Announcement Announcement Module
Collapse
No announcement yet.
Spring and WSS4J Example Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring and WSS4J Example

    Hi,
    I am trying to understand how Spring works with WSS4J. If someone could point me to a step-by-step example that would be great.

    Thanks

  • #2
    it's highly appreciated if someone could provide Client and server examples for the following using Spring-WS with WSS4J
    • Handle digital certificates
    • Authentication -> Adding/Validating Username Token
    • Security Timestamps -> Adding/Validating Security Timestamps
    • Digital Signatures -> Verifying Signatures/Signing Messages and Signature Confirmation
    • Encryption and Decryption -> Decryption/Encryption

    Comment


    • #3
      Here are the steps for adding/validating the user name tocken.

      Server:
      • Create Wss4jSecurityInterceptor bean as below
        <bean id="wsSecurityInterceptor" class="org.springframework.ws.soap.security.wss4j. Wss4jSecurityInterceptor">
        <property name="validationCallbackHandler" ref="callbackHandler"/>
        <property name="validationActions" value="UsernameToken"/>
        </bean>

        <bean id="callbackHandler" class="org.springframework.ws.soap.security.wss4j. callback.SimplePasswordValidationCallbackHandler">
        <property name="users">
        <props>
        <prop key="Vijay">Akula</prop>
        </props>
        </property>
        </bean>
      • Add the above interceptor to PayloadRootQNameEndpointMapping

      That's all for the server with the required jars

      Cleint application context would look like below:
      <bean id="echoClient" class="org.springframework.ws.samples.echo.client. sws.EchoClient">
      <property name="defaultUri" value="http://localhost:8080/springwsecho2/services"/>
      <property name="request" value="classpath:org/springframework/ws/samples/echo/client/sws/echoRequest.xml"/>
      <property name="interceptors">
      <list>
      <ref local="wsSecurityInterceptor"/>
      </list>
      </property>
      </bean>
      <bean id="wsSecurityInterceptor" class="org.springframework.ws.soap.security.wss4j. Wss4jSecurityInterceptor">
      <property name="securementActions" value="UsernameToken"/>
      <property name="securementUsername" value="Vijay"/>
      <property name="securementPassword" value="Akula"/>
      </bean>

      Comment


      • #4
        Timestamp is pretty simple
        Server Application Context:
        <bean id="wsTimestampSecurityInterceptor" class="org.springframework.ws.soap.security.wss4j. Wss4jSecurityInterceptor">
        <property name="validationActions" value="Timestamp"/>
        <property name="timestampStrict" value="true"/>
        <property name="timeToLive" value="10"/>
        </bean>

        Client Application Context:
        <bean id="timeStampSecurityInterceptor" class="org.springframework.ws.soap.security.wss4j. Wss4jSecurityInterceptor">
        <property name="securementActions" value="Timestamp"/>
        <property name="timestampPrecisionInMilliseconds" value="true"/>
        </bean>

        Comment


        • #5
          Cool I got Digital Signatures working
          • Generated Key using keytool -genkey -alias signFiles -keypass kpi135 -keystore akulastore.jks -storepass ab987c
          • Server Side Interceptor
            <bean id="wsDigCerSecurityInterceptor" class="org.springframework.ws.soap.security.wss4j. Wss4jSecurityInterceptor">
            <property name="validationActions" value="Signature"/>
            <property name="validationSignatureCrypto">
            <bean class="org.springframework.ws.soap.security.wss4j. support.CryptoFactoryBean">
            <property name="keyStorePassword" value="ab987c"/>
            <property name="keyStoreLocation" value="classpath:/akulastore.jks"/>
            </bean>
            </property>
            </bean>
          • Client Side Interceptor
            <bean id="wsDigCerSecurityInterceptor" class="org.springframework.ws.soap.security.wss4j. Wss4jSecurityInterceptor">
            <property name="securementActions" value="Signature"/>
            <property name="securementUsername" value="signFiles"/>
            <property name="securementPassword" value="kpi135"/>
            <property name="securementSignatureCrypto">
            <bean class="org.springframework.ws.soap.security.wss4j. support.CryptoFactoryBean">
            <property name="keyStorePassword" value="ab987c"/>
            <property name="keyStoreLocation" value="classpath:/akulastore.jks"/>
            </bean>
            </property>
            </bean>

