ALIGN="BOTTOM" NATURALSIZEFLAG="3" ALT="Divider"> <blockquote><a name="wp128921"> </a><h2 class="pHeading1">XML and Web Services Security </h2><a name="wp417232"> </a><p class="pBody">XML and Web Services Security can include Transport-Level Security and Message-Level Security. This section discusses Transport-Level Security, which includes the following tutorials. Information about using Message-Level Security may be included in future releases of the J2EE Tutorial. </p><a name="wp422487"> </a><p class="pBody"><a href="Security7.html#wp141574">Transport-Level Security</a>, is where security is addressed by the transport layer. Adding security in this way is discussed in the following example sections:</p><div class="pSmartList1"><ul class="pSmartList1"><a name="wp422494"> </a><div class="pSmartList1"><li><a href="Security7.html#wp156943"></a><a href="Security7.html#wp156943">Example: Basic Authentication with JAX-RPC</a> </li></div><a name="wp422497"> </a><div class="pSmartList1"><li><a href="Security7.html#wp129121">Example: Client-Certificate Authentication over HTTP/SSL with JAX-RPC</a></li></div></ul></div><a name="wp141574"> </a><h3 class="pHeading2">Transport-Level Security</h3><a name="wp133727"> </a><p class="pBody"><em class="cEmphasis">Authentication</em> is a process that verifies the identity of a user, device, or other entity in a computer system, usually as a prerequisite to allowing access to resources in a system. There are several ways in which this can happen, the following ways are discussed in this section:</p><div class="pSmartList1"><ul class="pSmartList1"><a name="wp159651"> </a><div class="pSmartList1"><li>A user authentication method can be defined for an application in its deployment descriptor. When a user authentication method is specified for an application, the Web container activates the specified authentication mechanism when you attempt to access a protected resource. The options for user authentication methods are discussed in <a href="Security5.html#wp182253">Using Login Authentication</a>. The example application discussed in <a href="Security7.html#wp156943">Example: Basic Authentication with JAX-RPC</a> shows how to add basic authentication to a JAX-RPC application. The example discussed in <a href="Security7.html#wp129121">Example: Client-Certificate Authentication over HTTP/SSL with JAX-RPC</a> shows how to add client-certificate, or mutual, authentication to a JAX-RPC application.</li></div><a name="wp159656"> </a><div class="pSmartList1"><li>A transport guarantee can be defined for an application in its deployment descriptor. Use this method to run over an SSL-protected session and ensure that all message content is protected for confidentiality. The options for transport guarantees are discussed in <a href="Security4.html#wp159100">Specifying a Secure Connection</a>. An example application that discusses running over an SSL-protected session is discussed in <a href="Security7.html#wp129121">Example: Client-Certificate Authentication over HTTP/SSL with JAX-RPC</a>.</li></div><a name="wp159652"> </a><p class="pBodyRelative">When running over an SSL-protected session, the server and client can authenticate one another and negotiate an encryption algorithm and cryptographic keys before the application protocol transmits or receives its first byte of data. </p><a name="wp159738"> </a><p class="pBodyRelative">Secure Socket Layer (SSL) technology allows Web browsers and Web servers to communicate over a secured connection. In this secure connection, the data that is being sent is encrypted before being sent, then decrypted upon receipt and prior to processing. Both the browser and the server encrypt all traffic before sending any data. For more information, see <a href="Security6.html#wp80703">What is Secure Socket Layer Technology?</a>.</p><a name="wp133816"> </a><p class="pBodyRelative">Digital certificates are necessary when running HTTP over SSL (HTTPS). The HTTPS service of most Web servers will not run unless a digital certificate has been installed. Digital certificates have already been created for the J2EE 1.4 Application Server.</p></ul></div><a name="wp156943"> </a><h3 class="pHeading2">Example: Basic Authentication with JAX-RPC</h3><a name="wp156944"> </a><p class="pBody">In this section, we discuss how to configure JAX-RPC-based Web service applications for HTTP basic authentication. With <em class="cEmphasis">HTTP basic authentication</em>, the Web server will authenticate a user by using the user name and password obtained from the Web client. If the topic of authentication is new to you, please refer to the section titled <a href="Security5.html#wp182253">Using Login Authentication</a>.