2

I have read the Spring doc regarding Securing your Web services with Spring-WS but it looks for me as if the article is just regarding server side and not client side. Indeed, it is working fine for server side with Wss4jSecurityInterceptor but I need to sign a request to an external Web service.

So, first question. Am I right and chapter 7 of Spring Web Services documentation just apply to server side?

Second. It is possible, to add security, like signed headers, to SOAP requests on client side with Spring in a way similar (simple, elegant) to how it is done on server side?

I have found this question but it looks like signing is done with Apache CXF and this article where signing is done in a home made way.

Thanks in advance.

Community
  • 1
  • 1
jddsantaella
  • 3,657
  • 1
  • 23
  • 39

1 Answers1

2

Well, I am afraid I am going to answer my own questions:

First one: NO. Chapter 7 of Spring Web Services documentation is about both sides, client and server.

Second one: Acording with the answer to the fisrt question, YES, as it is described on chapter 7 of Spring Web Services documentation.

My error was that I was declaring interceptor in this way:

<sws:interceptors>
    <ref bean="wsSecurityInterceptor" />
</sws:interceptors>

and this interceptors just affect to server-side Web services. For clients it should be done in this way:

<bean id="webServiceTemplate" class="org.springframework.ws.client.core.WebServiceTemplate">
    <property name="marshaller" ref="marshaller" />
    <property name="unmarshaller" ref="marshaller" />
    <property name="defaultUri"
        value="http://localhost:8080/ws-demo/myws" />
    <property name="interceptors">
        <list>
            <ref bean="wsSecurityInterceptor" />
        </list>
    </property>
</bean>
jddsantaella
  • 3,657
  • 1
  • 23
  • 39