CODEWITHSUNDEEP
springweb-servicessoapspring-securityspring-ws
Code Falcon
Code Falcon

Reputation: 163

Implementing WS-I Basic Profile in Spring WS

My Project uses Spring WS to consume a SOAP Webservice. Webservice calls are sent via webServiceTemplate.marshalSendAndReceive(..) It all works fine until now.

Recently the Webservice publisher had informed us to implement WS-I Basic Profile 1.1 in order to be able to get responses.

Following is the sample received which is supposedly to be sent on SOAP Header of the request.

<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
    <wsse:UsernameToken>
        <wsse:Username> </wsse:Username>
        <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"> </wsse:Password>
    </wsse:UsernameToken>
</wsse:Security>

Is there an example to configure this ? How do I proceed with Spring-WS Security in this scenario?

Any pointers would be appreciated.

Upvotes: 0

Views: 699

Answers (2)

Code Falcon
Code Falcon

Reputation: 163

Managed to find it out by myself.

Here is the approach.

  1. Declare the bean for Wss4jSecurityInterceptor (this is basically available in spring-ws-security jar) Provide Credentials via securementUsername, securementPassword properties of the bean.

Also importantly set the securementActions to 'UsernameToken' (which is what i needed , just user name and password to be sent in WS-I Basic Profile Header)

There are many other SecurementAction available for securementActions. (Please refer to http://docs.spring.io/spring-ws/site/reference/html/security.html)

  1. Include the Wss4jSecurityInterceptor bean in the webserviceTemplate's interceptor property.

  2. Voila !

Example Configuration

<bean id="wsSecurityInterceptor"
    class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
    <property name="securementActions" value="UsernameToken" />
    <property name="securementUsername" value="${security.username}" />
    <property name="securementPasswordType" value="PasswordText" />
    <property name="securementPassword" value="${security.password}" />
    <property name="securementMustUnderstand" value="false" />
</bean>

<bean id="webServiceTemplate" class="org.springframework.ws.client.core.WebServiceTemplate"
    p:defaultUri="${service.endpt}" p:marshaller-ref="myServiceMarshaller"
    p:unmarshaller-ref="myServiceMarshaller">
    <property name="interceptors">
        <list>
            <ref local="wsSecurityInterceptor" />
            ..
        </list>
    </property>
</bean>

Upvotes: 1

Rudge
Rudge

Reputation: 640

In my case, with SOAP12 and password encrypted with certificate, i did the cxf interceptor implementation, because the config of spring didn't works.

http://cxf.apache.org/docs/ws-security.html

I created the bean JaxWsProxyFactoryBean of webservices and i added the interceptors.

org.apache.cxf.endpoint.Client client = ClientProxy.getClient(YOUR_BEAN);
org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();
cxfEndpoint.getOutInterceptors().add(new WSS4JOutInterceptor(outProps));
cxfEndpoint.getInInterceptors().add( new WSS4JInInterceptor(inProps));

Upvotes: 0

Related Questions