1. JAXB Marshaller 属性
Marshaller m = JaxbUtil.getMarshaller();
m.setProperty(Marshaller.JAXB_FRAGMENT, true);
可以输出XML片断,即不会输出“”,也不需要为根元素
2007年11月8日星期四
JSSE参考
本文内容来自:
http://java.sun.com/javase/6/docs/technotes/guides/security/spec/security-spec.doc.html
http://java.sun.com/javase/6/docs/technotes/guides/security/spec/security-spec.doc.html
The SSL Protocol
The previous section provides a high-level description of the SSL handshake, which is the exchange of information between the client and the server prior to sending the encrypted message. This section provides more detail.
The "SSL Messages" figure below shows the sequence of messages that are exchanged in the SSL handshake. Messages that are only sent in certain situations are noted as optional. Each of the SSL messages is described in the following figure:
The SSL messages are sent in the following order:
1. Client hello - The client sends the server information including the highest version of SSL it supports and a list of the cipher suites it supports. (TLS 1.0 is indicated as SSL 3.1.) The cipher suite information includes cryptographic algorithms and key sizes.
2. Server hello - The server chooses the highest version of SSL and the best cipher suite that both the client and server support and sends this information to the client.
3. Certificate - The server sends the client a certificate or a certificate chain. A certificate chain typically begins with the server's public key certificate and ends with the certificate authority's root certificate. This message is optional, but is used whenever server authentication is required.
4. Certificate request - If the server needs to authenticate the client, it sends the client a certificate request. In Internet applications, this message is rarely sent.
5. Server key exchange - The server sends the client a server key exchange message when the public key information sent in 3) above is not sufficient for key exchange.
6. Server hello done - The server tells the client that it is finished with its initial negotiation messages.
7. Certificate - If the server requests a certificate from the client in Message 4, the client sends its certificate chain, just as the server did in Message 3.
Note: Only a few Internet server applications ask for a certificate from the client.
8. Client key exchange - The client generates information used to create a key to use for symmetric encryption. For RSA, the client then encrypts this key information with the server's public key and sends it to the server.
9. Certificate verify - This message is sent when a client presents a certificate as above. Its purpose is to allow the server to complete the process of authenticating the client. When this message is used, the client sends information that it digitally signs using a cryptographic hash function. When the server decrypts this information with the client's public key, the server is able to authenticate the client.
10. Change cipher spec - The client sends a message telling the server to change to encrypted mode.
11. Finished - The client tells the server that it is ready for secure data communication to begin.
12. Change cipher spec - The server sends a message telling the client to change to encrypted mode.
13. Finished - The server tells the client that it is ready for secure data communication to begin. This is the end of the SSL handshake.
14. Encrypted data - The client and the server communicate using the symmetric encryption algorithm and the cryptographic hash function negotiated in Messages 1 and 2, and using the secret key that the client sent to the server in Message 8.
15. Close Messages - At the end of the connection, each side will send a close_notify message to inform the peer that the connection is closed.
If the parameters generated during an SSL session are saved, these parameters can sometimes be re-used for future SSL sessions. Saving SSL session parameters allows encrypted communication to begin much more quickly.
Key Classes
Relationship Between Classes
To communicate securely, both sides of the connection must be SSL-enabled. In the JSSE API, the endpoint classes of the connection is the SSLSocket and SSLEngine. In the diagram below, the major classes used to create SSLSocket/SSLEngines are laid out in a logical ordering.
An SSLSocket is created either by an SSLSocketFactory or by an SSLServerSocket accepting an in-bound connection. (In turn, an SSLServerSocket is created by an SSLServerSocketFactory.) Both SSLSocketFactory and SSLServerSocketFactory objects are created by an SSLContext. An SSLEngine is created directly by the SSLContext, and relies on the application to handle all I/O.
IMPORTANT NOTE: When using raw SSLSockets/SSLEngines you should always check the peer's credentials before sending any data. The SSLSocket/SSLEngine classes do not automatically verify, for example, that the hostname in a URL matches the hostname in the peer's credentials. An application could be exploited with URL spoofing if the hostname is not verified.
