Announcement Announcement Module
Collapse
No announcement yet.
How to authenticate WS client with certification Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to authenticate WS client with certification

    Hi,

    creating a WS client with is connecting to a https web service. This is no problem, https communication works. But the Web method with i call must authenticate using a certificate (like you enter a certificate into WS-Security Configuration/Keystore - if you call it from Soap UI).

    I exported me certificate with private key from IE (like a .pfx file) and created me keystore.jks file with this certificate (PKCS#12).
    Code:
     keytool -importkeystore -srckeystore KEYSTORE.p12 -srcstoretype PKCS12 -destkeystore mestore.jks
    Now, when i run the server with params -Djavax.net.ssl.keyStore=mestore.jks -Djavax.net.ssl.keyStorePassword=passwd, everythink work.

    But with "only from Spring" way. Does not. Common code:

    Code:
    <bean id="webServiceTemplate" class="org.springframework.ws.client.core.WebServiceTemplate">
            <constructor-arg ref="messageFactory" />
             ....
            <property name="interceptors">
                <list>
                    <ref bean="wsSecurityInterceptor" />
                </list>
            </property>
        </bean>
    • Using Wss4jSecurityInterceptor become error:java.security.UnrecoverableKeyException: Cannot recover key
    Code:
    <bean id="wsSecurityInterceptor" class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
            <property name="securementActions" value="Signature" />
            <property name="securementSignatureKeyIdentifier" value="DirectReference" />
            <property name="securementUsername" value="my_alias" />
            <property name="securementPassword" value="passwd" />
            <property name="securementSignatureCrypto">
                <bean class="org.springframework.ws.soap.security.wss4j.support.CryptoFactoryBean">
                    <property name="keyStorePassword" value="passwd" />
                    <property name="keyStoreLocation" value="classpath:mestore.jks" />
                </bean>
            </property>
        </bean>
    • Using XwsSecurityInterceptor - its just ignore this interceptor
    Code:
    <bean id="wsSecurityInterceptor" class="org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor">
            <property name="policyConfiguration" value="classpath:securityPolicy.xml" />
            <property name="callbackHandlers">
                <list>
                    <ref bean="keyStoreHandler" />
                </list>
            </property>
        </bean>
        
        <bean id="keyStore" class="org.springframework.ws.soap.security.support.KeyStoreFactoryBean">
            <property name="password" value="passwd" />
            <property name="location" value="classpath:mestore.jks" />
        </bean>
        
        <bean id="keyStoreHandler" class="org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler">
            <property name="keyStore" ref="keyStore" />
            <property name="privateKeyPassword" value="passwd" />
        </bean>
    securityPolicy.xml (suppose here is the problem. What should i put here for mutual authentication?):
    Code:
    <xwss:SecurityConfiguration xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
        <xwss:RequireSignature requireTimestamp="true"/>
    </xwss:SecurityConfiguration>
    tHx for help
    Last edited by Horyna; Jan 31st, 2014, 07:18 AM.

  • #2
    Sorry for not getting to this sooner. We are in the process of moving to StackOverflow for our forums.

    This question is probably a better candidate for StackOverflow, perhaps against the #spring-ws tag. If you do post it there, please reply here with the link.
    Thanks!

    Comment

    Working...
    X