          Comment


          • #6
            I'm trying to use wss4j with spring-ws, I've followed your steps on the server side but I'm having an error when I ask for WSDL , the error is

            2008-04-09 07:34:16,804 ERROR [org.springframework.ws.transport.http.MessageDispa tcherServlet] - Context initialization failed
            org.springframework.beans.factory.BeanCreationExce ption: Error creating bean with name 'payloadMapping' defined in ServletContext resource [/WEB-INF/spring-ws-servlet.xml]: Cannot resolve reference to bean 'wsSecurityInterceptor' while setting bean property 'interceptors' with key [2]; nested exception is org.springframework.beans.factory.CannotLoadBeanCl assException: Cannot find class [org.springframework.ws.soap.security.wss4j.Wss4jSe curityInterceptor] for bean with name 'wsSecurityInterceptor' defined in ServletContext resource [/WEB-INF/spring-ws-servlet.xml]; nested exception is java.lang.ClassNotFoundException: org.springframework.ws.soap.security.wss4j.Wss4jSe curityInterceptor
            Caused by: org.springframework.beans.factory.CannotLoadBeanCl assException: Cannot find class [org.springframework.ws.soap.security.wss4j.Wss4jSe curityInterceptor] for bean with name 'wsSecurityInterceptor' defined in ServletContext resource [/WEB-INF/spring-ws-servlet.xml]; nested exception is java.lang.ClassNotFoundException: org.springframework.ws.soap.security.wss4j.Wss4jSe curityInterceptor
            Caused by: java.lang.ClassNotFoundException: org.springframework.ws.soap.security.wss4j.Wss4jSe curityInterceptor
            at org.apache.catalina.loader.WebappClassLoader.loadC lass(WebappClassLoader.java:1363)
            at org.apache.catalina.loader.WebappClassLoader.loadC lass(WebappClassLoader.java:1209)
            I'm using Eclipse + Tomcat and my build path contains:
            spring-oxm-1.0.3.jar
            spring-ws-core-1.0.3.jar
            spring-ws-security-1.0.3.jar
            spring-xml-1.0.3.jar

            I need another jar? Any idea how I can fix it?

            Comment


            • #7
              Well, since wss4j support is available since spring-ws 1.5.0, I don't think you're going to succeed with 1.0.3.

              Comment


              • #8
                If you can't upgrade to 1.0.5. You may try using xwss instead. Otherwise I haven't worked with xwss I pressume the appraoch should be same.

                Comment


                • #9
                  Thank you for the answers, will upgrade to 1.5.0

                  Comment


                  • #10
                    Thanks for the great info.

                    I am very green on web service security. I followed the steps above for implementing digital signatures using wss4j; however, I am running into a problem:

