Spring WS - Part 5

Spring WS provides an easy integration with various WS-Security features with the help of interceptors like Wss4jSecurityInterceptor, XwsjSecurityInterceptor.

We are going to explore here very basic feature of WS-SECURITY i.e. implementing Security using with UserNameTokenAuthentication
We are going to use Wss4jSecurityInterceptor as it is very easy to configure.

We are going to use configure two interceptors:
1) One for the Server End.
2) Other for the Client End.
For Server End The configuration for Wss4jSecurityInterceptor is as follows:

@Bean
 public Wss4jSecurityInterceptor wss4jSecurityInterceptor()
 {
  /**
   * The SecurementActions for UsernameToken is commented, as the
   * UsernameToken is to be added by the client, the server-side
   * interceptor would only validate that.
   * 
   */

  Wss4jSecurityInterceptor wss4jSecurityInterceptor = new Wss4jSecurityInterceptor();
  wss4jSecurityInterceptor.setValidationActions("UsernameToken");
  //wss4jSecurityInterceptor.setSecurementActions("UsernameToken");
  wss4jSecurityInterceptor.setSecurementUsername("Ernie");
  wss4jSecurityInterceptor.setSecurementPassword("Bert");
  wss4jSecurityInterceptor.setSecurementPasswordType("PasswordText");
  wss4jSecurityInterceptor.setValidationCallbackHandler(callbackHandler());
  return wss4jSecurityInterceptor;
 }

It is added to the list of server side interceptors as:
interceptors.add(wss4jSecurityInterceptor());
For Client End
@Bean
 public Wss4jSecurityInterceptor wss4jSecurityInterceptorClient()
 {

  /* Please note If ValidationActions needs to be mentioned
   * then Validdation CallBack Handler must be there
   */ 


  Wss4jSecurityInterceptor wss4jSecurityInterceptor = new Wss4jSecurityInterceptor();
  //wss4jSecurityInterceptor.setValidationActions("UsernameToken");
  wss4jSecurityInterceptor.setSecurementActions("UsernameToken");
  wss4jSecurityInterceptor.setSecurementUsername("Ernie");
  wss4jSecurityInterceptor.setSecurementPassword("Bert");
  wss4jSecurityInterceptor.setSecurementPasswordType("PasswordText");
  //wss4jSecurityInterceptor.setValidationCallbackHandler(callbackHandler());
  return wss4jSecurityInterceptor;
 }

It is added to the WebServiceTemplate configuration , as when the client invokes the Web Service using this template then, the UserNameToken is added to the request SOAPi Message and thus available to the server side for Validation, with the help of Validation CallBackHandler.

So at the Client side, the interceptor could be added as:

webServiceTemplate.setInterceptors(new ClientInterceptor[]{wss4jSecurityInterceptorClient()});

The Callback Handler can be configured as:

/**
  * Validation CallBack Handler for UserNameToken Authentication
  * 
  */

 @Bean
 public SimplePasswordValidationCallbackHandler callbackHandler()
 {
  SimplePasswordValidationCallbackHandler simplePasswordValidationCallbackHandler = new SimplePasswordValidationCallbackHandler();
  Map userMap = new HashMap();
  userMap.put("admin", "secret");
  userMap.put("user", "pass");
  userMap.put("Ernie","Bert");
  simplePasswordValidationCallbackHandler.setUsersMap(userMap);
  return simplePasswordValidationCallbackHandler;
 }


Here we have used an in-memory implementation i.e. A map for the list of valid UserName & Password Configuration for simplicity. Here we can provide the implementation according to our need. The CallBackHandler implementation used here is SimplePasswordValidationCallbackHandler If we have Spring Security in our application we can also use SpringSecurityPasswordValidationCallbackHandler. Here the Username and Password are being set from UserDetailsService of Spring Security. So awesome right??..

This is in short about WS-Security.

The client that we have used in the whole application is Spring Controller configured in the same application.
@Controller
public class TestController {

 static Logger log = LoggerFactory.getLogger(TestController.class);

 @Autowired
 WebServiceTemplate webServiceTemplate;

 String data;
 
 @PostConstruct
 public void PostConstrut()
 {
  Assert.notNull(webServiceTemplate, "WebServiceTemplate Must not be null");
 }
 
 
 @RequestMapping(value="/testWSService", method=RequestMethod.GET)
 public ModelAndView testWebService(ModelMap model)
 {
  log.debug(" ***** In testWebService() method, Testing Services with Web Service Template ***** ");
  GetCountryRequest getCountryRequest = new ObjectFactory().createGetCountryRequest();
  getCountryRequest.setName("OK");
  FileDataSource fileDataSource = new FileDataSource("/path/to/File/TobeUploaded");
  DataHandler dataHandler = new DataHandler(fileDataSource);
  getCountryRequest.setFile(dataHandler);
  webServiceTemplate.marshalSendAndReceive(getCountryRequest);
  ModelAndView modelAndView = new ModelAndView();
  return modelAndView;
 }
}


The WebServiceTemplate that we have used here is he bean configured in the Configuration. This is used to invoke the Web Service and the rest is just normal bean setting. The Marshalling and Unmarshalling of the parameters are being taked case by the Spring WS.

So this in short about what I explored about Spring Web-Services. I find it really great.

Any Views and Suggestions are always welcome. Please share and untill next time Keep coding and keep sharing..... :-)

Comments

Popular posts from this blog

Use of @Configurable annotation.

Spring WS - Part 4