Search code examples
securityencryptioncertificatespring-wswss4j

WSS4J with Spring WS (user/password authentication + .cert)

I am working with Spring integration + Spring WS Security through WSS4JSecurityInterceptor.

I have a WS client consuming a Web service on the server with the next security scenario:

  • Https pre-emptive authentication (User and password)
  • The server side gives me a .cert file to sign but I don’t know how to convert is to a .jks (keystore file)

With these two requisites, I am a bit confused with the examples provided by Spring documentation about client / server configuration. I can’t change any configuration on the server side. I just have: User, password and .cert file.

I have the next Java configuration but I am not sure if it solves my detailed scenario:

@Bean
public Wss4jSecurityInterceptor wss4jSecurityInterceptor() throws IOException, Exception{
    Wss4jSecurityInterceptor interceptor = new Wss4jSecurityInterceptor();
    interceptor.setSecurementActions("UsernameToken Encrypt");
    interceptor.setSecurementUsername("https user");
    interceptor.setSecurementPassword("https password");
    interceptor.setValidationActions("Signature");
    interceptor.setValidationSignatureCrypto( NEED TO BE DEFINED );
    return interceptor;
}
Solution

  • The solution for this scenario:

    1. First of all, import the .cer file to your own keystore:

      keytool -importcert -v -trustcacerts -file "path\to\file.cer" -alias myAlias -keystore "myNewKeyStore.jks" -storepass myPass

    2. Put the file under your classpath

    3. If you are using maven, configure it to include .jks files and NO FILTERING for this kind of resource. This is important in order to maintain the certificate as it is at compilation.

    4. Adapt this configuration to your WS scenario:

      @Bean
public Wss4jSecurityInterceptor wss4jSecurityInterceptor() throws Exception{

  Wss4jSecurityInterceptor interceptor = new Wss4jSecurityInterceptor();
  interceptor.setSecurementActions("UsernameToken");
  interceptor.setSecurementUsername("user http");
  interceptor.setSecurementPassword("pass http");
  interceptor.setValidationActions("Signature");
  interceptor.setValidationSignatureCrypto( myCrypto() );
  interceptor.afterPropertiesSet();
  return interceptor;
}


@Bean
public Crypto myCrypto() throws Exception{
    CryptoFactoryBean factory = new CryptoFactoryBean();
    factory.setTrustStorePassword( "myPass" );
    factory.setKeyStorePassword( "myPass" );
    factory.setKeyStoreLocation( new ClassPathResource("myNewKeyStore.jks") );
    factory.afterPropertiesSet();
    return factory.getObject();
}