Spring ws sa wss4j-om, problemValidacija timestamp-a i digitalnog potpisa funkcionise, ali kad podesim da se koristi enkripcija/dekripcija, desava se sledece(na web servis delu):
...
DEBUG [org.springframework.ws.transport.http.WebServiceMessageReceiverHandlerAdapter] - Accepting incoming [org.springframework.ws.transport.http.HttpServletConnection@2f8eb79f] at [http://localhost:8080/person/services]
DEBUG [org.springframework.ws.server.MessageTracing.received] - Received request [SaajSoapMessage {http://www.w3.org/2001/04/xmlenc#}EncryptedData]
DEBUG [org.springframework.ws.server.endpoint.mapping.PayloadRootAnnotationMethodEndpointMapping] - Looking up endpoint for [{http://www.w3.org/2001/04/xmlenc#}EncryptedData]
...
i na kraju ne nadje endpoint mapping, izbaci gresku WebServiceTransportException: Not Found [404] i to je to. Znaci kao da ne desifruje poruku pre nego sto pocne da trazi endpoint za nju. Evo delova podesavanja:
klijent(appContext.xml):
Code:
<bean id="webServiceTemplate" class="org.springframework.ws.client.core.WebServiceTemplate"
p:marshaller-ref="jaxbMarshaller"
p:unmarshaller-ref="jaxbMarshaller"
p:defaultUri="http://localhost:15555/person/services"
p:messageSender-ref="messageSender">
<constructor-arg ref="messageFactory"/>
<property name="interceptors">
<list>
<ref local="wss4jSecurityInterceptor"/>
</list>
</property>
</bean>
..
<bean id="messageSender" class="org.springframework.ws.transport.http.CommonsHttpMessageSender"/>
<bean id="messageFactory" class="org.springframework.ws.soap.saaj.SaajSoapMessageFactory"/>
..
<bean id="wss4jSecurityInterceptor" class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
<!-- DEKRIPCIJA,PROVERA TIMESTAMP-A, VALIDACIJA SERTIFIKATA I PROVERA DIG. POTPISA -->
<property name="validationActions" value="Timestamp Signature Encrypt"/>
<property name="enableSignatureConfirmation" value="true"/>
<property name="validationSignatureCrypto">
<ref bean="keystore"/>
</property>
<property name="validationDecryptionCrypto">
<ref bean="keystore"/>
</property>
<property name="validationCallbackHandler">
<bean class="org.springframework.ws.soap.security.wss4j.callback.KeyStoreCallbackHandler">
<property name="privateKeyPassword" value="password"/>
</bean>
</property>
<!-- TIMESTAMP PODESAVANJA -->
<property name="timestampStrict" value="true"/>
<property name="timeToLive" value="30"/>
<property name="timestampPrecisionInMilliseconds" value="true"/>
<!-- ENKRIPCIJA, STAVLJANJE DIGITALNOG POTPISA -->
<property name="securementActions" value="Timestamp Signature Encrypt"/>
<property name="securementSignatureKeyIdentifier" value="DirectReference"/>
<property name="securementUsername" value="wsclient"/>
<property name="securementPassword" value="password"/>
<property name="securementSignatureCrypto">
<ref bean="keystore"/>
</property>
<property name="securementEncryptionUser" value="wsserver"/>
<property name="securementEncryptionCrypto">
<ref bean="keystore"/>
</property>
</bean>
...
<bean id="keystore" class="org.springframework.ws.soap.security.wss4j.support.CryptoFactoryBean">
<property name="keyStorePassword" value="password"/>
<property name="keyStoreLocation" value="WEB-INF/Keystore.jks"/>
</bean>
<bean id="webServiceTemplate" class="org.springframework.ws.client.core.WebServiceTemplate"
p:marshaller-ref="jaxbMarshaller"
p:unmarshaller-ref="jaxbMarshaller"
p:defaultUri="http://localhost:15555/person/services"
p:messageSender-ref="messageSender">
<constructor-arg ref="messageFactory"/>
<property name="interceptors">
<list>
<ref local="wss4jSecurityInterceptor"/>
</list>
</property>
</bean>
..
