JaxWsPortProxyFactoryBean with X.509 client authentication - $25 Amazon gift offered

[pinotNoir]

Hi,

This is a duplicate entry of http://forum.springsource.org/showthread.php?t=84281.
As I am really stuck here I wanted to offer some incentive: I will offer a $25 Amazon gift card for the first answer that really helps me out here! Many thanks in advance!

Can somebody please give a hint on how to use the
org.springframework.remoting.jaxws.JaxWsPortProxyF actoryBean with X.509 client authentication ?

From the reference documentation and the API perspective, there does not seem to be built-in support. Am I wrong?

I am looking for a hook where I could ovverride a class/method to set a custom TrustStore, SchemeRegistry or a httpClient (or of course directly inject it...).


Many thanks in advance for your help!

[Marten Deinum]

In general you shouldn't need that, it should be enough to specify the 'endpointAddress' and include https in there, next to that configure the location and password for your truststore/certstore and you should be good to go.

[pinotNoir]

Hi Marten, many thanks for your reply!

In general you shouldn't need that, it should be enough to specify the 'endpointAddress' and include https in there, next to that configure the location and password for your truststore/certstore and you should be good to go.

Unfortunately I do not find properties for the password and location for truststore/certstore on JaxWsPortProxyFactoryBean and its superclasses.
"Next to" 'endpointAddress' in JaxWsPortClientInterceptor I only found 'username'/'password' for basic authentication, but I did not find truststore-related setters.
Can you please indicate more precisely where I can configure this?

Many thanks in advance !

PS:
From my understanding, the 'endpointAddress' is taken out of the .wsdl file you specify with 'wsdlDocumentUrl'. This URL starts with https. I have also traces that the service gets accessed at the right URL.
I tried nevertheless to also set the 'endpointAddress', which I found can override the value in the wsdl file.

[Marten Deinum]

You don't specify that on the JaxWsPortProxyFactoryBean you speficy the truststore/certstore as jvm parameters. Sample not using JaxWsPortProxyFactoryBean but this is more or less SSL (clientside) in general. Simply specify the correct jvm parameters and make sure the stores are setup correctly.

[pinotNoir]

Hi, many thanks again for your response!

I understand now that you meant the standard way of configuring the keystore in JVM. Unfortunately this is not possible in this project because
- the application needs to manage different keystores for different services, and you must be able to make sure which one is used for which connection or operation
- the policy of the target production environment prohibites the use of credential information in start-up parameters (all credential information come from scrambled spring configuration files accessed by a custom implementation of the PropertyPlaceholder)

On other places in Spring, I managed to find hooks to set the trustStore, to override the SSLSchemeRegistry or the httpClient that is used, but here I didn't - and that's precisely my question.
The goal is to configure the truststore for JaxWsPortProxyFactoryBean in Spring.
That's why I was asking for hooks or properties that I can inject.

Any ideas here? I thought that if you are able to set the user/password for doing basic auth, there would be a way to override classes and/or inject properties to specify the truststore used?

Many thanks again for your help!

[Marten Deinum]

Well as you already noticed you cannot, if you want that you will need to create your own implementation. This implementation simply uses the api available through Jax-WS which is only setting the username/password.

You might have some success using the JaxWsPortProxyFactoryBean from the xfire project (at least I believe they have one) but else you are basically on your own to implement this.