                    Code:
                    [4/10/08 14:52:46:657 EDT] 00000029 SystemErr     R org.springframework.ws.soap.client.SoapFaultClientException: No WS-Security header found
                    [4/10/08 14:52:46:751 EDT] 00000029 SystemErr     R 	at org.springframework.ws.soap.client.core.SoapFaultMessageResolver.resolveFault(SoapFaultMessageResolver.java:37)
                    [4/10/08 14:52:46:751 EDT] 00000029 SystemErr     R 	at org.springframework.ws.client.core.WebServiceTemplate.handleFault(WebServiceTemplate.java:668)
                    [4/10/08 14:52:46:751 EDT] 00000029 SystemErr     R 	at org.springframework.ws.client.core.WebServiceTemplate.doSendAndReceive(WebServiceTemplate.java:502)
                    [4/10/08 14:52:46:751 EDT] 00000029 SystemErr     R 	at org.springframework.ws.client.core.WebServiceTemplate.sendAndReceive(WebServiceTemplate.java:440)
                    [4/10/08 14:52:46:751 EDT] 00000029 SystemErr     R 	at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:289)
                    [4/10/08 14:52:46:751 EDT] 00000029 SystemErr     R 	at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:283)
                    [4/10/08 14:52:46:751 EDT] 00000029 SystemErr     R 	at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:275)
                    [4/10/08 14:52:46:751 EDT] 00000029 SystemErr     R 	at com.pnc.wire.web.controller.WireFxServiceClient.getFxRate(WireFxServiceClient.java:33)
                    [4/10/08 14:52:46:751 EDT] 00000029 SystemErr     R 	at com.pnc.wire.web.controller.WireFxServiceHandler.getFxRate(WireFxServiceHandler.java:25)
                    [4/10/08 14:52:46:751 EDT] 00000029 SystemErr     R 	at com.pnc.wire.web.controller.WireController.doAction(WireController.java:107)
                    [4/10/08 14:52:46:751 EDT] 00000029 SystemErr     R 	at com.pnc.wire.web.servlet.initiateWire.doPost(initiateWire.java:34)
                    [4/10/08 14:52:46:751 EDT] 00000029 SystemErr     R 	at com.pnc.wire.web.servlet.initiateWire.doGet(initiateWire.java:25)
                    [4/10/08 14:52:46:751 EDT] 00000029 SystemErr     R 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:743)
                    [4/10/08 14:52:46:751 EDT] 00000029 SystemErr     R 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
                    [4/10/08 14:52:46:751 EDT] 00000029 SystemErr     R 	at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:966)
                    [4/10/08 14:52:46:751 EDT] 00000029 SystemErr     R 	at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:478)
                    [4/10/08 14:52:46:751 EDT] 00000029 SystemErr     R 	at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:463)
                    [4/10/08 14:52:46:751 EDT] 00000029 SystemErr     R 	at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3129)
                    [4/10/08 14:52:46:751 EDT] 00000029 SystemErr     R 	at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:238)
                    [4/10/08 14:52:46:751 EDT] 00000029 SystemErr     R 	at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:811)
                    [4/10/08 14:52:46:751 EDT] 00000029 SystemErr     R 	at com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1433)
                    [4/10/08 14:52:46:751 EDT] 00000029 SystemErr     R 	at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:93)
                    [4/10/08 14:52:46:751 EDT] 00000029 SystemErr     R 	at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:465)
                    [4/10/08 14:52:46:751 EDT] 00000029 SystemErr     R 	at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:394)
                    [4/10/08 14:52:46:751 EDT] 00000029 SystemErr     R 	at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:274)
                    [4/10/08 14:52:46:751 EDT] 00000029 SystemErr     R 	at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
                    [4/10/08 14:52:46:751 EDT] 00000029 SystemErr     R 	at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113)
                    [4/10/08 14:52:46:751 EDT] 00000029 SystemErr     R 	at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:152)
                    [4/10/08 14:52:46:751 EDT] 00000029 SystemErr     R 	at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:213)
                    [4/10/08 14:52:46:751 EDT] 00000029 SystemErr     R 	at com.ibm.io.async.AbstractAsyncFuture.fireCompletionActions(AbstractAsyncFuture.java:195)
                    [4/10/08 14:52:46:751 EDT] 00000029 SystemErr     R 	at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136)
                    [4/10/08 14:52:46:751 EDT] 00000029 SystemErr     R 	at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:194)
                    [4/10/08 14:52:46:751 EDT] 00000029 SystemErr     R 	at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:741)
                    [4/10/08 14:52:46:751 EDT] 00000029 SystemErr     R 	at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:863)
                    [4/10/08 14:52:46:751 EDT] 00000029 SystemErr     R 	at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1510)
                    Aside from implementing the interceptors on both the server and client, is there any implementation required in my code base to use wss4j?

                    Comment


                    • #11
                      Your SOAP request seems to have no security info, can I see your client configuration please.

                      Comment


                      • #12
                        Originally posted by vijay.akula View Post
                        Your SOAP request seems to have no security info, can I see your client configuration please.
                        You're right; I'll take a look at my configuration and see if I can see why it is not picking that up. Here is my client config:

                        Code:
                        <?xml version="1.0" encoding="UTF-8"?>
                        <beans xmlns="http://www.springframework.org/schema/beans"
                        	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                        	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
                        
                        	<bean id="wireFxServiceClient" parent="abstractClient"
                        		class="com.pnc.wire.web.controller.WireFxServiceClient">
                        		<property name="marshaller" ref="marshaller" />
                        		<property name="unmarshaller" ref="marshaller" />
                        	