<bean id="messageSender" class="org.springframework.ws.transport.http.CommonsHttpMessageSender"/>
<bean id="messageFactory" class="org.springframework.ws.soap.saaj.SaajSoapMessageFactory"/>
..
<bean id="wss4jSecurityInterceptor" class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
<!-- DEKRIPCIJA,PROVERA TIMESTAMP-A, VALIDACIJA SERTIFIKATA I PROVERA DIG. POTPISA -->
<property name="validationActions" value="Timestamp Signature Encrypt"/>
<property name="enableSignatureConfirmation" value="true"/>
<property name="validationSignatureCrypto">
<ref bean="keystore"/>
</property>
<property name="validationDecryptionCrypto">
<ref bean="keystore"/>
</property>
<property name="validationCallbackHandler">
<bean class="org.springframework.ws.soap.security.wss4j.callback.KeyStoreCallbackHandler">
<property name="privateKeyPassword" value="password"/>
</bean>
</property>
<!-- TIMESTAMP PODESAVANJA -->
<property name="timestampStrict" value="true"/>
<property name="timeToLive" value="30"/>
<property name="timestampPrecisionInMilliseconds" value="true"/>
<!-- ENKRIPCIJA, STAVLJANJE DIGITALNOG POTPISA -->
<property name="securementActions" value="Timestamp Signature Encrypt"/>
<property name="securementSignatureKeyIdentifier" value="DirectReference"/>
<property name="securementUsername" value="wsclient"/>
<property name="securementPassword" value="password"/>
<property name="securementSignatureCrypto">
<ref bean="keystore"/>
</property>
<property name="securementEncryptionUser" value="wsserver"/>
<property name="securementEncryptionCrypto">
<ref bean="keystore"/>
</property>
</bean>
...
<bean id="keystore" class="org.springframework.ws.soap.security.wss4j.support.CryptoFactoryBean">
<property name="keyStorePassword" value="password"/>
<property name="keyStoreLocation" value="WEB-INF/Keystore.jks"/>
</bean>
Na servis strani je sve isto, samo se za enkripciju(securementEncryptionUser) koristi wsclient alias, a za potpis(securementUsername) wsserver alias.
Servis interceptor-i:
Code:
<sws:interceptors>
<ref bean="wss4jSecurityInterceptor"/>
<bean id="validatingInterceptor"
class="org.springframework.ws.soap.server.endpoint.interceptor.PayloadValidatingInterceptor">
<property name="schema" value="/WEB-INF/person.xsd"/>
<property name="validateRequest" value="true"/>
<property name="validateResponse" value="true"/>
</bean>
<bean id ="loggingInterceptor" class="org.springframework.ws.server.endpoint.interceptor.PayloadLoggingInterceptor"></bean>
</sws:interceptors>
<sws:interceptors>
<ref bean="wss4jSecurityInterceptor"/>
<bean id="validatingInterceptor"
class="org.springframework.ws.soap.server.endpoint.interceptor.PayloadValidatingInterceptor">
<property name="schema" value="/WEB-INF/person.xsd"/>
<property name="validateRequest" value="true"/>
<property name="validateResponse" value="true"/>
</bean>
<bean id ="loggingInterceptor" class="org.springframework.ws.server.endpoint.interceptor.PayloadLoggingInterceptor"></bean>
</sws:interceptors>
Keystore.jks(koristi kljijent):
- Alias name wsserver, Entry Type : TrustedCertEntry
- Alias name wsclient, Entry Type : PrivateKeyEntry
- Alias name wsca, Entry Type : TrustedCertEntry(ovim sam potpisivao wsclient i wsserver sertifikate, znaci ima ulogu CA)
MyTruststore.jks(koristi je servis)
- Alias name wsserver, Entry Type : PrivateKeyEntry
- Alias name wsclient, Entry Type : TrustedCertEntry
- Alias name wsca, Entry Type : TrustedCertEntry
Slazu im se MD5 i SHA1 digesti....
Ako neko moze da pokaze kako na pravi nacin da podesim timestamp ubacivanje/validacija,signature(x509 cert) ubacivanje/validacija, enkripcija/dekripcija (opet x509), vec sam pokusavao i sa xwss-om, cini mi se da je i on pravio problem, ne secam se vise gde, doduse....
