Announcement Announcement Module
Collapse
No announcement yet.
X509 Web service authentication failure Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • X509 Web service authentication failure

    X509 Web service authentication failure

    I'm trying to implement X509 certificate authentication with Spring WS Security using XwsSecurityInterceptor on both the server side and the client side. The version of spring webservices that I’m using is 2.1.1. The problem that I'm having is with signature verification. The xws-security module seems to be coming up with different digests for the exact same data, and I can't figure out why. The user is authenticated successfully, but fails when comparing digests, it throws a “couldn’t validate references error”. I’m developing both the client and the server, and both are using the same libraries.

    Here is my server side configuration:

    Code:
    <sws:interceptors>
    		<bean id="wsSecurityInterceptor"
        		class="org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor">
        		<property name="policyConfiguration" value="classpath:/META-INF/spring/ws-security.xml"/>
        		<property name="callbackHandlers">
            		<list>
                		<ref bean="keyStoreHandler"/>
    	            	<ref bean="springSecurityCertificateHandler"/>
        		    </list>
        		</property>
    		</bean>
    	</sws:interceptors>
    
    <bean id="keyStoreHandler" class="org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler">
            <property name="trustStore" ref="trustStore"/>
        </bean>
    
        <bean id="trustStore" class="org.springframework.ws.soap.security.support.KeyStoreFactoryBean">
            <property name="location" value="${keystore.file}"/>
            <property name="password" value="${keystore.password}"/>
        </bean>
    
    <bean id="springSecurityCertificateHandler"
            class="org.springframework.ws.soap.security.xwss.callback.SpringCertificateValidationCallbackHandler">
            <property name="authenticationManager" ref="certificateAuthenticationManager"/>
        </bean>
    
        <bean id="certificateAuthenticationManager"
            class="org.springframework.security.authentication.ProviderManager">
            <property name="providers">
                <bean class="org.springframework.ws.soap.security.x509.X509AuthenticationProvider">
                    <property name="x509AuthoritiesPopulator">
                        <bean class="org.springframework.ws.soap.security.x509.populator.DaoX509AuthoritiesPopulator">
                            <property name="userDetailsService" ref="webServiceClientService"/>
                        </bean>
                    </property>
                </bean>
            </property>
        </bean>
    Here is my client side configuration:

    Code:
    <bean id="clientSecurityInterceptor" class="org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor">
    		<property name="policyConfiguration" value="classpath:/META-INF/spring/client-ws-security.xml"/>
    		<property name="callbackHandlers">
    			<list>
    				<ref bean="keyStoreHandler"/>
    			</list>
    		</property>
    	</bean>
        
         <bean id="keyStoreHandler" class="org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler">
            <property name="keyStore" ref="keyStore"/>
            <property name="privateKeyPassword" value="${key.password}"/>
            <property name="defaultAlias" value="${key.alias}"/>
        </bean>
    
        <bean id="keyStore" class="org.springframework.ws.soap.security.support.KeyStoreFactoryBean">
            <property name="location" value="${keystore.file}"/>
            <property name="password" value="${keystore.password}"/>
        </bean>
    Thank you for your time,

    Sebastian Montero
Working...
X