如何创建安全的WebService如何创建安全的WebService我们在使用WebService的过程中，很多情况是需要对webservice请求做认证的，对于运行在web容器里的应用程序来说，可能会比较简单一些，通常可以通过filter来做一些处理，但是其实CXF本身也提供了对webservice认证的方式。1.首先是一个简单pojopackagecom.googlecode.garbagecan.cxfstudy.security;publicclassUser{privateStringid;privateStringname;privateStringpassword;publicStringgetId(){returnid;}publicvoidsetId(Stringid){this.id=id;}publicStringgetName(){returnname;}publicvoidsetName(Stringname){this.name=name;}publicStringgetPassword(){returnpassword;}publicvoidsetPassword(Stringpassword){this.password=password;}}2.WebService接口packagecom.googlecode.garbagecan.cxfstudy.security;importjava.util.List;importjavax.jws.WebMethod;importjavax.jws.WebResult;importjavax.jws.WebService;@WebServicepublicinterfaceUserService{@WebMethod@WebResultListlist();}3.WebService实现类packagecom.googlecode.garbagecan.cxfstudy.security;importjava.util.ArrayList;importjava.util.List;publicclassUserServiceImplimplementsUserService{publicListlist(){Listusers=newArrayList();for(inti=0;i<10;i++){Useruser=newUser();user.setId(""+i);user.setName("user_"+i);user.setPassword("password_"+i);users.add(user);}returnusers;}}4.Server端Handler，其中使用了一个Map来存放用户信息，真是应用中可以使用数据库或者其它方式获取用户和密码packagecom.googlecode.garbagecan.cxfstudy.security;importjava.io.IOException;importjava.util.HashMap;importjava.util.Map;importjavax.security.auth.callback.Callback;importjavax.security.auth.callback.CallbackHandler;importjavax.security.auth.callback.UnsupportedCallbackException;importorg.apache.ws.security.WSPasswordCallback;publicclassServerUsernamePasswordHandlerimplementsCallbackHandler{//keyisusername,valueispasswordprivateMapusers;publicServerUsernamePasswordHandler(){users=newHashMap();users.put("admin","admin");}publicvoidhandle(Callback[]callbacks)throwsIOException,UnsupportedCallbackException{WSPasswordCallbackcallback=(WSPasswordCallback)callbacks[0];Stringid=callback.getIdentifier();if(users.containsKey(id)){if(!callback.getPassword().eq