使用相互SSL的SOAP - 如何通过凭据发送? [英] SOAP with mutual SSL - how to send over credentials?
问题描述
public class ResLookupGetService extends Service {
ServerServicePortType getServerServicePort();
}
public interface ServerServicePortType {
ServerServiceResponse doSoapMethod(RequestObject request, ParamObject parameters);
}
ServerServicePortType service = new ServerServiceGetService().getServerServicePort();
ServerServiceResponse response = service.doSoapMethod(request, parameters);
上述代码适用于在需要相互SSL加密之前调用我的SOAP服务。
The above code works fine for invoking my SOAP service before mutual SSL encryption is required.
一旦打开,我尝试创建一个SSL上下文并设置如下:
Once it's turned on, I try creating an SSL Context and setting it like so:
ServerServicePortType service = new ServerServiceGetService().getServerServicePort();
BindingProvider bindingProvider = (BindingProvider) service;
bindingProvider.getRequestContext().put(
"com.sun.xml.internal.ws.transport.https.client.SSLSocketFactory",
getSslContext().getSocketFactory());
ServerServiceResponse response = service.doSoapMethod(request, parameters);
以及创建 SSLContext 的代码:
public SSLContext getSslContext(String keyStorePath, String keyStoreType, String trustStorePath) {
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
InputStream ksis = ClassLoader.getSystemResourceAsStream(keyStorePath);
keyStore.load(ksis, "mypassword".toCharArray());
ksis.close();
KeyStore trustStore = KeyStore.getInstance("JKS");
InputStream tsis = ClassLoader.getSystemResourceAsStream(trustStorePath);
trustStore.load(tsis, "mypassword".toCharArray());
tsis.close();
TrustManagerFactory tmf =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(trustStore);
KeyManagerFactory kmf =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(keyStore, "mypassword".toCharArray());
sslContext = SSLContext.getInstance("TLS");
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
return sslContext;
}
但它似乎没有正确传递我的凭据。我是否正确设置了这个?
But it doesn't seem to be passing my credentials correctly. Am I setting this correctly?
谢谢
推荐答案
原来,使用 BindingProvider 什么都不做(或者至少我不能将它用到它产生差异的地方)。
Turns out, using the BindingProvider does nothing (or at least I couldn't use it to a point where it made a difference).
在调用Web服务的调用之前,我只需设置这些系统属性:
Prior to the calls invoking the web service, I simply set these system properties:
private void setSystemProps() {
String keyStoreFileName = "ssl/clientKeyStore.jks";
String keyStorePath = ClassLoader.getSystemResource(keyStoreFileName).getPath();
String keyStoreType = "JKS";
String keyStorePassword = "mypassword";
String trustStoreFileName = "ssl/clientTruststore.jks";
String trustStorePath = ClassLoader.getSystemResource(trustStoreFileName).getPath();
String trustStoreType = "JKS";
String trustStorePassword = "mypassword";
Properties systemProps = System.getProperties();
systemProps.put("javax.net.ssl.keyStore", keyStorePath);
systemProps.put("javax.net.ssl.keyStorePassword", trustStorePassword);
systemProps.put("javax.net.ssl.keyStoreType", keyStoreType);
systemProps.put("javax.net.ssl.trustStore", trustStorePath);
systemProps.put("javax.net.ssl.trustStoreType", trustStoreType);
systemProps.put("javax.net.ssl.trustStorePassword", keyStorePassword);
System.setProperties(systemProps);
}
然后我可以正常进行服务电话:
Then I can do the service call like normal:
ServerServicePortType service = new ServerServiceGetService().getServerServicePort();
ServerServiceResponse response = service.doSoapMethod(request, parameters);
值得注意的是,当我设置系统属性时,他们接受任何对象作为值,我最初错误地将其设置为URL对象而不是String。
It's worth noting that when I was setting the System Properties, they accept any Object as the value, and I was incorrectly originally setting it to a URL object rather than a String.
所以 trustStorePath 和 keyStorePath 变量被设置为 .getPath()值,是一个绝对文件路径,例如:
So the trustStorePath and keyStorePath variables are being set to the .getPath() value, which is an absolute file path, such as:
"/Users/username/path/to/directory/with/ssl/clientKeyStore.jks"
现在一切正常。
这篇关于使用相互SSL的SOAP - 如何通过凭据发送?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
