Spring XWSS Message Signing

StackOverflow https://stackoverflow.com/questions/21526767

Question

I am currently working on a client interface which connects to a third party web service.

This 3rd party web service requires that all messages sent to them are signed with the client's private key.

I am attempting to implement this using Spring's XWSS support as documented here:

http://docs.spring.io/spring-ws/site/reference/html/security.html

The issue I'm facing is that the messages I send out are not being signed despite what as far as I can tell is a correct configuration.

My applicationContext.xml is as follows:

<beans 
   xmlns="http://www.springframework.org/schema/beans"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
   xmlns:p="http://www.springframework.org/schema/p"
   xmlns:util="http://www.springframework.org/schema/util" 
   xmlns:context="http://www.springframework.org/schema/context"
   xmlns:tx="http://www.springframework.org/schema/tx" 
   xmlns:aop="http://www.springframework.org/schema/aop"
   xsi:schemaLocation="http://www.springframework.org/schema/beans
                       http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
                       http://www.springframework.org/schema/util
                       http://www.springframework.org/schema/util/spring-util-3.1.xsd
                       http://www.springframework.org/schema/context
                       http://www.springframework.org/schema/context/spring-context-3.1.xsd
                       http://www.springframework.org/schema/tx
                       http://www.springframework.org/schema/tx/spring-tx-3.1.xsd
                       http://www.springframework.org/schema/aop
                       http://www.springframework.org/schema/aop/spring-aop-3.1.xsd">

    ^
    |
    |
    B
    E
    A
    N
    S
    |
    |
    V

    <bean id="wsSecurityInterceptor"
         class="org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor">
         <property name="policyConfiguration" value="classpath:securityPolicy.xml"/>
         <property name="callbackHandlers">
            <list>
               <ref bean="keyStoreHandler"/>
            </list>
         </property>
    </bean>

    <bean id="keyStoreHandler"
         class="org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler">
         <property name="keyStore" ref="keyStore"/>
         <property name="privateKeyPassword" value="ckpass"/>
    </bean>

    <bean id="keyStore"
        class="org.springframework.ws.soap.security.support.KeyStoreFactoryBean">
        <property name="location" value="file:///C:/path/to/security/clientKeystore.jks"/>
        <property name="password" value="cspass"/>
    </bean>
</beans>

My securityPolicy.xml consists of the following:

<xwss:SecurityConfiguration dumpMessages="true" xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
    <xwss:Sign>
   </xwss:Sign>
</xwss:SecurityConfiguration>

However there are no messages being dumped to standard output when I send messages out and the messages I send out do not contain the signature elements I would expect.

I suspect I am missing something quite trivial here however I cannot tell what that is for the life of me!

Was it helpful?

Solution

In your configuration you only configure the interceptor. Currently it takes up only memory just hanging around and doing nothing. You should hook this interceptor up to your WebServiceTemplate (or class that extends WebServiceGatewaySupport.

Assuming you have one of those you should have something like this.

<bean id="yourClient" class="YourClientClass">
    <property name="interceptors" ref="wsSecurityInterceptor"/>
    // Your other properties here
</bean>

This wired your interceptor to the WebServiceTemplate used, without it the interceptor is basically not used.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top