Jumat, 07 Juni 2013

Implementasi WSI UsernameToken pada grails cxf

Saya ini saya ingin mencoba implementasi Security WSI. Pada proyek ini kita memerlukan domain UserWebservice sebagai penyimpan data username dan password.
 package org.grails.cxf.samplewssecurity1 
class UserWebservice {

    String username
    String password

    static constraints = {
    }
}

Setelah itu kita buat ServerPasswordCallbackHandlerService. Service ini berguna untuk lookup pasangan username dan password
 package org.grails.cxf.samplewssecurity1 
 import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.ws.security.WSPasswordCallback
import org.springframework.beans.factory.InitializingBean

class ServerPasswordCallbackHandlerService implements CallbackHandler,InitializingBean{

    @Override
    void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException{
        for (pc in callbacks){
            if(log.debugEnabled){
                log.debug pc.identifier
                log.debug pc.password
            }
            def password= UserWebservice.findByUsername(pc.identifier)?.password 
            if(password) {
                pc.password = password
            }
        }
    }

    @Override
    void afterPropertiesSet() {
    }
}

Kita mempunyai service yang akan proteksi dengan password yang bernama AnnotatedSecureService Seperti dibawah ini.
 package org.grails.cxf.samplewssecurity1 
import org.grails.cxf.utils.EndpointType
import org.grails.cxf.utils.GrailsCxfEndpoint
import org.grails.cxf.utils.GrailsCxfEndpointProperty

import javax.jws.WebMethod
import javax.jws.WebParam
import javax.jws.WebResult

@GrailsCxfEndpoint(expose = EndpointType.JAX_WS,properties = [@GrailsCxfEndpointProperty(name = "ws-security.enable.nonce.cache", value = "false"), @GrailsCxfEndpointProperty(name = "ws-security.enable.timestamp.cache", value = "false")])
class AnnotatedSecureService {

    @WebMethod(operationName = "simpleMethod")
    @WebResult(name = "simpleResult")
    String simpleMethod(@WebParam(name = "param") String param) {
        return param.toString()
    }
}
Kita akan tambahkan di class BootStrap sebagai berikut.
 package org.grails.cxf.samplewssecurity1  
import org.apache.cxf.frontend.ServerFactoryBean
import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
import org.apache.ws.security.WSConstants
import org.apache.ws.security.handler.WSHandlerConstants
import org.grails.cxf.samplewssecurity1.UserWebservice

class BootStrap {
    ServerFactoryBean annotatedSecureServiceFactory
    def serverPasswordCallbackHandlerService
    def init = { servletContext ->
        // add user
        UserWebservice.findByUsername('agus') ?: new UserWebservice(
                username: 'agus',
                password: 'ramdan').save(failOnError: true)

        //Register some wss4j security
        Map inProps = [:]
        inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
        // uncomment when need particular PASSWORD_TYPE
        //inProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_DIGEST);
        inProps.put WSHandlerConstants.PW_CALLBACK_REF, serverPasswordCallbackHandlerService

        annotatedSecureServiceFactory.getInInterceptors().add(new WSS4JInInterceptor(inProps))

        //These can be added here or taken care of in the @GrailsCxfEndpoint annotation
        //annotatedSecureServiceFactory.getProperties(true).put("ws-security.enable.nonce.cache","false")
        //annotatedSecureServiceFactory.getProperties(true).put("ws-security.enable.timestamp.cache","false")
    }
    def destroy = {
    }
}
Program selengkapnya bisa clone di git://git.cloudbees.com/agusramdan/SampleWSSecurity2.git

Tidak ada komentar:

Poskan Komentar