Spring 4 Wss4jSecurityInterceptor
Bonjour,
je souhaiterais consommer un web service sécurisé avec spring. Voici la configuration de mon client :
Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
@Configurable
public class WebServiceConfig {
/** Environment env */
@Autowired
private Environment env;
/**
* déclaration du web service
*
* @return WebServiceTemplate
* @throws SOAPException
*/
@Bean
public WebServiceTemplate processDeclarationTemplate() {
WebServiceTemplate webServiceTemplate = new WebServiceTemplate();
webServiceTemplate.setDefaultUri(env.getProperty("webServiceURL"));
webServiceTemplate.setMarshaller(marshaller());
webServiceTemplate.setUnmarshaller(marshaller());
webServiceTemplate.setInterceptors(new ClientInterceptor[] { new ProcessDeclarationInterceptor(), securityInterceptor() });
return webServiceTemplate;
}
/**
* Definition du Marshaller/Unmarshaller
*
* @return Jaxb2Marshaller
*/
@Bean
public Jaxb2Marshaller marshaller() {
Jaxb2Marshaller marshaller = new Jaxb2Marshaller();
marshaller.setContextPath("fr.integrate.ws.schema");
return marshaller;
}
/**
* securityInterceptor
*
* @return Wss4jSecurityInterceptor
*/
@Bean
public Wss4jSecurityInterceptor securityInterceptor() {
Wss4jSecurityInterceptor securityInterceptor = new Wss4jSecurityInterceptor();
securityInterceptor.setValidationActions(env.getProperty("validationActions", "UsernameToken"));
securityInterceptor.setSecurementPasswordType(env.getProperty("securementPasswordType", "PasswordText"));
securityInterceptor.setValidateRequest(env.getProperty("validateRequest", Boolean.class, true));
securityInterceptor.setValidateResponse(env.getProperty("validateResponse", Boolean.class, false));
securityInterceptor.setSecureRequest(env.getProperty("secureRequest", Boolean.class, true));
securityInterceptor.setSecureResponse(env.getProperty("secureResponse", Boolean.class, false));
securityInterceptor.setSecurementUsername(env.getProperty("webservices.authentication.security.user.name"));
securityInterceptor.setSecurementPassword(env.getProperty("webservices.authentication.security.user.password"));
securityInterceptor.setValidationCallbackHandler(callbackHandler());
return securityInterceptor;
}
@Bean
public CallbackHandler callbackHandler() {
Properties props = new Properties();
props.setProperty(env.getProperty("webservices.authentication.security.user.name"), env.getProperty("webservices.authentication.security.user.password"));
SimplePasswordValidationCallbackHandler callbackHandler = new SimplePasswordValidationCallbackHandler();
callbackHandler.setUsers(props);
return callbackHandler;
}
} |
et le service qui appel le web service :
Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
@Service
public class WebServiceImpl implements WebService {
/** Logger LOGGER */
private static final Logger LOGGER = LoggerFactory.getLogger(WebServiceImpl .class);
@Autowired
@Qualifier("webServiceTemplate")
private WebServiceOperations webServiceTemplate;
...
@Override
public Response callWebService(String _id) {
Request request = this.getRequest (_id);
Response response = null;
try {
LOGGER.info("Appel du web service avec l'id : {}", id);
response = (Response) this.webServiceTemplate.marshalSendAndReceive(request);
} catch (WebServiceException e1) {
LOGGER.error(e1.getMessage(), e1);
}
return response;
} |
Mon soucis est que ma requête n'est pas sécurisé et le header reste vide... :
Code:
1
2
3
|
16:13:54.215 [SimpleAsyncTaskExecutor-1] ERROR f.i.s.WebServiceImpl - No WS-Security header found
org.springframework.ws.soap.client.SoapFaultClientException: No WS-Security header found |
Quelqu'un aurait une idée? Merci :-)
