私はspring-ws-securityの新機能で、ほとんどすべての記事をGoogleとstacktraceで読み込んでいますが、
私は応答XML署名、タイムスタンプを検証してからデータを取得する必要があります。検証をスキップしても問題はありませんが、検証コードを追加するとエラーが発生します。SOAP応答の検証xmlタイムスタンプと署名X509 spring-ws-security
警告:署名または復号化が無効でした。ネストされた例外はorg.apache.ws.security.WSSecurityExceptionです:署名または復号が無効だった
@Configuration
public class SoapClientConfig {
final String generatedResource = "packageName";
@Bean
public KeyStoreCallbackHandler securityCallbackHandler() {
KeyStoreCallbackHandler callbackHandler = new KeyStoreCallbackHandler();
callbackHandler.setPrivateKeyPassword("serverkeystorepassword");
return callbackHandler;
}
@Bean
public Wss4jSecurityInterceptor securityInterceptor() throws Exception {
Wss4jSecurityInterceptor securityInterceptor = new Wss4jSecurityInterceptor();
// set security actions
securityInterceptor.setSecurementActions("Timestamp Signature");
securityInterceptor.setSecurementUsername("clientkeystoreusername");
securityInterceptor.setSecurementPassword("clientkeystorepassword");
//sign both body and timestamp - default body will be signed
securityInterceptor.setSecurementSignatureParts("{}{http://schemas.xmlsoap.org/soap/envelope/}Body;{}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp");
//This will generate binarySecurityToken in header
securityInterceptor.setSecurementSignatureKeyIdentifier("DirectReference");
securityInterceptor.setSecurementSignatureCrypto(getRequestCryptoBean().getObject());
//This is validation code, which is not validating response.
securityInterceptor.setValidationActions("Timestamp Signature");
securityInterceptor.setValidationSignatureCrypto(getResponseCryptoBean().getObject());
securityInterceptor.setValidationCallbackHandler(securityCallbackHandler());
return securityInterceptor;
}
@Bean
public CryptoFactoryBean getRequestCryptoBean() throws IOException, URISyntaxException {
CryptoFactoryBean cryptoFactoryBean = new CryptoFactoryBean();
cryptoFactoryBean.setKeyStorePassword("clientkeystorepassword");
cryptoFactoryBean.setKeyStoreLocation("client.jks");
return cryptoFactoryBean;
}
@Bean
public CryptoFactoryBean getResponseCryptoBean() throws Exception {
CryptoFactoryBean cryptoFactoryBean = new CryptoFactoryBean();
cryptoFactoryBean.setDefaultX509Alias("1");
cryptoFactoryBean.setKeyStorePassword("serverkeystorepassword");
cryptoFactoryBean.setKeyStoreLocation("server.jks");
cryptoFactoryBean.afterPropertiesSet();
return cryptoFactoryBean;
}
@Bean
public Jaxb2Marshaller getMarshaller() {
Jaxb2Marshaller marshaller = new Jaxb2Marshaller();
marshaller.setContextPath(generatedResource);
return marshaller;
}
@Bean
public Card getAvailableCardsClient() throws Exception {
Card memberCard = new Card();
memberCard.setMarshaller(getMarshaller());
memberCard.setUnmarshaller(getMarshaller());
//Set timeout for soap service
HttpComponentsMessageSender sender = new HttpComponentsMessageSender();
sender.setConnectionTimeout(2000);
sender.setReadTimeout(2000);
memberCard.setMessageSender(sender);
//end timeout
memberCard.setDefaultUri("url");
//add interceptor for adding and validating signature
ClientInterceptor[] interceptors = new ClientInterceptor[]{securityInterceptor()};
memberCard.setInterceptors(interceptors);
return memberCard;
}
}
** server.jksは、サーバの公開鍵が含まれています。また、この認証はX509証明書です。 回答を検証する方法を理解してください。