Announcement Announcement Module
Collapse
No announcement yet.
WS-Security Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • WS-Security

    Hi Argen,

    Is there a working example of using WS-Security?

    Regards,

    Adrian

  • #2
    Hi Adrian,

    the airline example of Spring-WS is using ws-security.
    Cheers,

    Ingo

    Comment


    • #3
      Ahh! I did look at that, but not properly! I see all the bits of it now.

      Thanks.

      I will be trying this out over the next few days (when I get time).

      Is there anything special I need to do for using SSL?

      Adrian

      Comment


      • #4
        Is there anything special I need to do for using SSL?
        Simply replace http with https?
        No sorry, i haven't tried it, yet. But you are welcome to share your experience.

        Cheers,

        Ingo

        Comment


        • #5
          I'm sure this isn't going to work with the Maven jetty:run goal ?

          Do I need to deploy the war to another container such as jboss or tomcat?

          Comment


          • #6
            I'm not sure how to enable SSL on Jetty, but apart from that, the Airline sample works perfectly in it, including the WS-Security parts.

            Comment


            • #7
              I am trying to have Digital Signature and Certificate, any full example using those??
              I couldnt find anything in the airline example

              Comment


              • #8
                There is no example of this, but there is the reference documentation, which covers this topic. Basically, it involves writing a XWSS policy file.

                Comment


                • #9
                  Thank you for your reply, I looked at the documentation, and I am trying to add a certificate to the EchoClient.

                  One (hopefully not silly) question though, what is the difference between the privateKeyPassword in KeyStoreCallbackHandler and the password in KeyStoreFactoryBean?

                  I created keyStores for both client and server using keytool, and I added the beans as described in the document. However, I am getting the following exception when I run the client:

                  SEVERE: WSS0217: Exception in Callback Handler handle()
                  java.lang.NullPointerException
                  at com.sun.xml.wss.impl.misc.DefaultSecurityEnvironme ntImpl.getAliasPrivKeyCertRequest(DefaultSecurityE nvironmentImpl.java:205)
                  at com.sun.xml.wss.impl.filter.SignatureFilter.proces s(SignatureFilter.java:146)
                  at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy( HarnessUtil.java:64)
                  at com.sun.xml.wss.impl.HarnessUtil.processDeep(Harne ssUtil.java:218)
                  at com.sun.xml.wss.impl.SecurityAnnotator.processMess agePolicy(SecurityAnnotator.java:143)
                  at com.sun.xml.wss.impl.SecurityAnnotator.secureMessa ge(SecurityAnnotator.java:118)
                  at com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.sec ureOutboundMessage(XWSSProcessor2_0Impl.java:77)
                  at org.springframework.ws.samples.echo.client.sws.Ech oClient$1.doInMessage(EchoClient.java:108)
                  at org.springframework.ws.client.core.WebServiceTempl ate$2.doInMessage(WebServiceTemplate.java:179)
                  at org.springframework.ws.client.core.WebServiceTempl ate.sendAndReceive(WebServiceTemplate.java:193)
                  at org.springframework.ws.client.core.WebServiceTempl ate.sendAndReceive(WebServiceTemplate.java:173)
                  at org.springframework.ws.client.core.WebServiceTempl ate.sendAndReceive(WebServiceTemplate.java:151)
                  at org.springframework.ws.samples.echo.client.sws.Ech oClient.echo(EchoClient.java:97)
                  at org.springframework.ws.samples.echo.client.sws.Ech oClient.main(EchoClient.java:139)
                  Mar 14, 2007 2:58:39 PM com.sun.xml.wss.impl.filter.SignatureFilter process
                  SEVERE: WSS1417: Error while processing signature java.lang.NullPointerException
                  Exception in thread "main" org.springframework.ws.soap.security.xwss.XwsSecur itySecurementException: com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.XWSSecurityException: java.lang.NullPointerException
                  at org.springframework.ws.samples.echo.client.sws.Ech oClient$1.doInMessage(EchoClient.java:112)
                  at org.springframework.ws.client.core.WebServiceTempl ate$2.doInMessage(WebServiceTemplate.java:179)
                  at org.springframework.ws.client.core.WebServiceTempl ate.sendAndReceive(WebServiceTemplate.java:193)
                  at org.springframework.ws.client.core.WebServiceTempl ate.sendAndReceive(WebServiceTemplate.java:173)
                  at org.springframework.ws.client.core.WebServiceTempl ate.sendAndReceive(WebServiceTemplate.java:151)
                  at org.springframework.ws.samples.echo.client.sws.Ech oClient.echo(EchoClient.java:97)
                  at org.springframework.ws.samples.echo.client.sws.Ech oClient.main(EchoClient.java:139)
                  Thanks

                  PS. Sorry if this is the wrong place to post this issue

                  Comment


                  • #10
                    Originally posted by junior View Post
                    One (hopefully not silly) question though, what is the difference between the privateKeyPassword in KeyStoreCallbackHandler and the password in KeyStoreFactoryBean?
                    The password on the KeyStoreFactoryBean is for unlocking the keystore as a whole, while the privateKeyPassword is for one unlocking individual certificates.

                    Originally posted by junior View Post
                    I created keyStores for both client and server using keytool, and I added the beans as described in the document. However, I am getting the following exception when I run the client:

                    PS. Sorry if this is the wrong place to post this issue
                    This is absolutely the correct place for posting this comment, but I'm afraid I cannot help you without having more information, like the XWSS policy.xml file. Also, you can look at the unit tests for the security module, they show how to use the functionality.

                    Comment


                    • #11
                      I am making progress...
                      I had many problems, one was that i wasn't referencing the keystore bean when creating the processor, on the client side:
                      cprocessor = factory.createProcessorForSecurityConfiguration(xw ssConfig
                      .getInputStream(),
                      (KeyStoreCallbackHandler) applicationContext.getBean("keyStoreHandler"));
                      Another thing was that I had to add the keystore and truststore in order to check for the certificate:
                      <bean id="keyStoreHandler" class="org.springframework.ws.soap.security.xwss.c allback.KeyStoreCallbackHandler">
                      <property name="keyStore" ref="trustStore"/>
                      <property name="privateKeyPassword" value="wspassword"/>
                      <property name="trustStore" ref="trustStore" />
                      </bean>
                      Is this a good way to do it?

                      Now I want to add authentication using AcegiCertificateValidationCallbackHandler.
                      How do I pass the keystore and the password to this handler? Or should I just pass the certificate? if so, how?

                      Thanks,
                      Junior

                      Comment


                      • #12
                        The AcegiCertificateValidationCallbackHandler does not need the key store nor the password. Basically, certificate validation consists of two phases:
                        1. Validate the general validity of the cert (i.e. it hasn't expired, it is trusted, etc). This is done by the keystore handler.
                        2. Authenticate with the certificate. This is done by the acegi handler.
                        So generally, you will need both, but both do a different thing.

                        Comment

                        Working...
                        X