Announcement Announcement Module
No announcement yet.
Calling Secure And Encrypted Web Service with Spring Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Calling Secure And Encrypted Web Service with Spring

    Hi Everyone,

    I'm new to the spring forums, so sorry if this is posted in the wrong section!!

    I am trying to consume a web service that is HTTPS (ssl) and uses non-repudiation (requires body to be signed and the message to be encrypted using a jks).

    Here is my current approach:

    Defined the following beans:

    <bean class="" id="wsSecurityInterceptor">
    	    <property name="securementActions" value="Signature"/>
    	    <property name="securementUsername" value="privateKeyAlias"/>
      		<property name="securementPassword" value="changeit"/>
    	    <property name="securementSignatureCrypto">
    	        <bean class="">
    	            <property name="keyStorePassword" value="changeit"/>
    	            <property name="keyStoreLocation" value="classpath:/META-INF/keystore.jks"/>
    	<oxm:jaxb2-marshaller id="marshaller"  contextPath="PATH" /> 
    	<bean id="templateTest" class="">
    		<property name="defaultUri" value="https://pathToService" />
    		<property name="marshaller" ref="marshaller" />     
    		<property name="unmarshaller" ref="marshaller" /> 
    		<property name="messageSender">
             <bean class="PATH.CommonsHttpMessageSenderMod" /> 
            <property name="interceptors">
    	            <ref bean="wsSecurityInterceptor" />
    	<bean id="myhttpsProtocol" class="org.apache.commons.httpclient.protocol.Protocol">
          <!-- must be unique, but doesn't require you to use myhttps:// scheme in WebServiceTemplate URIs -->
          <constructor-arg index="0" value="myhttps" />
          <constructor-arg index="1">
             <bean class="SPS.AuthSSLProtocolSocketFactoryMod">
                <constructor-arg index="0" value="classpath:/META-INF/keystore.jks"/>
                <constructor-arg index="1" value="changeit"/>
                <constructor-arg index="2" value="classpath:/META-INF/keystore.jks"/>
                <constructor-arg index="3" value="changeit"/>
          <constructor-arg index="2" value="443" />
    I also have the following code:

    public class Caller implements InitializingBean {
    	private WebServiceTemplate templateTest;
    	private Protocol myhttpsProtocol;
    	public void afterPropertiesSet() throws Exception {
    		CommonsHttpMessageSender sender = ((CommonsHttpMessageSender) this.statePoliceServiceTest
    		URI url = new URI(this.statePoliceServiceTest.getDefaultUri());
    		if (url.getScheme().startsWith("https")) {
    					new HttpHost(url.getHost(), url.getPort(),
    	public void call() {
    		ObjectFactory of = new ObjectFactory();
                                InputRequest ir = new InputRequest();
                                //Populate input object
    				try {
    			Protocol.registerProtocol("https", myhttpsProtocol);
    			Protocol.registerProtocol("myhttps", myhttpsProtocol);
    			Object response = this.templateTest
    					.marshalSendAndReceive(							"https://PATH",of.createRequest(ir), new SoapActionCallback("https://PATH"));
    		} catch (Exception e) {
    The overridden CommonsHttpSenderMod simply extends CommonsHttpMessageSender and overrides the following method:

    public boolean supports(URI uri)
    	      return null == uri.getScheme() || super.supports(uri);
    The AuthSSLProtocolSocketFactory Mod isn't a mod - it's just a copy paste of the AuthSSLProtocolSocketFactory java class file (I overroded the class in case I would need to change some connection details later).

    Currently, if the service ONLY has SSL enabled, this code lets me call it. However, when the service requires encryption and a signature, the call is failing with the following error:

    Error creating bean with name 'wsSecurityInterceptor'
    Caused by: java.lang.NoSuchMethodError: org/apache/xml/security/transforms/Transform.init()V
    at<init>(WSSConfig. java:324)
    at g(
    at ig(
    at curityInterceptor.afterPropertiesSet(Wss4jSecurity
    at AutowireCapableBeanFactory.invokeInitMethods(Abstr
    at AutowireCapableBeanFactory.initializeBean(Abstract
    ... 199 more

    I have the following relevant jars in my classpath: spring-ws-security-2.0.0.RELEASE.jar, wss4j-1.5.12.jar

    I have tested with spring-ws-security 2.0.2 and wss4j-1.6, 1.5.9, etc. all to no avail.

    I am running this on IBM Websphere Application Server.

    If anyone can provide any help, that would be much appreciated!


  • #2
    Anyone have any ideas that might help?