There are two ways to obtain and initialize an SSLContext:
- The simplest is to call the static
getDefaultmethod on either theSSLSocketFactoryorSSLServerSocketFactoryclass. These methods create a defaultSSLContextwith a defaultKeyManager,TrustManager, and a secure random number generator. (A defaultKeyManagerFactoryandTrustManagerFactoryare used to create theKeyManagerandTrustManager, respectively.) The key material used is found in the default keystore/truststore, as determined by system properties described in Customizing the Default Key and Trust Stores, Store Types, and Store Passwords. - The approach that gives the caller the most control over the behavior of the created context is to call the static method
getInstanceon theSSLContextclass, then initialize the context by calling the instance's properinitmethod. One variant of theinitmethod takes three arguments: an array ofKeyManagerobjects, an array ofTrustManagerobjects, and aSecureRandomrandom number generator. TheKeyManagerandTrustManagerobjects are created by either implementing the appropriate interface(s) or using theKeyManagerFactoryandTrustManagerFactoryclasses to generate implementations. TheKeyManagerFactoryandTrustManagerFactorycan then each be initialized with key material contained in theKeyStorepassed as an argument to theTrustManagerFactory/KeyManagerFactoryinitmethod. Finally, thegetTrustManagersmethod (inTrustManagerFactory) andgetKeyManagersmethod (inKeyManagerFactory) can be called to obtain the array of trust or key managers, one for each type of trust or key material.
Once an SSL connection is established, an SSLSession is created which contains various information, such as identities established, cipher suite used, etc. The SSLSession is then used to describe an ongoing relationship and state information between two entities. Each SSL connection involves one session at a time, but that session may be used on many connections between those entities, simultaneously or sequentially.
2007年11月6日星期二
ANT Build File Sample
用户从源代码开始编译时,如果没有安装eclipse等集成开发环境,可以使用Ant
<project name="HelloWorld" basedir="." default="main">
<property name="src.dir" value="src"/>
<property name="build.dir" value="build"/>
<property name="classes.dir" value="${build.dir}/classes"/>
<property name="jar.dir" value="${build.dir}/jar"/>
<property name="lib.dir" value="lib"/>
<property name="conf.dir" value="conf"/>
<property name="main-class" value="oata.HelloWorld"/>
<path id="classpath">
<fileset dir="${lib.dir}" includes="**/*.jar"/>
</path>
<target name="compile">
<mkdir dir="${classes.dir}"/>
<javac srcdir="${src.dir}" destdir="${classes.dir}" classpathref="classpath"/>
<copy todir="${classes.dir}">
<fileset dir="${conf.dir}"/>
</copy>
</target>
<target name="jar" depends="compile">
<mkdir dir="${jar.dir}"/>
<jar basedir="${classes.dir}" destfile="${jar.dir}/${ant.project.name}.jar">
<manifest>
<attribute name="Main-Class" value="${main-class}"/>
</manifest>
</jar>
</target>
<target name="clean">
<delete dir="${build.dir}"/>
</target>
<target name="run" depends="jar">
<java fork="true" classname="${main-class}">
<classpath>
<path refid="classpath"/>
<path location="${jar.dir}/${ant.project.name}.jar"/>
</classpath>
</java>
</target>
<target name="main" depends="clean,run"/>
</project>
<project name="HelloWorld" basedir="." default="main">
<property name="src.dir" value="src"/>
<property name="build.dir" value="build"/>
<property name="classes.dir" value="${build.dir}/classes"/>
<property name="jar.dir" value="${build.dir}/jar"/>
<property name="lib.dir" value="lib"/>
<property name="conf.dir" value="conf"/>
<property name="main-class" value="oata.HelloWorld"/>
<path id="classpath">
<fileset dir="${lib.dir}" includes="**/*.jar"/>
</path>
<target name="compile">
<mkdir dir="${classes.dir}"/>
<javac srcdir="${src.dir}" destdir="${classes.dir}" classpathref="classpath"/>
<copy todir="${classes.dir}">
<fileset dir="${conf.dir}"/>
</copy>
</target>
<target name="jar" depends="compile">
<mkdir dir="${jar.dir}"/>
<jar basedir="${classes.dir}" destfile="${jar.dir}/${ant.project.name}.jar">
<manifest>
<attribute name="Main-Class" value="${main-class}"/>
</manifest>
</jar>
</target>
<target name="clean">
<delete dir="${build.dir}"/>
</target>
<target name="run" depends="jar">
<java fork="true" classname="${main-class}">
<classpath>
<path refid="classpath"/>
<path location="${jar.dir}/${ant.project.name}.jar"/>
</classpath>
</java>
</target>
<target name="main" depends="clean,run"/>
</project>
订阅:
博文 (Atom)