我用WA1208E-GP举例
这里说一下,下面提到的是胖AP的模式,如果是瘦AP,是要在无线控制器上配置的,没有无线控制器的话就要把瘦AP转为胖AP,怎么转我以前有在知道回答过,你搜搜看
还有一点 H3C AP 有两种的,如果是单频的,就只有WLAN-Radio1/0/1这一个接口,如果是双频的有两个接口,另外一个是WLAN-Radio1/0/2,那你配置时要配置在WLAN-Radio1/0/2上面
先用配置线连到AP里,启动AP,用SYSTEM-VIEW进入配置模式
然后你先要把默认的配置去掉
interface WLAN-Radio1/0/1
undo service-template 1
quit
undo wlan service-template 1
这样就去掉原先的配置
然后配置加密,密码是12345678:
port-security enable
wlan service-template 1 crypto
ssid H3C
cipher-suite tkip
security-ie wpa
authentication-method open-system
service-template enable
interface WLAN-BSS1
port-security port-mode psk
port-security tx-key-type 11key
port-security preshared-key pass-phrase 12345678
加密做好了,然后要把这个配置绑定在WLAN-RADIO 1/0/1接口:
interface WLAN-Radio1/0/1
service-template 1 interface wlan-bss 1
就好了
如何让cxf客户端简单支持ssl首先生成自我签名的证书,关于如何使用keytool生成证书网上文章很多,这里不做介绍。
假如我们生成好了mas3server.jks和mas3Trust.jks
先是服务器端tomcat的配置,这里clientAuth默认为false表示不需要双向验证,即服务器端不需要知道客户端的身份,故这里不用配置truststoreFile和truststorePass:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"?
?????????????? maxThreads="150" scheme="https" secure="true"?
?????????????? clientAuth="false" sslProtocol="TLS"?
?????????????? keystoreFile="conf/mas3server.jks"?
????? keystorePass="ccc123" />
这里是cxf的webservice客户端,用spring管理,对应的只需在xml中配置对应的可信任证书即可,例如
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:http="http://cxf.apache.org/transports/http/configuration"
xsi:schemaLocation="?
http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd">
<import resource="classpath:META-INF/cxf/cxf.xml" />?
<import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />?
<import resource="classpath:META-INF/cxf/cxf-servlet.xml" />?
<bean id="clientFactory" value="com.mas.service.webservice.DataSyncSkeleton" />
? <property name="address" value="https://localhost:8443/DataSync/DataSyncServer" />
</bean>?
<bean id="dataSyncSkeletonClient" factory-bean="clientFactory" factory-method="create" />
<!--*.http-conduit的*代表对所有创建的client生效,若需要自定义可查cxf官网-->?
<http:conduit name="*.http-conduit">?
? <http:tlsClientParameters disableCNCheck="true">?
?? <sec:trustManagers>?
??? <sec:keyStore type="JKS" password="ccc123" file="/tmp/mas3Trust.jks" />?
?? </sec:trustManagers>?
?? <!--不需要双向认证 -->
??? <!--?
???? <sec:keyManagers keyPassword="password">?
??????????? <sec:keyStore type="JKS" password="password"?
???????????????? file="/tmp/ossServer.jks"/>?
??????? </sec:keyManagers>?
??????? -->?
?? <sec:cipherSuitesFilter>?
??? <!-- these filters ensure that a ciphersuite with export-suitable or null encryption is used, but exclude anonymous Diffie-Hellman key change as this is vulnerable to man-in-the-middle attacks -->
??? <sec:include>.*_EXPORT_.*</sec:include>?
??? <sec:include>.*_EXPORT1024_.*</sec:include>?
??? <sec:include>.*_WITH_DES_.*</sec:include>?
??? <sec:include>.*_WITH_NULL_.*</sec:include>?
??? <sec:exclude>.*_DH_anon_.*</sec:exclude>?
?? </sec:cipherSuitesFilter>?
? </http:tlsClientParameters>?
</http:conduit>
</beans>
若不是通过spring配置而直接在代码中设置,也比较简单:
//.....获得dataSyncSkeletonClient
org.apache.cxf.endpoint.Client client = ClientProxy.getClient(dataSyncSkeletonClient)??
??? HTTPConduit conduit = (HTTPConduit) client.getConduit()??
???? TLSClientParameters tlscp = conduit.getTlsClientParameters()?
???? if (tlscp == null)?
?? tlscp = new TLSClientParameters()?
???? tlscp.setSecureSocketProtocol("SSL")?
???? try {?
?? TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
?? InputStream fp = ClassLoader.class.getResourceAsStream("mas3Trust.jks")?
?? KeyStore ks = KeyStore.getInstance("JKS")?
?? ks.load(fp, "ccc123".toCharArray())?
?? fp.close()?
?? factory.init(ks)?
?? tlscp.setTrustManagers(factory.getTrustManagers())??
? } catch (Exception e) {?
?? e.printStackTrace()?
? }?
??? conduit.setTlsClientParameters(tlscp)
//....对dataSyncSkeletonClient的调用底层网络传输均是通过ssl加密
打开腾讯电脑管家——工具箱——修复漏洞,进行漏洞扫描和修复。建议设置开启自动修复漏洞功能,开启后,电脑管家可以在发现高危漏洞(仅包括高危漏洞,不包括其它漏洞)时,第一时间自动进行修复,无需用户参与,最大程度保证用户电脑安全。尤其适合老人、小孩或计算机初级水平用户使用。开启方式如下:进入电脑管家“修复漏洞”模块—“设置”,点击开启自动修复漏洞即可。
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)