Announcement Announcement Module
No announcement yet.
WS-Security support Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • WS-Security support


    In one of our projects, we're calling an external webservice. The requests to this webservice should be signed with the aid of WS-Security. The (synchronous) responses are not signed. This signing is done with a certificate stored in a JKS. Currently this is implemented with Axis2 and Rampart that handles the WS-Security part.

    Is this scenario with WS-Security supported (out-of-the-box) by SI ?
    If yes, how should this be configured ?
    If not, are there any plans to support it in one of the next releases ?

    Regards, Stefan Lecho.

  • #2
    Spring Integration uses Spring WS for the WS source, target and gateways. You should check on the WS forums for discussions on the topic. I know that Spring WS supports WS-Security in 1.5 so I think you'll be successful.


    • #3
      Hi Stefan,

      You'll need to leverage the Spring-WS API for that.

      When Spring Integration comes into discussion, you can inject a WebServiceMessageCallback in your (Simple|Marshalling)WebServiceHandler. At this point, this will require using a bean rather than the namespace element. In this callback, you can secure your outgoing message as with any outgoing Spring-WS message.



      • #4
        Could someone please open a JIRA issue to include namespace support for the callback?



        • #5


          • #6
            The 'request-callback' attribute is now available on the <ws-handler/> element (as of r690 in SVN).



            • #7
              please add wssecurityinterceptor support on WSOutboundGateway

              Spring-WS has nice support for WS-Security that cannot be used in Spring Integration because of the lack of namespace support. I am trying to validate a signed response using wsOutboundGateway. request-callback only helps to sign a request. How can I validate a response?


              • #8
                In general the statement "x cannot be used for lack of namespace support" is false.

                That said, lack of namespace support can make your configuration unreasonably verbose, so if you have a good suggestion for namespace support for something, please create an issue. Preferrably this issue should have an example of your configuration without namespace support, and a suggestion to how the configuration would look with namespace.