Announcement Announcement Module
Collapse
No announcement yet.
WS-Security with Spring WS on both client and server side Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    How to secure with signing/encryption

    Originally posted by vdvj View Post
    I have a web service server and a web client invoke the service. And now i need to secure the communicate between them.

    I want to sign in the SOAP message and Encrypt it.

    I'm going to write a payment module, so i need to encrypt and sign all message outgoing and coming on.
    Have a look at the reference documentation, this should normally give you a good start:
    http://static.springframework.org/sp...tml/index.html

    Comment


    • #17
      Keystore/truststore

      Originally posted by 13th View Post
      I compiled your source successfully, but now i have another problem:
      Code:
      Creating SAAJ 1.3 MessageFactory with SOAP 1.1 Protocol
      Loading key store from class path resource [test-keystore.jks]
      Creating empty key store
      Attention on third line.
      And after that:
      Code:
      29.10.2007 16:12:15 com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl getAliasPrivKeyCertRequest
      SEVERE: WSS0216: Callback Handler failed for SignatureKeyCallback.AliasPrivKeyCertRequest
      29.10.2007 16:12:15 com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl getAliasPrivKeyCertRequest
      SEVERE: WSS0217: Exception in Callback Handler handle()
      java.lang.NullPointerException
      	at org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler.getPrivateKey(KeyStoreCallbackHandler.java:440)
      Is my keystore valid?
      You probably already fixed this, but I am adding this for reference purposes anyway.
      Actually, you need to remember there are two stores for keys: the "trust store" and the "key store". Generally speaking trust stores are used for validation, key stores for coding. Therefore, key stores store private keys, trust stores only public ones. Depending on the security mechanism you use and the party side (receiving/sending) trust and/or key stores are necessary. For signing (only) you need to set up and wire a key store at the client side and a trust store at the receiving side.

      Comment


      • #18
        Ws-Security with both client and server

        hey can anyone here give me any sample application or steps tht explains how do i use Username Token profile for securing my Spring ws is done on both server and client side ???

        Pls i am very new to this all i need to implement it urgently ...

        anyone kind enough who can help me

        Thanks in advance

        Comment


        • #19
          Thanks erimag ! you saved my time!

          Comment

          Working...
          X