CXF+Spring+Tomcat开发webservice接口，并添加SSL双向认证

环境信息：cxf2.7spring3.1tomcat6.0

一、创建webservice接口

web.xml

contextconfiglocationclasspath:com/server/spring-cxf.xmlorg.springframework.web.context.contextloaderlistenercxfservletorg.apache.cxf.transport.servlet.cxfservlet

1cxfservlet/service/*index.jsp

spring-cxf.xml

helloworld.java

packagecom.server;importjavax.jws.webservice;/***webservice接口声明*/@webservice(targetnamespace="server.com")publicinterfacehelloworld{/***sayhi*@paramtext*@return*/stringsayhi(stringtext);}

helloworldimpl.java

packagecom.server;importjavax.jws.webservice;/***webservice接口实现**/@webservice(endpointinterface="com.server.helloworld")publicclasshelloworldimplimplementshelloworld{@overridepublicstringsayhi(stringtext){//todoauto-generatedmethodstubreturn"hello,"+text;}}

部署代码后可在浏览器打开http://locahost:8080/项目名称/service/helloworld?wsdl

此时webservice接口开发完成！

二、添加ssl双向认证

利用jdk自带keytool工具：直接cmd后执行：

keytool-genkey-aliastest-keyalgrsa-keystoretest.keystore-validity3650

名字和姓氏要填域名或者ip名：服务器端ip。其他可以随便填这步操作以后，得到test.keystore

keytool-export-aliastest-filetest.cer-keystoretest.keystore得到一个test.cer，然后把test.cer给到客户端，客户端用以下命令：keytool-import-aliastest-filetest.cer-keystoreserver.keystore得到server.keystore，把这个文件作为客户端代码的truststore，才能正常访问到。可以理解为因为是用代码来访问服务端，没有用户手工确认的过程，所以需要把证书加进来进行确认

那本地想要调用到服务端，就也需要做证书，同样先用这个命令：keytool-genkey-aliastest1-keyalgrsa-keystoretest1.keystore-validity3650

名字和姓氏要填域名或者ip名：客户端ip。其他可以随便填得到test1.keystore然后：keytool-export-aliastest1-filetest1.cer-keystoretest1.keystore得到test1.cer，把test1.cer发给服务端，服务端用以下命令：keytool-import-aliastest1-filetest1.cer-keystoreclient.keystore得到了client.keystore，这里面就包含了客户端ip地址信息的证书信息，可以用以下命令查看：keytool-list-v-keystoreclient.keystore

配置tomcat-》conf-》server.xml

maxthreads="150"scheme="https"secure="true"

clientauth="true"sslprotocol="tls"keystorefile="conf/test.keystore"

keystorepass="密码口令"keystoretype="jks"truststorefile="conf/client.keystore"

truststorepass="密码口令"truststoretype="jks"/>

客户端调用代码：clienttest.java

packagecom.client;importorg.springframework.context.support.classpathxmlapplicationcontext;importcom.server.helloworld;importcom.util.clientutils;/***客户端访问服务器webservice**/publicfinalclassclienttest{publicstaticvoidmain(stringargs[])throwsexception{helloworldclient=clientutils.getinstance();stringresponse=client.sayhi("joe");system.out.println("response:"+response);system.exit(0);

}}clientutils.java

packagecom.util;importjava.io.file;importjava.io.fileinputstream;importjava.io.ioexception;importjava.io.inputstream;importjava.security.keystore;importjavax.net.ssl.keymanager;importjavax.net.ssl.keymanagerfactory;importjavax.net.ssl.trustmanager;importjavax.net.ssl.trustmanagerfactory;importorg.apache.cxf.configuration.jsse.tlsclientparameters;importorg.apache.cxf.endpoint.client;importorg.apache.cxf.frontend.clientproxy;importorg.apache.cxf.jaxws.jaxwsproxyfactorybean;importorg.apache.cxf.transport.http.httpconduit;importcom.server.helloworld;publicclassclientutils{privatestatichelloworldhelloworld;publicstatichelloworldgetinstance(){if(null!=helloworld){returnhelloworld;}try{stringaddr="https://localhost:8443/cxf-demo/service/helloworld";jaxwsproxyfactorybeanfactorybean=newjaxwsproxyfactorybean();factorybean.setaddress(addr);factorybean.setserviceclass(helloworld.class);helloworld=(helloworld)factorybean.create();clientproxy=clientproxy.getclient(helloworld);httpconduitconduit=(httpconduit)proxy.getconduit();tlsclientparameterstlsparams=conduit.gettlsclientparameters();if(tlsparams==null){tlsparams=newtlsclientparameters();}tlsparams.setdisablecncheck(true);//设置keystoretlsparams.setkeymanagers(clientutils.getkeymanagers());//设置信任证书tlsparams.settrustmanagers(clientutils.gettrustmanagers());conduit.settlsclientparameters(tlsparams);}catch(exceptione){e.printstacktrace();}returnhelloworld;}publicstatickeymanager[]getkeymanagers(){inputstreamis=null;try{//获取默认的x509算法stringalg=keymanagerfactory.getdefaultalgorithm();//创建密钥管理工厂keymanagerfactoryfactory=keymanagerfactory.getinstance(alg);filecertfile=newfile("d://cer//222.keystore");if(!certfile.exists()||!certfile.isfile()){returnnull;}is=newfileinputstream(certfile);//构建以证书相应格式的证书仓库keystoreks=keystore.getinstance("jks");//加载证书ks.load(is,"qfkj2015".tochararray());factory.init(ks,"qfkj2015".tochararray());keymanager[]keyms=factory.getkeymanagers();returnkeyms;}catch(exceptione){e.printstacktrace();}finally{if(is!=null){try{is.close();}catch(ioexceptione){e.printstacktrace();}}}returnnull;}publicstatictrustmanager[]gettrustmanagers(){//读取证书仓库输入流inputstreamis=null;try{//信任仓库的默认算法x509stringalg=trustmanagerfactory.getdefaultalgorithm();//获取信任仓库工厂trustmanagerfactoryfactory=trustmanagerfactory.getinstance(alg);//读取信任仓库is=newfileinputstream(newfile("d://cer//server.keystore"));//密钥类型keystoreks=keystore.getinstance("jks");//加载密钥ks.load(is,"qfkj2015".tochararray());factory.init(ks);trustmanager[]tms=factory.gettrustmanagers();returntms;}catch(exceptione){e.printstacktrace();}finally{if(is!=null){try{is.close();}catch(ioexceptione){e.printstacktrace();}}}returnnull;}}