Announcement Announcement Module
Collapse
No announcement yet.
Spring WS Security : interacting and test with soapUI Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring WS Security : interacting and test with soapUI

    Good morning everyone,

    Currently, I'm trying to develop a web service with Spring WS. Basically, I'd like to integrate X.509 certification on my soap protocol. To reach my goal, I followed the tutorial at the Web address : http://static.springsource.org/sprin.../security.html. Thanks to this tutorial, I'm able to deploy my 'secured' web service on Tomcat.

    Now, I'm trying to interact with this web service using soapUI. I tried several scenarios, but I always get the following XML response.

    <SOAP-ENV:Envelope xmlns:SOAPENV="http://schemas.xmlsoap.org/soap/envelope/">
    <SOAP-ENV:Header/>
    <SOAP-ENV:Body>
    <SOAP-ENV:Fault>
    <faultcode>SOAP-ENV:Server</faultcode>
    <faultstring xml:lang="en">An Authentication object was not found in the SecurityContext</faultstring>
    </SOAP-ENV:Fault>
    </SOAP-ENV:Body>
    </SOAP-ENV:Envelope>

    Do you know how should I setup soapUI in order to communicate with a web service using X.509 certificates (developed with Spring WS) ?

    Maybe I did something wrong in implementing my web service. Here you have XML code I put in my spring-ws-servlet.xml to integrate X.509 certificates:

    <!-- Security concerns -->

    <bean id="trustStore" class="org.springframework.ws.soap.security.suppor t.KeyStoreFactoryBean">
    <property name="location" value="classpath:truststore.jks"/>
    <property name="password" value="toto"/>
    </bean>

    <bean id="keyStoreHandler" class="org.springframework.ws.soap.security.xwss.c allback.KeyStoreCallbackHandler">
    <property name="trustStore" ref="trustStore"/>
    </bean>

    <bean id="authenticationManager" class="org.springframework.security.authentication .ProviderManager">
    <property name="providers">
    <bean class="org.springframework.ws.soap.security.x509.X 509AuthenticationProvider">
    <property name="x509AuthoritiesPopulator">
    <bean class="org.springframework.ws.soap.security.x509.p opulator.DaoX509AuthoritiesPopulator">
    <property name="userDetailsService" ref="userService"/>
    </bean>
    </property>
    </bean>
    </property>
    </bean>

    <bean id="springSecurityCertificateHandler"
    class="org.springframework.ws.soap.security.xwss.c allback.SpringCertificateValidationCallbackHandler ">
    <property name="authenticationManager" ref="authenticationManager"/>
    </bean>

    <bean id="wsSecurityInterceptor" class="org.springframework.ws.soap.security.xwss.X wsSecurityInterceptor">
    <property name="policyConfiguration" value="/WEB-INF/securityPolicy.xml"/>
    <property name="callbackHandlers">
    <list>
    <ref bean="keyStoreHandler"/>
    <ref bean="springSecurityCertificateHandler"/>
    </list>
    </property>
    </bean>

    Best,

    Miguel
Working...
X