上面三章做了通過WSDL文件生成java code的WebService服務器端和客戶端例子。下面我們來做通過WSS4J對WebService的加密。

1.下載wss4j.jar 還是自己用google去找來下載。

2.把wss4j.jar 放到VacSyncService_WSS4J工程的 /WebContent/WEB-INF/lib 下。 可能提VacSyncService_WSS4J工程有點暈，其實這個就是前面我們使用的VacSyncService工程改了一下名字而已。

3.這下開始配置WEB-INFO 下的 deploy.wsdd

<!-- Use this file to deploy some handlers/chains and services      -->
<!-- Two ways to do this:                                           -->
<!--   java org.apache.axis.client.AdminClient deploy.wsdd          -->
<!--      after the axis server is running                          -->
<!-- or                                                             -->
<!--   java org.apache.axis.utils.Admin client|server deploy.wsdd   -->
<!--      from the same directory that the Axis engine runs         -->

<deployment
    xmlns="http://xml./axis/wsdd/"
    xmlns:java="http://xml./axis/wsdd/providers/java">

  <!-- Services from SyncNotifySPServiceService WSDL service -->

  <service name="SyncNotifySP" provider="java:RPC" style="rpc" use="encoded">
   <requestFlow>
     <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
     <parameter name="passwordCallbackClass" value="PWCallback"/>
     <parameter name="action" value="UsernameToken"/>
     </handler>
   </requestFlow>    
      <parameter name="wsdlTargetNamespace" value=">
      <parameter name="wsdlServiceElement" value="SyncNotifySPServiceService"/>
      <parameter name="schemaUnqualified" value=">
      <parameter name="wsdlServicePort" value="SyncNotifySP"/>
      <parameter name="className" value="com.unicom.vac.bossagent.soap.SyncNotifySPSoapBindingSkeleton"/>
      <parameter name="wsdlPortType" value="SyncNotifySPService"/>
      <parameter name="typeMappingVersion" value="1.2"/>
      <parameter name="allowedMethods" value="*"/>
      <parameter name="scope" value="Session"/>

      <typeMapping
        xmlns:ns="        qname="ns:OrderRelationUpdateNotifyResponse"
        type="java:com.unicom.vac.bossagent.soap.sync.rsp.OrderRelationUpdateNotifyResponse"
        serializer="org.apache.axis.encoding.ser.BeanSerializerFactory"
        deserializer="org.apache.axis.encoding.ser.BeanDeserializerFactory"
        encodingStyle="http://schemas./soap/encoding/"
      />
      <typeMapping
        xmlns:ns="        qname="ns:OrderRelationUpdateNotifyRequest"
        type="java:com.unicom.vac.bossagent.soap.sync.req.OrderRelationUpdateNotifyRequest"
        serializer="org.apache.axis.encoding.ser.BeanSerializerFactory"
        deserializer="org.apache.axis.encoding.ser.BeanDeserializerFactory"
        encodingStyle="http://schemas./soap/encoding/"
      />
  </service>
</deployment>

紅色字體為加入部分。

4.我們來寫加密的類

import java.io.IOException;

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;

import org.apache.ws.security.WSPasswordCallback;

public class PWCallback implements CallbackHandler {

 public void handle(Callback[] callbacks) throws IOException,
   UnsupportedCallbackException {

         for (int i = 0; i < callbacks.length; i++) {

             if (callbacks[i] instanceof WSPasswordCallback) {

                 WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];

                 // set the password given a username

                 if ("user".equals(pc.getIdentifer())) {

                     pc.setPassword("pawd");

                 }

             } else {

                 throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");

             }

         }

  }

}

這個就是服務器端加密類?？梢钥吹接脩裘骶褪莡ser，密碼就是pawd，這里可以根據(jù)自己需要用加密機或算法類處理一下。

5.在MyEclipse里面啟動Tomcat。打開cmd輸入：

C:/apache-tomcat-6.0.32/webapps/VacSyncService_WSS4J/WEB-INF>java -Djava.ext.dir
s="D:/workspace/VacSyncService_WSS4J/WebContent/WEB-INF/lib" org.apache.axis.cli
ent.AdminClient -lhttp://localhost:8080/VacSyncService_WSS4J/services/AdminServi
ce  deploy.wsdd

在 /apache-tomcat-6.0.32/webapps/VacSyncService_WSS4J/WEB-INF/  下會生成server-config.wsdd

6.到目前服務器端加密的用戶驗證就寫完了，我們先用之前的客戶端類調(diào)用一下這個WebService服務會拋如下錯誤：

AxisFault
 faultCode: {http://schemas./soap/envelope/}Server.generalException
 faultSubcode:
 faultString: WSHandler: cannot load password callback class: PWCallback; nested exception is:
 java.lang.ClassNotFoundException: PWCallback; nested exception is:
 org.apache.ws.security.WSSecurityException: WSHandler: cannot load password callback class: PWCallback; nested exception is:
 java.lang.ClassNotFoundException: PWCallback
 faultActor:
 faultNode:
 faultDetail:
 {http://xml./axis/}hostname:3ABF8BC3B347428

WSHandler: cannot load password callback class: PWCallback; nested exception is:
 java.lang.ClassNotFoundException: PWCallback; nested exception is:
 org.apache.ws.security.WSSecurityException: WSHandler: cannot load password callback class: PWCallback; nested exception is:
 java.lang.ClassNotFoundException: PWCallback
 at org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:222)
 at org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:129)
 at org.apache.axis.encoding.DeserializationContext.endElement(DeserializationContext.java:1087)
 at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.endElement(AbstractSAXParser.java:601)
 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanEndElement(XMLDocumentFragmentScannerImpl.java:1774)
 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2930)
 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:648)
 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(XMLNSDocumentScannerImpl.java:140)
 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:510)
 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:807)
 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:737)
 at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:107)
 at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1205)
 at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:522)
 at javax.xml.parsers.SAXParser.parse(SAXParser.java:395)
 at org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227)
 at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)
 at org.apache.axis.Message.getSOAPEnvelope(Message.java:435)
 at org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:62)
 at org.apache.axis.client.AxisClient.invoke(AxisClient.java:206)
 at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
 at org.apache.axis.client.Call.invoke(Call.java:2767)
 at org.apache.axis.client.Call.invoke(Call.java:2443)
 at org.apache.axis.client.Call.invoke(Call.java:2366)
 at org.apache.axis.client.Call.invoke(Call.java:1812)
 at com.unicom.vac.bossagent.soap.SyncNotifySPSoapBindingStub.orderRelationUpdateNotify(SyncNotifySPSoapBindingStub.java:160)
 at com.unicom.vac.bossagent.soap.WebServiceClient.setRequest(WebServiceClient.java:41)
 at com.unicom.vac.bossagent.soap.WebServiceClient.main(WebServiceClient.java:59)

接下來我們來寫客戶端驗證代碼。