我有一个Spring上下文,它可以初始化CXF Web服务并通过签名检查对其进行包装:
<bean id="myProperties" class="org.springframework.beans.factory.config.PropertiesFactoryBean">
<property name="ignoreResourceNotFound" value="true"/>
<property name="locations">
<list>
<value>classpath:my.properties</value>
</list>
</property>
</bean>
<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="ignoreResourceNotFound" value="true"/>
<property name="properties" ref="myProperties"/>
<property name="placeholderPrefix" value="!sp{"/>
<property name="placeholderSuffix" value="}"/>
</bean>
<bean id="inbound-security" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
<map>
<entry key="action" value="Signature"/>
<entry key="signaturePropFile" value="!sp{acq.signature.properties.location}"/>
</map>
</constructor-arg>
</bean>
我意识到signaturePropFile
必须在类路径上,无法从文件系统中读取它:-(
Caused by: org.apache.ws.security.WSSecurityException: General security error (Cannot load the resource D:\Dev\Projekty\smartpos-backend-parent\smartpos-backend-acquirer\src\main\resources\signature.properties)
at org.apache.ws.security.components.crypto.CryptoFactory.getProperties(CryptoFactory.java:261) ~[wss4j-1.6.11.jar:1.6.11]
at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:186) ~[wss4j-1.6.11.jar:1.6.11]
at org.apache.cxf.ws.security.wss4j.AbstractWSS4JInterceptor.loadCryptoFromPropertiesFile(AbstractWSS4JInterceptor.java:224) ~[cxf-rt-ws-security-2.7.5.jar:2.7.5]
at org.apache.ws.security.handler.WSHandler.loadCrypto(WSHandler.java:911) ~[wss4j-1.6.11.jar:1.6.11]
没关系,我让它成为部署的一部分,但我确实想外部化密钥库,该密钥库由以下属性定义:
org.apache.ws.security.crypto.merlin.keystore.file=server-keystore.jks
我试图用一些配置属性!sp{keystore.location}
和替换路径${keystore.location}
,但是它不起作用。实际上,它失败,并带有相同的异常,例如属性文件不存在:
Caused by: org.apache.ws.security.WSSecurityException: General security error (Cannot load the resource classpath:signature.properties)
at org.apache.ws.security.components.crypto.CryptoFactory.getProperties(CryptoFactory.java:261) ~[wss4j-1.6.11.jar:1.6.11]
at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:186) ~[wss4j-1.6.11.jar:1.6.11]
at org.apache.cxf.ws.security.wss4j.AbstractWSS4JInterceptor.loadCryptoFromPropertiesFile(AbstractWSS4JInterceptor.java:224) ~[cxf-rt-ws-security-2.7.5.jar:2.7.5]
at org.apache.ws.security.handler.WSHandler.loadCrypto(WSHandler.java:911) ~[wss4j-1.6.11.jar:1.6.11]
配置WSS4J密钥库位置的正确方法是什么?我不喜欢在部署前编辑战争。(我使用Maven来构建它)。
当使用旧版本的wss4j(v2.1.1和更早版本)时,您可以通过覆盖WSHandler.loadCrypto()并通过Spring util注入创建的Property对象来传递对属性文件(例如WSHandlerConstants.SIG_PROP_REF_ID)的String引用的需要。 ,例如:
<util:properties id="wss4jCryptoProperties">
<prop key="org.apache.ws.security.crypto.merlin.keystore.file">!sp{keystore.file}</prop>
<prop key="org.apache.ws.security.crypto.merlin.keystore.type">!sp{keystore.type}</prop>
<prop key="org.apache.ws.security.crypto.merlin.keystore.password">!sp{keystore.password}</prop>
</util:properties>
通过示例覆盖WSHandler.loadCrypto():
public class PropertiesWSS4JInInterceptor extends WSS4JInInterceptor {
private Properties cryptoProperties;
public PropertiesWSS4JInInterceptor(Map<String, Object> inProps,
Properties cryptoProperties) {
super(inProps);
this.cryptoProperties = cryptoProperties;
}
@Override
protected Crypto loadCrypto(String cryptoPropertyFile, String cryptoPropertyRefId,
RequestData requestData) throws WSSecurityException {
return CryptoFactory.getInstance(cryptoProperties);
}
}
此外,您可以将wss4jCryptoProperties注入您的customBean中(不要忘记在所引用的类和setter中创建名为cryptoProperties的字段):
<bean id="customBean" class="cz.company.CustomBean">
<property name="cryptoProperties" ref="wss4jCryptoProperties"/>
</bean>
最后,您可以将拦截器添加到端点:
endpoint.getInInterceptors().add(new PropertiesWSS4JInInterceptor(inProps, cryptoProperties));
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句