Sending a SOAP Request and simultaneously doing basic authentication

[Philroc]

Hello,
is there a way in Spring Integration to make a SOAP request, say, on a MS Exchange Server (eg, https://mymailserver.com/ews), and do basic authentication by sending it a user name and password at the same time?
Many thanks.
Philroc

[Cleric]

Hi and here too!

So, what you need is just here:

HTML Code:

<bean id="messageSender" class="org.springframework.ws.transport.http.CommonsHttpMessageSender">
		<property name="credentials">
			<bean class="org.apache.commons.httpclient.UsernamePasswordCredentials">
				<constructor-arg value="login"/>
				<constructor-arg value="password"/>
			</bean>
		</property>
	</bean>

<ws:outbound-gateway uri="https://mymailserver.com/ews" message-sender="messageSender"/>

You should understand that Spring Integration WS module organically integrates with Spring-WS framework, as and many other Spring Integration components integrate with underlying Spring Project, e.g. Spring MVC or Spring Data MongoDB...

However I see you mention HTTPS, so maybe you will should add the sertificate from MS Exchange Server into your SSL Trust Store.

Take care,
Artem

[Philroc]

Thanks for your reply, Artem.

I have followed the instructions in the following article

http://stackoverflow.com/questions/7...ps-using-jsoup)

to retrieve a certificate from an https server and store it in a Java key store.

I have imported my server's certificate into a key store created in my home directory, and added the following beans to my spring-integration-context.xml file.

<bean id="keyStoreHandler" class="org.springframework.ws.soap.security.xwss.c allback.KeyStoreCallbackHandler">
<property name="trustStore" ref="trustStore"/>
</bean>

<bean id="trustStore" class="org.springframework.ws.soap.security.suppor t.KeyStoreFactoryBean">
<property name="location" value="/home/philroc/*.company.com.jks"/>
<property name="password" value="xxxx"/>
</bean>

Unfortunately, when I run my Spring Integration program, I get a 401 error. Do I need to add more security beans?

Any clues?

[Cleric]

Hi!

The first one: you need to add XwsSecurityInterceptor to your config, inject it with 'keyStoreHandler' and refer it from:

HTML Code:

<ws:outbound-gateway uri="https://mymailserver.com/ews" message-sender="messageSender"
interceptor="xwsSecurityInterceptor"/>

http://static.springsource.org/sprin.../security.html

From other side: HTTP Code 401 means Unauthorized Request. So, it sounds like you don't provide login/password, as your general question of this topic. But I've answered to it already...

And about SSL: I do it like this:

Code:

-Djavax.net.ssl.trustStore=%PATH_TO_TRUST_STORE%

As a replacement of standart variable for Java on start of my application...

[Philroc]

HI Cleric,

thanks for your reply.

Here's my spring-integration-context.xml file so far:

<contextroperty-placeholder location="client.properties" />

<!-- Authentication -->
<bean id="messageSender" class="org.springframework.ws.transport.http.Commo nsHttpMessageSender" >
<property name="credentials">
<bean class="org.apache.commons.httpclient.UsernamePassw ordCredentials">
<constructor-arg value="the_user"/>
<constructor-arg value="the_password"/>
</bean>
</property>
</bean>

<int:channel id="serviceRequestChannel"/>

<int-ws:outbound-gateway
id="aService"
request-channel="serviceRequestChannel"
reply-channel="serviceResponseChannel"
uri="https://mailserver.com/ews"
message-sender="messageSender"
interceptor="xwsSecurityInterceptor"
/>

<int:channel id="serviceResponseChannel">
<int:queue capacity="10"/>
</int:channel>

<bean id="keyStoreHandler" class="org.springframework.ws.soap.security.xwss.c allback.KeyStoreCallbackHandler">
<property name="trustStore" ref="trustStore"/>
</bean>

<bean id="trustStore" class="org.springframework.ws.soap.security.suppor t.KeyStoreFactoryBean">
<property name="location" value="classpath*:META-INF/spring/integration/keystore.jks"/>
<property name="password" value="the_password"/>
</bean>

<bean id="xwsSecurityInterceptor"
class="org.springframework.ws.soap.security.xwss.X wsSecurityInterceptor">
<property name="policyConfiguration" value="classpath:securityPolicy.xml"/>
<property name="callbackHandlers">
<list>
<ref bean="keyStoreHandler"/>
</list>
</property>
</bean>

</beans>

What should I put in the securityPolicy.xml file?

Will this setup handle NTLM authentication?

Philroc

[Cleric]

What should I put in the securityPolicy.xml file?