</p><a name="wp156664"> </a><p class="pBody">For this tutorial, we begin with the example application in <code class="cCode"><</code><code class="cVariable">INSTALL</code><code class="cCode">>/j2eetutorial14/examples/jaxrpc/staticstub/</code> <code class="cCode">and</code> <code class="cCode"><</code><code class="cVariable">INSTALL</code><code class="cCode">>/j2eetutorial14/examples/jaxrpc/helloservice/</code> and add user name/password authentication. The resulting application can be found in the directories <code class="cCode"><</code><code class="cVariable">INSTALL</code><code class="cCode">>/j2eetutorial14/examples/security/basicauth/</code> and <code class="cCode"><</code><code class="cVariable">INSTALL</code><code class="cCode">>/j2eetutorial14/examples/security/basicauthclient/</code>. In general, the following steps are necessary to add basic authentication to a JAX-RPC application. In the example application included with this tutorial, many of these steps have been completed for you and are listed here expressly for the purpose of listing what needs to be done should you wish to create a similar application outside of this tutorial.</p><div class="pSmartList1"><ul class="pSmartList1"><a name="wp142541"> </a><div class="pSmartList1"><li>Add the appropriate security elements using <code class="cCode">deploytool</code>. For this example, the security elements are added in the packaging and deployment phase. Refer to <a href="Security7.html#wp395820">Adding Basic Authentication using deploytool</a> for more information.</li></div><a name="wp142543"> </a><div class="pSmartList1"><li>Edit the <code class="cCode">build.properties</code> files. The <code class="cCode">build.properties</code> file needs to be modified because the properties in this file are specific to your installation. See <a href="WebApp3.html#wp213795">Setting Up To Build and Deploy Tutorial Examples</a> for information on which properties need to be set.</li></div><a name="wp142549"> </a><div class="pSmartList1"><li>Set security properties in the client code. For the example application, this step has been completed. The code for this example is shown in <a href="Security7.html#wp129078">Set Security Properties in the Client Code</a>.</li></div><a name="wp142553"> </a><div class="pSmartList1"><li>Build, package, deploy, and run the Web service (see <a href="Security7.html#wp395628">Building, Packaging, Deploying, and Running the Example for Basic Authentication</a>). You will use the <code class="cCode">asant</code> tool to compile and run the example application.</li></div></ul></div><a name="wp129078"> </a><h4 class="pHeading3">Set Security Properties in the Client Code</h4><a name="wp129080"> </a><p class="pBody">The source code for the client is in the <code class="cCode">HelloClient.java</code> file of the <code class="cCode"><</code><code class="cVariable">INSTALL</code><code class="cCode">>/j2eetutorial14/examples/security/basicauthclient/src/</code> directory. For basic authentication, the client code must set <code class="cCode">username</code> and <code class="cCode">password</code> properties. The username and password properties correspond to the <code class="cCode">admin</code> group, which includes the user name and password combination entered during installation and the role of <code class="cCode">admin</code> that is provided in the application deployment descriptor as an authorized role for secure transactions. (See <a href="Security3.html#wp79740">Setting up Security Roles</a>.) </p><a name="wp129089"> </a><p class="pBody">The client sets the aforementioned security properties as shown in the code below. The code in <span style="font-weight: bold">bold</span> is the code that had been added from the original version of the <code class="cCode">jaxrpc/staticstub</code> example application. </p><div class="pPreformattedRelative"><pre class="pPreformattedRelative">package basicauthclient;import javax.xml.rpc.Stub;public class HelloClient { public static void main(String[] args) { <code class="cCodeBold"> if (args.length !=3) { System.out.println("HelloClient Error: Wrong number of runtime arguments!"); System.exit(1); } String username=args[0]; String password=args[1]; String endpointAddress=args[2]; // print to display for verification purposes System.out.println("username: " + username); System.out.println("password: " + password); System.out.println("Endpoint address = " + endpointAddress);</code><a name="wp153564"> </a><span style="font-weight: bold"></span> try { Stub stub = createProxy();<code class="cCodeBold"> stub._setProperty( javax.xml.rpc.Stub.USERNAME_PROPERTY, username); stub._setProperty( javax.xml.rpc.Stub.PASSWORD_PROPERTY, password); stub._setProperty (javax.xml.rpc.Stub.ENDPOINT_ADDRESS_PROPERTY, endpointAddress);</code> HelloIF hello = (HelloIF)stub; System.out.println(hello.sayHello("Duke (secure)")); } catch (Exception ex) { ex.printStackTrace(); } } private static Stub createProxy() { // Note: MyHelloService_Impl is implementation-specific. return (Stub)(new MyHelloService_Impl().getHelloIFPort()); }}<a name="wp153572"> </a></pre></div><a name="wp395628"> </a><h4 class="pHeading3">Building, Packaging, Deploying, and Running the Example for Basic Authentication</h4><a name="wp129098"> </a><p class="pBody">To build, package, deploy, and run the <code class="cCode">security/basicauth</code> example using basic authentication, follow these steps,</p><a name="wp395640"> </a><h5 class="pHeading4">Build the Basic Authentication Example</h5>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -