Announcement Announcement Module
Collapse
No announcement yet.
problem in webservice security Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • problem in webservice security

    Hi All,
    I am new to web services. I had a web service running with both server and client. Now, I am trying to implement security.
    on the server side i have..
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
    	xmlns:context="http://www.springframework.org/schema/context"
    	xsi:schemaLocation="http://www.springframework.org/schema/beans             
    	http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
    	http://www.springframework.org/schema/context                        
    	http://www.springframework.org/schema/context/spring-context-2.5.xsd">
    
    	<!-- PayloadRootAnnotationMethodEndpointMapping is the Mapping that detects 
    		and handles the @PayloadRoot Annotation -->
    	<bean
    		class="org.springframework.ws.server.endpoint.mapping.PayloadRootAnnotationMethodEndpointMapping">
    		<property name="interceptors">
    			<list>
    				<bean
    					class="org.springframework.ws.server.endpoint.interceptor.PayloadLoggingInterceptor" />
    				 	<ref local="wsSecurityInterceptor" />
    			 	
    			</list>
    		</property>
    	</bean>
    
    	<bean id="orderServiceEndpoint"
    		class="com.live.order.service.endpoint.OrderServicePayloadRootAnnotationEndPoint">
    		<constructor-arg>
    			<bean class="com.live.order.service.OrderServiceImpl" />
    		</constructor-arg>
    
    	</bean>
    	<bean id="OrderService"
    		class="org.springframework.ws.wsdl.wsdl11.DefaultWsdl11Definition">
    		<property name="schema" ref="orderServiceSchema" />
    		<property name="portTypeName" value="OrderService" />
    		<property name="locationUri" value="http://www.liverestaurant.com/OrderService/" />
    		<property name="targetNamespace"
    			value="http://www.liverestaurant.com/OrderService/schema" />
    	</bean>
    
    	<bean id="orderServiceSchema" class="org.springframework.xml.xsd.SimpleXsdSchema">
    		<property name="xsd"
    			value="/WEB-INF/classes/com/live/order/schema/OrderService.xsd" />
    	</bean>
    
    	<bean
    		class="org.springframework.ws.server.endpoint.adapter.GenericMarshallingMethodEndpointAdapter">
    		<constructor-arg ref="marshaller" />
    	</bean>
    
    	<bean id="marshaller" class="org.springframework.oxm.jaxb.Jaxb2Marshaller">
    		<property name="contextPath" value="com.live.order.domain" />
    	</bean>
    
    	<bean id="wsSecurityInterceptor"
    		class="org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor">
    		<description>
    			This interceptor validates incoming messages according to the policy
    			defined in 'securityPolicy.xml'.
    			The policy defines that all incoming requests must have a UsernameToken
    			with a password digest in it.
    			The actual authentication is performed by the Spring Security callback
    			handler.
            </description>
    		<property name="secureResponse" value="false" />
    		<property name="policyConfiguration" value="classpath:securityPolicy.xml" />
    		<property name="callbackHandlers">
    			<list>
    				<!-- <ref bean="passwordValidationHandler" /> -->
    				<ref bean="keyStoreHandler" />
    				<!-- <ref bean="springSecurityHandler" /> -->
    			</list>
    		</property>
    	</bean>
    
    	 <bean id="keyStore"
    		class="org.springframework.ws.soap.security.support.KeyStoreFactoryBean">
    		<property name="password" value="test0000" />
    		<property name="location" value="classpath:mystore.jks" />
    	</bean>
    
    	<bean id="keyStoreHandler"
    		class="org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler">
    		<property name="keyStore" ref="keyStore" />
    		<property name="privateKeyPassword" value="test0000" />
    		<!-- <property name="trustStore" ref="trustStore" /> -->
    	</bean>
    
    	<!-- <bean id="trustStore"
    		class="org.springframework.ws.soap.security.support.KeyStoreFactoryBean">
    		<property name="location" value="classpath:truststore.jks" />
    		<property name="password" value="test1234" />
    	</bean>
    
    	<bean id="passwordValidationHandler"
    		class="org.springframework.ws.soap.security.xwss.callback.SimplePasswordValidationCallbackHandler">
    		<property name="users">
    			<props>
    				<prop key="Prasad">TestPass123</prop>
    			</props>
    		</property>
    	</bean>
    
    	  <bean id="wsDigCerSecurityInterceptor"
    		class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
    		<property name="validationActions" value="Signature" />
    		<property name="validationSignatureCrypto">
    			<bean
    				class="org.springframework.ws.soap.security.wss4j.support.CryptoFactoryBean">
    				<property name="keyStorePassword" value="test0000" />
    				<property name="keyStoreLocation" value="classpath:mystore.jks" />
    			</bean>
    		</property>
    	</bean>-->
    	
    	
    