                        		<property name="interceptors">
                        			<bean class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
                        				<property name="securementActions" value="Signature"/>
                        				<property name="securementUsername" value="wireUsr"/>
                        				<property name="securementPassword" value="wirePass"/>
                        				<property name="securementSignatureCrypto">
                        					<bean class="org.springframework.ws.soap.security.wss4j.support.CryptoFactoryBean">
                        						<property name="keyStorePassword" value="wirefx"/>
                        						<property name="keyStoreLocation" value="classpath:/WEB-INF/wireFx.jks"/>
                        					</bean>
                        				</property>
                        			</bean>
                        		</property>
                        	</bean>
                        
                        	<bean id="messageFactory"
                        		class="org.springframework.ws.soap.saaj.SaajSoapMessageFactory" />
                        
                        	<bean id="abstractClient" abstract="true">
                        		<constructor-arg ref="messageFactory" />
                        		<property name="defaultUri"
                        			value="http://localhost:9080/wire/services" />
                        	</bean>
                        
                        	<bean id="marshaller"
                        		class="org.springframework.oxm.jaxb.Jaxb2Marshaller">
                        		<property name="classesToBeBound">
                        			<list>
                        				<value>com.pnc.wire.fx.model.FxRateRequest</value>
                        				<value>com.pnc.wire.fx.model.FxRateResponse</value>
                        			</list>
                        		</property>
                        	</bean>
                        </beans>

                        Comment


                        • #13
                          vijay you little super star i have been looking for a step by step like this for a week now!

                          Comment


                          • #14
                            Ok now with a marshaller

                            ok i am trying this now with a jaxb marshalled message from the client.



                            client applicationCtx.xml is

                            Code:
                                   <bean id="client" class="Client">
                                   		<property name="marshaller" ref="marshaller"/>
                                   		<property name="unmarshaller" ref="marshaller"/>
                                   		<property name="defaultUri" value="http://localhost:8080/testWS/searchService"/>
                                   		<property name="interceptors">
                                   			<list>	
                                   				<ref local="wsInterceptor"/>
                                   			</list>
                                   		</property>
                                   </bean>
                                   
                                   <bean id="marshaller" class="org.springframework.oxm.jaxb.Jaxb2Marshaller">
                                   		<property name="contextPath" value="uk.co.was.schema"/>
                                   </bean>
                                   
                                   <bean id="wsInterceptor" class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
                                   		<property name="securementActions" value="UsernameToken"/>
                                   		<property name="securementUsername" value="Ian"/>
                                   		<property name="securementPassword" value="password"/>
                                   </bean>
                            the class looks like this

                            Code:
                            	public static void main(String[] args) {
                            		ApplicationContext ctx = new ClassPathXmlApplicationContext("applicationContext.xml",Client.class);
                            		Client client = (Client) ctx.getBean("client",Client.class);
                            		client.getPolicies();
                            	}
                            	
                            	public void getPolicies(){
                            		PolicyHolderRequest req = jaxb.createPolicyHolderRequest();
                            		req.setHolderName("param");
                            		PolicyHolderResponse res = (PolicyHolderResponse) getWebServiceTemplate().marshalSendAndReceive(req);
                            
                            	}
                            and the exception is as follows

                            Code:
                            Exception in thread "main" org.springframework.ws.soap.client.SoapFaultClientException: One or more mandatory SOAP header blocks not understood
                            	at org.springframework.ws.soap.client.core.SoapFaultMessageResolver.resolveFault(SoapFaultMessageResolver.java:37)
                            	at org.springframework.ws.client.core.WebServiceTemplate.handleFault(WebServiceTemplate.java:668)
                            	at org.springframework.ws.client.core.WebServiceTemplate.doSendAndReceive(WebServiceTemplate.java:502)
                            	at org.springframework.ws.client.core.WebServiceTemplate.sendAndReceive(WebServiceTemplate.java:440)
                            	at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:289)
                            	at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:283)
                            	at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:275)
                            	at Client.getPolicies(Client.java:31)
                            	at Client.main(Client.java:22)
                            clearly something going in the web service template, i looked in the api docs and there is a version of marshalSendReceive that takes the Object and a callbackHandler - however my understanding on the Wss4j interceptor was that it did it for you, any clues anyone?

                            Comment


                            • #15
                              Hi, i have error during compilation :

                              WSHandler: wrong part definition: {http://schema.mywebservice.com/xxx}a;

                              and my code is:

                              Code:
                              <property name="securementEncryptionParts" value="{http://schema.mywebservice.com/xxx}a"/>
                              What is the problem ?

                              Thanks.

                              Comment

                              Working...
                              X