Search code examples
springweb-servicessoapspring-securityspring-ws

Implementing WS-I Basic Profile in Spring WS

My Project uses Spring WS to consume a SOAP Webservice. Webservice calls are sent via webServiceTemplate.marshalSendAndReceive(..) It all works fine until now.

Recently the Webservice publisher had informed us to implement WS-I Basic Profile 1.1 in order to be able to get responses.

Following is the sample received which is supposedly to be sent on SOAP Header of the request.

<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
    <wsse:UsernameToken>
        <wsse:Username> </wsse:Username>
        <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"> </wsse:Password>
    </wsse:UsernameToken>
</wsse:Security>

Is there an example to configure this ? How do I proceed with Spring-WS Security in this scenario?

Any pointers would be appreciated.

Solution

  • Managed to find it out by myself.

    Here is the approach.

    1. Declare the bean for Wss4jSecurityInterceptor (this is basically available in spring-ws-security jar) Provide Credentials via securementUsername, securementPassword properties of the bean.

    Also importantly set the securementActions to 'UsernameToken' (which is what i needed , just user name and password to be sent in WS-I Basic Profile Header)

    There are many other SecurementAction available for securementActions. (Please refer to http://docs.spring.io/spring-ws/site/reference/html/security.html)

    1. Include the Wss4jSecurityInterceptor bean in the webserviceTemplate's interceptor property.

    2. Voila !

    Example Configuration

    <bean id="wsSecurityInterceptor"
    class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
    <property name="securementActions" value="UsernameToken" />
    <property name="securementUsername" value="${security.username}" />
    <property name="securementPasswordType" value="PasswordText" />
    <property name="securementPassword" value="${security.password}" />
    <property name="securementMustUnderstand" value="false" />
</bean>

<bean id="webServiceTemplate" class="org.springframework.ws.client.core.WebServiceTemplate"
    p:defaultUri="${service.endpt}" p:marshaller-ref="myServiceMarshaller"
    p:unmarshaller-ref="myServiceMarshaller">
    <property name="interceptors">
        <list>
            <ref local="wsSecurityInterceptor" />
            ..
        </list>
    </property>
</bean>