Here http://docs.oracle.com/cd/E17802_01/...ityIntro4.html

Will this setup handle NTLM authentication?

As I understand by Google it is something as Single Sigh-On from Microsoft. But is a responsibility of server-silde.
And here you ask questions about client-side.
I recommend you ask these questions on the Spring-Web-Services.
Sorry, I'm not fully competent in XWS and this forum is about Spring Integration...

Good luck!

[dturanski]

WS Security can be very tricky. However you may want to try wss4j:

Code:

<bean id="wsSecurityInterceptor"
		class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
		<property name="securementActions" value="UsernameToken" />
		<property name="securementUsername"
			value="${username}" />
		<property name="securementPassword" value="${password}" />
		<property name="securementPasswordType" value="PasswordText" />
	</bean>

[AvinashMunaga]

Hi,

I am also stuck with same kind of problem. I have a SOAP web service(secured with password) which I am trying to access using ws:outbound-gateway. Here is my config file looks like below.

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:int="http://www.springframework.org/schema/integration"
xmlns:int-http="http://www.springframework.org/schema/integration/http"
xmlns:stream="http://www.springframework.org/schema/integration/stream"
xmlns:ws="http://www.springframework.org/schema/integration/ws"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schem...ring-beans.xsd
http://www.springframework.org/schema/integration
http://www.springframework.org/schem...ntegration.xsd
http://www.springframework.org/schem...gration/stream
http://www.springframework.org/schem...ion-stream.xsd
http://www.springframework.org/schema/integration/ws
http://www.springframework.org/schem...gration-ws.xsd
http://www.springframework.org/schema/integration/http
http://www.springframework.org/schema/integration/http/spring-integration-http.xsd">

<int:channel id="inputchannel" />
<int:chain input-channel="inputchannel" output-channel="responseChannel">
<ws:header-enricher>
<ws:soap-action
value="http://test.org/PointOfSale/GetAccountListForName" />
</ws:header-enricher>
<ws:outbound-gateway message-sender="messageSender"
uri="https://localhost:9080/services/PointOfSale.asmx?WSDL" />
</int:chain>

<bean id="httpClientParams" class="org.apache.commons.httpclient.params.HttpCl ientParams">
<property name="authenticationPreemptive" value="true" />
<property name="connectionManagerClass"
value="org.apache.commons.httpclient.MultiThreaded HttpConnectionManager" />
</bean>
<bean id="httpClient" class="org.apache.commons.httpclient.HttpClient">
<constructor-arg ref="httpClientParams" />
</bean>

<bean id="messageSender"
class="org.springframework.ws.transport.http.Commo nsHttpMessageSender">
<constructor-arg ref="httpClient" />
<property name="credentials">
<bean class="org.apache.commons.httpclient.UsernamePassw ordCredentials">
<constructor-arg value="username" />
<constructor-arg value="password" />
</bean>
</property>
</bean>

<int:channel id="responseChannel">
<int:queue capacity="10" />
</int:channel>


</beans>

But, I got an error while sending the request.

[1/3/13 20:01:12:913 IST] 00000026 SystemErr R org.springframework.integration.MessageHandlingExc eption: error occurred in message handler [org.springframework.integration.ws.SimpleWebServic eOutboundGateway#79437943]
[1/3/13 20:01:12:913 IST] 00000026 SystemErr R at org.springframework.integration.handler.AbstractMe ssageHandler.handleMessage(AbstractMessageHandler. java:79)
[1/3/13 20:01:12:914 IST] 00000026 SystemErr R at org.springframework.integration.handler.MessageHan dlerChain$1.send(MessageHandlerChain.java:154)
[1/3/13 20:01:12:914 IST] 00000026 SystemErr R at org.springframework.integration.core.MessagingTemp late.doSend(MessagingTemplate.java:288)
[1/3/13 20:01:12:914 IST] 00000026 SystemErr R at org.springframework.integration.core.MessagingTemp late.send(MessagingTemplate.java:149)
.
.
.
..........
[1/3/13 20:01:12:920 IST] 00000026 SystemErr R at com.ibm.io.async.ResultHandler$2.run(ResultHandler .java:905)
[1/3/13 20:01:12:921 IST] 00000026 SystemErr R at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.j ava:1613)

