Mohamed Sweelam
Reputation: 1229
Why did secure Spring WS integration return Unauthorized [401]?
I'm trying to consume a secure third-party SOAP web service in Spring boot, and I'm following Spring WS plus an online resource describing secure integration Spring WS - HTTPS Client-Server Example. After locating the certificate .cer and .jks files under resources folder, and used this code to wrap my configuration:
@Configuration
public class WSGeneralConfig {
@Autowired
@Qualifier("WifiTouristConfig")
CredentailsConfig wifiTouristConfig;
@Autowired
@Qualifier("TradeinWSConfig")
CredentailsConfig tradeinWSConfig;
@Autowired
ClientInterceptor[] interceptors;
@Bean
public WifiToursitWrapper wifiToursitWrapper(@Value("${tibco.wifi.tourist.url}") String uri) throws Exception {
WifiToursitWrapper wifiToursitWrapper = new WifiToursitWrapper();
Jaxb2Marshaller marshaller = new Jaxb2Marshaller();
marshaller.setContextPath("com.usp.tibco.wifi");
wifiToursitWrapper.setMarshaller(marshaller);
wifiToursitWrapper.setUnmarshaller(marshaller);
wifiToursitWrapper.setDefaultUri(uri);
wifiToursitWrapper.setInterceptors(interceptors);
wifiToursitWrapper.setMessageSender(
httpComponentsMessageSender(wifiTouristConfig.getUsername(), wifiTouristConfig.getPassword()));
return wifiToursitWrapper;
}
public HttpComponentsMessageSender httpComponentsMessageSender(String userName, String password) throws Exception {
HttpComponentsMessageSender httpComponentsMessageSender = new HttpComponentsMessageSender();
httpComponentsMessageSender.setCredentials(new UsernamePasswordCredentials(userName, password));
httpComponentsMessageSender.setHttpClient(httpClient());
httpComponentsMessageSender.setAuthScope(AuthScope.ANY);
httpComponentsMessageSender.afterPropertiesSet();
return httpComponentsMessageSender;
}
public HttpClient httpClient() throws Exception {
return HttpClientBuilder
.create()
.setSSLSocketFactory(new SSLConnectionSocketFactory(sslContext(), NoopHostnameVerifier.INSTANCE))
.addInterceptorFirst(new RemoveSoapHeadersInterceptor()).build();
}
public SSLContext sslContext() throws Exception {
File file = new ClassPathResource("cert/cacerts.jks").getFile();
return SSLContextBuilder.create().loadTrustMaterial(file, "jksPassword".toCharArray()).build();
}
}
The client class also like this
public class WifiToursitWrapper extends WebServiceGatewaySupport {
@SoapOperationName(systemName = SystemName.TIBCO, operationName = "RegisterByIntlNo")
public RegisterByIntlNoResponse registerByIntlNo(RegisterByIntlNoRequest request) {
return (RegisterByIntlNoResponse) getWebServiceTemplate().marshalSendAndReceive(request,
message -> ((SoapMessage) message)
.setSoapAction("/RegisterByIntlNo"));
}
}
Unfortunately I got Unauthorized exception, and I don't know what the root cause of that? here is a snapshot from Exception stack trace
org.springframework.ws.client.WebServiceTransportException: Unauthorized [401]
at org.springframework.ws.client.core.WebServiceTemplate.handleError(WebServiceTemplate.java:699)
at org.springframework.ws.client.core.WebServiceTemplate.doSendAndReceive(WebServiceTemplate.java:609)
at org.springframework.ws.client.core.WebServiceTemplate.sendAndReceive(WebServiceTemplate.java:555)
at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:390)
at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:383)
at com.etisalat.account.wrapper.WifiToursitWrapper.registerByIntlNo(WifiToursitWrapper.java:25)
Upvotes: 1
Views: 2344
Answers (1)
Mohamed Sweelam
Reputation: 1229
I solved the issue by adding Base Authentication to my request, with a good help from this question's answer Consuming SOAP WS returns Error 401 unauthorized , I changed some little code for my case.
private HttpComponentsMessageSender httpComponentsMessageSender(String userName, String password) throws Exception {
HttpComponentsMessageSender httpComponentsMessageSender = new HttpComponentsMessageSender();
httpComponentsMessageSender.setHttpClient(httpClient(userName, password));
return httpComponentsMessageSender;
}
private HttpClient httpClient(String username, String password) throws Exception {
List<Header> headers = new ArrayList<>();
BasicHeader authHeader = new BasicHeader("Authorization", "Basic " + base64authUserPassword(username, password));
headers.add(authHeader);
RequestDefaultHeaders reqHeader = new RequestDefaultHeaders(headers);
return HttpClientBuilder.create()
.setSSLSocketFactory(new SSLConnectionSocketFactory(sslContext(), NoopHostnameVerifier.INSTANCE))
.addInterceptorFirst(new RemoveSoapHeadersInterceptor()).addInterceptorLast(reqHeader).build();
}
private String base64authUserPassword(String username, String password) {
String userpassword = username + ":" + password;
String encodedAuthorization = new String(Base64.getEncoder().encode(userpassword.getBytes()));
return encodedAuthorization;
}
Upvotes: 1
Related Questions
- Spring Boot: Full authentication is required to access this resource
- Regarding Spring WS Security using XWSS
- Spring security keeps returning 401 Unauthorized code despite correct credentials provided
- access denied user is anonymous - spring boot ws basic authentication
- Problems with Spring WS Security
- Spring boot using Spring Security authentication failure when using SpringPlainTextPasswordValidationCallbackHandler in an XwsSecurityInterceptor
- Adding Spring Security @Secured annotation with the Spring Web Service disables Web Service endpoint
- WSSecurityException not found when adding spring-ws security
- Implementing Spring WS Security
- com.sun.xml.wss.impl.WssSoapFaultException missing