使用Spring在客户端签署SOAP请求 [英] Sign SOAP request on client-side with Spring

问题描述

我已阅读有关保护您的网络服务的Spring文档使用Spring-WS 但它看起来好像文章只是关于服务器端而不是客户端。实际上，它对于服务器端的工作正常 Wss4jSecurityInterceptor 但是我需要向外部Web服务签署一个请求。

I have read the Spring doc regarding Securing your Web services with Spring-WS but it looks for me as if the article is just regarding server side and not client side. Indeed, it is working fine for server side with Wss4jSecurityInterceptor but I need to sign a request to an external Web service.

所以，第一个问题。我是对的，Spring Web Services文档的第7章只适用于服务器端吗？

So, first question. Am I right and chapter 7 of Spring Web Services documentation just apply to server side?

其次。使用Spring以类似（简单，优雅）的方式向客户端的SOAP请求添加安全性（如签名标头）是否可能在服务器端如何完成？

Second. It is possible, to add security, like signed headers, to SOAP requests on client side with Spring in a way similar (simple, elegant) to how it is done on server side?

我找到了这个问题，但看起来签名是使用Apache CXF和文章签名以自制方式完成。

I have found this question but it looks like signing is done with Apache CXF and this article where signing is done in a home made way.

提前致谢。

推荐答案

好吧，我恐怕会回答我自己的问题：

Well, I am afraid I am going to answer my own questions:

第一个

First one: NO. Chapter 7 of Spring Web Services documentation is about both sides, client and server.

第二个：根据fisrt问题的答案， 是，正如Spring Web Services文档第7章所述。

Second one: Acording with the answer to the fisrt question, YES, as it is described on chapter 7 of Spring Web Services documentation.

我的错误是我以这种方式声明拦截器：

My error was that I was declaring interceptor in this way:

<sws:interceptors>
    <ref bean="wsSecurityInterceptor" />
</sws:interceptors>

这个拦截器只会影响服务器端的Web服务。对于客户，它应该以这种方式完成：

and this interceptors just affect to server-side Web services. For clients it should be done in this way:

<bean id="webServiceTemplate" class="org.springframework.ws.client.core.WebServiceTemplate">
    <property name="marshaller" ref="marshaller" />
    <property name="unmarshaller" ref="marshaller" />
    <property name="defaultUri"
        value="http://localhost:8080/ws-demo/myws" />
    <property name="interceptors">
        <list>
            <ref bean="wsSecurityInterceptor" />
        </list>
    </property>
</bean>

这篇关于使用Spring在客户端签署SOAP请求的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！