Announcement Announcement Module
Collapse
No announcement yet.
How to configure a truststore for POX client? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to configure a truststore for POX client?

    I have a jssecacerts file I need to configure for my POX client. How would I go about doing that?

    My template:

    Code:
    <bean id="poxMessageFactory" class="org.springframework.ws.pox.dom.DomPoxMessageFactory" />
    
    <bean id="webServiceTemplate" class="org.springframework.ws.client.core.WebServiceTemplate">
        <constructor-arg ref="poxMessageFactory"/>
        <property name="messageSender">
            <bean class="org.springframework.ws.transport.http.CommonsHttpMessageSender" />
        </property>
        <property name="defaultUri" value="https://some.com/service"/>
        <property name="marshaller" ref="jaxb2Marshaller" />
        <property name="unmarshaller" ref="jaxb2Marshaller" />
    </bean>

  • #2
    i tried to do it as defined on this page http://static.springsource.org/sprin.../security.html.
    I used wss interceptor. Unfortunately, when i logged ssl debug, it seemed that my configuration wasn't used.
    So i considered to customized httpclient classes and using the deprecated librairies httpclient-contrib-ssl, i managed to use a custom keystore as truststore.

    Otherwise, you can add your certificates in you cacerts file in JAVA.

    Comment


    • #3
      pilerou, could you paste a wiring example of your implementation of your custom truststore?

      Comment


      • #4
        i take it there is no "easy" way to do this...

        can someone please post a working example?

        Comment


        • #5
          actually, i'm not sure it's the better way to do it (using deprecated librairies and old httpclient (3.1 instead of 4.1) is not very good solution for the future.
          I was hurried to have something working.
          The good question is : why the spring wss interceptor didn't use my keyStore and trustStore configuration during signature ?
          I logged ssl debug and i didn't manage to see my configuration used.

          If you manage to make it work...

          Comment


          • #6
            I also tried the KeyStoreFactoryBean approach:

            Code:
            <bean id="keyStoreHandler" class="org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler">
                    <property name="trustStore" ref="trustStore"/>
                </bean>
            
            <bean id="trustStore" class="org.springframework.ws.soap.security.support.KeyStoreFactoryBean">
            	    <property name="location" value="classpath:my/path/to/jssecacerts"/>
            	</bean>
            I notice this only exist down the SOAP packaging, but none for POX.

            The other thing I notice is that it didn't load my jssecacerts file. Here's what appear in my logs:

            2011-08-02 09:46:47,469 INFO [org.springframework.ws.soap.security.support.KeySt oreFactoryBean] - Loading key store from class path resource [my/path/to/jssecacerts]
            2011-08-02 09:46:47,485 WARN [org.springframework.ws.soap.security.support.KeySt oreFactoryBean] - Creating empty key store

            It almost look like it doesn't know what to do with the file. Ideas?

            Comment


            • #7
              It should work with wss4j interceptor but i never achieve to make it work.
              With Pox or another message factory.
              Is there anyone who did it with interceptors as Spring WS suggests to do it ?
              Is there a tip ?

              Comment


              • #8
                I think you might need to add the interceptors property to the webServiceTemplate definition:

                Code:
                <bean id="webServiceTemplate" class="org.springframework.ws.client.core.WebServi ceTemplate">
                <constructor-arg ref="poxMessageFactory"/>
                <property name="messageSender">
                <bean class="org.springframework.ws.transport.http.Commo nsHttpMessageSender" />
                </property>
                        <property name="interceptors">
                            <list>
                                <ref bean="myWSSecurityInterceptor" />
                            </list>
                        </property>
                <property name="defaultUri" value="https://some.com/service"/>
                <property name="marshaller" ref="jaxb2Marshaller" />
                <property name="unmarshaller" ref="jaxb2Marshaller" />
                </bean>

                Comment

                Working...
                X