[1/3/13 20:01:12:921 IST] 00000026 SystemErr R Caused by: org.springframework.ws.soap.client.SoapFaultClient Exception: System.Web.Services.Protocols.SoapException: Object reference not set to an instance of an object.
at Artizan.Webservices.ServiceHost.Advice.PointOfSale .ExceptionInterceptor.AfterThrowing(Exception exception) in D:\work\workspace\visual-studio\Artizan.Webservices\trunk\src\Artizan.Webse rvices.ServiceHost\Advice.PointOfSale\ExceptionInt erceptor.cs:line 45
at Spring.Aop.Framework.Adapter.ThrowsAdviceIntercept or.InvokeHandlerMethod(IMethodInvocation invocation, Exception triggeringException, MethodInfo handlerMethod) in c:\_svn\spring-net\tags\spring-net-1.3.1\src\Spring\Spring.Aop\Aop\Framework\Adapter\ ThrowsAdviceInterceptor.cs:line 316
at Spring.Aop.Framework.Adapter.ThrowsAdviceIntercept or.LookupAndInvokeAnyHandler(Exception ex, IMethodInvocation invocation) in c:\_svn\spring-net\tags\spring-net-1.3.1\src\Spring\Spring.Aop\Aop\Framework\Adapter\ ThrowsAdviceInterceptor.cs:line 244
at Spring.Aop.Framework.Adapter.ThrowsAdviceIntercept or.Invoke(IMethodInvocation invocation) in c:\_svn\spring-net\tags\spring-net-1.3.1\src\Spring\Spring.Aop\Aop\Framework\Adapter\ ThrowsAdviceInterceptor.cs:line 234
at Spring.Aop.Framework.AbstractMethodInvocation.Proc eed() in c:\_svn\spring-net\tags\spring-net-1.3.1\src\Spring\Spring.Aop\Aop\Framework\Abstract MethodInvocation.cs:line 284
at Spring.Aop.Framework.DynamicProxy.AdvisedProxy.Inv oke(Object proxy, Object target, Type targetType, MethodInfo targetMethod, MethodInfo proxyMethod, Object[] args, IList interceptors) in c:\_svn\spring-net\tags\spring-net-1.3.1\src\Spring\Spring.Aop\Aop\Framework\DynamicP roxy\AdvisedProxy.cs:line 208
at CompositionAopProxy_9ca998754eeb44f998a02ee215d15b 9e.GetAccountListForName(GetAccountListForNameRequ est request)
at PointOfSale.GetAccountListForName(GetAccountListFo rNameRequest request)
[1/3/13 20:01:12:921 IST] 00000026 SystemErr R at org.springframework.ws.soap.client.core.SoapFaultM essageResolver.resolveFault(SoapFaultMessageResolv er.java:37)
[1/3/13 20:01:12:921 IST] 00000026 SystemErr R at org.springframework.ws.client.core.WebServiceTempl ate.handleFault(WebServiceTemplate.java:735)
[1/3/13 20:01:12:921 IST] 00000026 SystemErr R at org.springframework.ws.client.core.WebServiceTempl ate.doSendAndReceive(WebServiceTemplate.java:563)
[1/3/13 20:01:12:921 IST] 00000026 SystemErr R at org.springframework.ws.client.core.WebServiceTempl ate.sendAndReceive(WebServiceTemplate.java:501)
[1/3/13 20:01:12:922 IST] 00000026 SystemErr R at org.springframework.integration.ws.SimpleWebServic eOutboundGateway.doHandle(SimpleWebServiceOutbound Gateway.java:88)
[1/3/13 20:01:12:922 IST] 00000026 SystemErr R at org.springframework.integration.ws.AbstractWebServ iceOutboundGateway.handleRequestMessage(AbstractWe bServiceOutboundGateway.java:176)
[1/3/13 20:01:12:922 IST] 00000026 SystemErr R at org.springframework.integration.handler.AbstractRe plyProducingMessageHandler.handleMessageInternal(A bstractReplyProducingMessageHandler.java:97)
[1/3/13 20:01:12:922 IST] 00000026 SystemErr R at org.springframework.integration.handler.AbstractMe ssageHandler.handleMessage(AbstractMessageHandler. java:73)
[1/3/13 20:01:12:922 IST] 00000026 SystemErr R ... 65 more

I have also used interceptor like this, but this also didn't work.

<bean id="wss4jSecurityInterceptor"
class="org.springframework.ws.soap.security.wss4j. Wss4jSecurityInterceptor">
<property name="securementActions" value="UsernameToken" />
<property name="securementUsername" value="OmigService" />
<property name="securementPassword" value="Omig#3021!" />
<property name="securementPasswordType" value="PasswordText" />
</bean>

Also, to mention, I get correct response back from Web Service when I use SOAPUI or any other Web Service client.

Can some one let me know the cause of the exception and how to resolve it?

Thanks,
Avinash

[Gary Russell]

Please don't post the same question in several places. Answered on the new thread http://forum.springsource.org/showth...tbound-gateway