JAXWS客户端使用X509服务器身份验证来调用JAXWS Web服务

本文介绍了JAXWS客户端使用X509服务器身份验证来调用JAXWS Web服务的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我使用wsdlc ANT任务从wsdl创建了一个JAXWS Web服务，并将其部署在Weblogic 10.3.0中.而且我们有一个Sun Java Server 7.0，其中安装了Verisign Server证书并将其配置为将Web服务请求转发到weblogic.

I created a JAXWS webservice from wsdl using wsdlc ANT task and deployed in Weblogic 10.3.0. And we have Sun one Java Server 7.0 where Verisign Server certificate is installed and configured to forward the webservice requests to weblogic.

我使用wsimport ant任务创建了一个JAXWS客户端，以调用Web服务.使用https URL运行客户端时，我可以在weblogic中看到xml请求，并且webservice已成功处理.但是我无法在xml请求/响应中找到任何x509证书的证据.除了使用wsimport生成存根之外，我是否还需要在客户端做任何事情?仅供参考，当通过浏览器查看wsdl时，我可以通过浏览器查看证书详细信息.

I created a JAXWS client using wsimport ant task to invoke the webservice. When running the client using https URL I can see xml request in weblogic and webservice is processed successfully. But I couldnt able to find any evidence of x509 certificate in the xml request/response. Do I need to do anything on the client side apart from generating the stubs using wsimport? FYI when viewing the wsdl through the browser I can see the certificate details through the browser.

推荐答案

通过HTTPS连接到WebService的内容，客户端和服务器进行x509证书交换.这是在连接级别执行的操作，wsimport与之无关.如果要在该级别上使用x509证书，则需要深入研究 Java HTTPS客户端证书认证/用于X.509安全Web服务的Java客户端，并且在服务器端保护WebLogic Server的安全:配置SSL .

What you connect to WebService via HTTPS, your client and server do x509 certificate exchange. This is something performed on connection level, wsimport has nothing to do with that. If you want to use x509 certificates on that level, you need to dig into Java HTTPS client certificate authentication / Java client for the X.509 secured web-service and on the server side Securing WebLogic Server: Configuring SSL.

或者，您可以降低一级:使用HTTP协议连接到服务器，并在SOAP级别上执行加密/签名/身份验证.然后参考使用SOAP进行用户身份验证或将基于JAX-WS的Web服务与SSL结合使用对于Metro/JAX-WS服务，对于Apache CXF， WS-Security ， 具有X.509证书的Spring Security 用于Spring Security –取决于您选择的框架.

Alternatively you can step one level down: use HTTP protocol to connect to server and perform encryption / signing / authentication on SOAP level. Then refer User authenticate in SOAP or Using JAX-WS-Based Web Services with SSL for Metro/JAX-WS services, WS-Security for Apache CXF, Spring Security With X.509 Certificate for Spring Security – depending on what framework you will choose.