    </beans>
    security policy on server side is:
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <xwss:SecurityConfiguration xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">    
        <xwss:RequireSignature requireTimestamp="false" />
    </xwss:SecurityConfiguration>
    on client side configuation is
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
    	xmlns:util="http://www.springframework.org/schema/util" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xsi:schemaLocation="http://www.springframework.org/schema/beans
            http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
            http://www.springframework.org/schema/util
            http://www.springframework.org/schema/util/spring-util-2.0.xsd">
    
    	<bean id="messageFactory" class="org.springframework.ws.soap.saaj.SaajSoapMessageFactory">
    		<property name="soapVersion">
    			<util:constant static-field="org.springframework.ws.soap.SoapVersion.SOAP_11" />
    		</property>
    	</bean>
    
    	<bean id="orderServiceMarshaller" class="org.springframework.oxm.jaxb.Jaxb2Marshaller">
    		<property name="contextPath" value="com.live.order.domain" />
    	</bean>
    
    	<bean id="orderServiceTemplate" class="org.springframework.ws.client.core.WebServiceTemplate">
    		<constructor-arg ref="messageFactory" />
    		<property name="marshaller" ref="orderServiceMarshaller"></property>
    		<property name="unmarshaller" ref="orderServiceMarshaller"></property>
    		<property name="messageSender">
    			<bean
    				class="org.springframework.ws.transport.http.CommonsHttpMessageSender">
    				<property name="readTimeout" value="0"></property>
    			</bean>
    			
    		</property>
    		<property name="defaultUri"
    			value="http://localhost:8080/LiveRestaurant/spring-ws/OrderService" />
    		<property name="interceptors">
    			<list>
    				<ref bean="securityInterceptor"></ref>
    			</list>
    		</property>
    		
    	</bean>
    
    	<bean id="OrderServiceClient" class="com.live.order.service.client.OrderServiceClient">
    		<constructor-arg ref="orderServiceTemplate"></constructor-arg>
    	</bean>
    	
    	<bean id="securityInterceptor" class="org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor">
    	<property name="policyConfiguration" value="classpath:securityPolicy.xml"/>
    		<property name="callbackHandlers">
    			<list>
    				<ref bean="keyStoreHandler"/>
    			</list>
    		</property>
    	</bean>
    	
    	<bean id="keyStore"
    		class="org.springframework.ws.soap.security.support.KeyStoreFactoryBean">
    		<property name="password" value="test0000" />
    		<property name="location" value="classpath:mystore.jks" />
    	</bean>
    
    	<bean id="keyStoreHandler"
    		class="org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler">
    		<property name="keyStore" ref="keyStore" />
    		
    		<property name="privateKeyPassword" value="test0000" />
    		<!-- <property name="trustStore" ref="trustStore" /> -->
    	</bean>
    
    </beans>
    security policy on client side
    Code:
    <xwss:SecurityConfiguration dumpMessages="true" xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
        <xwss:Sign includeTimestamp="false">
        <xwss:X509Token certificateAlias="mystore" />
        </xwss:Sign>
    </xwss:SecurityConfiguration>
    I am getting exception as
    Code:
    WARN  [XwsSecurityInterceptor] Could no
    t validate request: com.sun.xml.wss.XWSSecurityException: javax.xml.crypto.dsig.
    XMLSignatureException: java.security.InvalidKeyException: Not an RSA key: DSA; n
    ested exception is com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.XWSSecu
    rityException: javax.xml.crypto.dsig.XMLSignatureException: java.security.Invali
    dKeyException: Not an RSA key: DSA
    can please anyone let me know what i am doing wrong and help me to implement security in web services..

  • #2
    ws-security problem...

    Hi Prasi...

    i'll suggest you to check your keystore...

    i think your keystore is not generated in the correct way.

    How did you generete the kestore and the truststore?

    Laions

    Comment


    • #3
      ws-security problem

      Thanks for the reply laions...
      I have created my keystore and truststore using keytool command..

      Comment


      • #4
        Originally posted by Prasi View Post
        Thanks for the reply laions...
        I have created my keystore and truststore using keytool command..
        but now does it work?

        if not...try this... http://ruchirawageesha.blogspot.com/...keystores.html

        Comment


        • #5
          Thanks for the link laions, today i am on leave.so, not able to test it.. will test it tomorrow and post it..

          Comment


          • #6
            ws-security problem.

            Thanks for your help laions, its working now..

            Comment


            • #7
              problem in webservice security

              When I set up my computer and first set up my internet connection, windows suggested that i set up norton security, however my only questions are: Do i have to pay for this service?
              Sunless Tanning

              Comment


              • #8
                @Prasi: you are welcome!!... i'm happy to help you!

                @Charlotholz: i think it is out of thread!!!

                Comment

                Working...
                X