How to configure a truststore for POX client?

**username9** · Jul 29th, 2011, 12:26 PM

I have a jssecacerts file I need to configure for my POX client. How would I go about doing that?

My template:

Code:

<bean id="poxMessageFactory" class="org.springframework.ws.pox.dom.DomPoxMessageFactory" />

<bean id="webServiceTemplate" class="org.springframework.ws.client.core.WebServiceTemplate">
    <constructor-arg ref="poxMessageFactory"/>
    <property name="messageSender">
        <bean class="org.springframework.ws.transport.http.CommonsHttpMessageSender" />
    </property>
    <property name="defaultUri" value="https://some.com/service"/>
    <property name="marshaller" ref="jaxb2Marshaller" />
    <property name="unmarshaller" ref="jaxb2Marshaller" />
</bean>

**pilerou** · Jul 30th, 2011, 04:07 AM

i tried to do it as defined on this page http://static.springsource.org/sprin.../security.html.
I used wss interceptor. Unfortunately, when i logged ssl debug, it seemed that my configuration wasn't used.
So i considered to customized httpclient classes and using the deprecated librairies httpclient-contrib-ssl, i managed to use a custom keystore as truststore.

Otherwise, you can add your certificates in you cacerts file in JAVA.

**username9** · Aug 1st, 2011, 11:16 AM

pilerou, could you paste a wiring example of your implementation of your custom truststore?

**username9** · Aug 2nd, 2011, 02:40 AM

i take it there is no "easy" way to do this...

can someone please post a working example?

**pilerou** · Aug 2nd, 2011, 03:37 AM

actually, i'm not sure it's the better way to do it (using deprecated librairies and old httpclient (3.1 instead of 4.1) is not very good solution for the future.
I was hurried to have something working.
The good question is : why the spring wss interceptor didn't use my keyStore and trustStore configuration during signature ?
I logged ssl debug and i didn't manage to see my configuration used.

If you manage to make it work...

**username9** · Aug 2nd, 2011, 10:50 AM

I also tried the KeyStoreFactoryBean approach:

Code:

<bean id="keyStoreHandler" class="org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler">
        <property name="trustStore" ref="trustStore"/>
    </bean>

<bean id="trustStore" class="org.springframework.ws.soap.security.support.KeyStoreFactoryBean">
	    <property name="location" value="classpath:my/path/to/jssecacerts"/>
	</bean>

I notice this only exist down the SOAP packaging, but none for POX.

The other thing I notice is that it didn't load my jssecacerts file. Here's what appear in my logs:

2011-08-02 09:46:47,469 INFO [org.springframework.ws.soap.security.support.KeySt oreFactoryBean] - Loading key store from class path resource [my/path/to/jssecacerts]
2011-08-02 09:46:47,485 WARN [org.springframework.ws.soap.security.support.KeySt oreFactoryBean] - Creating empty key store

It almost look like it doesn't know what to do with the file. Ideas?

**david beckman** · Aug 8th, 2011, 02:37 AM

How to configure a truststore for POX client?

<bean id="poxMessageFactory" class="org.springframework.ws.pox.dom.DomPoxMessag eFactory" />

<bean id="webServiceTemplate" class="org.springframework.ws.client.core.WebServi ceTemplate">
<constructor-arg ref="poxMessageFactory"/>
<property name="messageSender">
<bean class="org.springframework.ws.transport.http.Commo nsHttpMessageSender" />
</property>
<property name="defaultUri" value="https://some.com/service"/>
<property name="marshaller" ref="jaxb2Marshaller" />
<property name="unmarshaller" ref="jaxb2Marshaller" />
</bean>

**pilerou** · Aug 8th, 2011, 03:46 AM

It should work with wss4j interceptor but i never achieve to make it work.
With Pox or another message factory.
Is there anyone who did it with interceptors as Spring WS suggests to do it ?
Is there a tip ?

**jeze** · Aug 9th, 2011, 08:48 AM

I think you might need to add the interceptors property to the webServiceTemplate definition:

Code:

<bean id="webServiceTemplate" class="org.springframework.ws.client.core.WebServi ceTemplate">
<constructor-arg ref="poxMessageFactory"/>
<property name="messageSender">
<bean class="org.springframework.ws.transport.http.Commo nsHttpMessageSender" />
</property>
        <property name="interceptors">
            <list>
                <ref bean="myWSSecurityInterceptor" />
            </list>
        </property>
<property name="defaultUri" value="https://some.com/service"/>
<property name="marshaller" ref="jaxb2Marshaller" />
<property name="unmarshaller" ref="jaxb2Marshaller" />
</bean>

Thread: How to configure a truststore for POX client?

Thread Tools

Display

How to configure a truststore for POX client?

Tags for this Thread

Posting Permissions