Spring WS 客户端 — 使用 KeyStore/TrustStore 和凭据进行身份验证(基本身份验证)
Spring WS Client — Authentication using KeyStore/TrustStore and Credentials (Basic Auth)
我有一个 Spring WS 客户端需要使用 keystore/trustore 组合和基本身份验证进行身份验证。
这是我目前拥有的相关 Spring 配置:
@Configuration
public class SpringWSConfig {
@Bean
public Jaxb2Marshaller jaxb2Marshaller() {
Jaxb2Marshaller marshaller = new Jaxb2Marshaller();
marshaller.setPackagesToScan("io.shido.credit.domain");
return marshaller;
}
@Bean
public WebServiceTemplate webServiceTemplate() throws Exception {
final WebServiceTemplate template = new WebServiceTemplate(jaxb2Marshaller(), jaxb2Marshaller());
template.setDefaultUri("https://domain.tld/SVC/data");
//template.setMessageSenders(new WebServiceMessageSender[]{ messageSender(), messageSender2() });
//template.setInterceptors(new ClientInterceptor[] { wss4jSecurityInterceptor() });
template.setMessageSender(messageSender());
return template;
}
@Bean
public HttpsUrlConnectionMessageSender messageSender() throws Exception {
HttpsUrlConnectionMessageSender messageSender = new HttpsUrlConnectionMessageSender();
messageSender.setTrustManagers(trustManagersFactoryBean().getObject()); // set the trust store(s)
messageSender.setKeyManagers(keyManagersFactoryBean().getObject()); // set the key store(s)
return messageSender;
}
这适用于 keystore/trustore 部分。我能够成功进行 SSL 握手,但现在我收到 HTTP 401(未授权)。所以我尝试了:
- 要有多个
senders;其中之一 HttpComponentsMessageSender 上面有用户名和密码...但它不起作用
- 用一些
Wss4jSecurityInterceptor config/settings 配置 ClientInterceptor...也不起作用
- 要使用从
HttpsUrlConnectionMessageSender 继承的发件人,请添加 username 和 password 字段,覆盖 prepareConnection 并设置 connection.setRequestProperty 以使用 Authorization header。这次我得到一个 HTTP 405(方法不允许)
任何线索如何做到这一点?
我最终创建了一个新的 class 并将其作为 message sender 注入到 Spring 的 WebServiceTemplate 中。这解决了 HTTP 401 (Unauthorized) — 不太记得 HTTP 405 (Method Not Allowed).
@Bean
public HttpsUrlConnectionMessageSender messageSender() throws Exception {
HttpsUrlConnectionMessageSender messageSender = new BasicAuthHttpsConnectionMessageSender(username, password);
// ...
return messageSender;
}
// You might need org.springframework.ws:spring-ws-support in order to
// have HttpsUrlConnectionMessageSender
public final class BasicAuthHttpsConnectionMessageSender extends HttpsUrlConnectionMessageSender {
private String b64Creds;
public BasicAuthHttpsConnectionMessageSender(String username, String password) {
b64Creds = Base64.getUrlEncoder().encodeToString((username + ":" + password).getBytes(StandardCharsets.UTF_8));
}
@Override
protected void prepareConnection(HttpURLConnection connection) throws IOException {
connection.setRequestProperty(HttpHeaders.AUTHORIZATION, String.format("Basic %s", b64Creds));
super.prepareConnection(connection);
}
}
另请参阅 了解更多信息。两者是相关的(如果不是几乎相同的话)。
我有一个 Spring WS 客户端需要使用 keystore/trustore 组合和基本身份验证进行身份验证。
这是我目前拥有的相关 Spring 配置:
@Configuration
public class SpringWSConfig {
@Bean
public Jaxb2Marshaller jaxb2Marshaller() {
Jaxb2Marshaller marshaller = new Jaxb2Marshaller();
marshaller.setPackagesToScan("io.shido.credit.domain");
return marshaller;
}
@Bean
public WebServiceTemplate webServiceTemplate() throws Exception {
final WebServiceTemplate template = new WebServiceTemplate(jaxb2Marshaller(), jaxb2Marshaller());
template.setDefaultUri("https://domain.tld/SVC/data");
//template.setMessageSenders(new WebServiceMessageSender[]{ messageSender(), messageSender2() });
//template.setInterceptors(new ClientInterceptor[] { wss4jSecurityInterceptor() });
template.setMessageSender(messageSender());
return template;
}
@Bean
public HttpsUrlConnectionMessageSender messageSender() throws Exception {
HttpsUrlConnectionMessageSender messageSender = new HttpsUrlConnectionMessageSender();
messageSender.setTrustManagers(trustManagersFactoryBean().getObject()); // set the trust store(s)
messageSender.setKeyManagers(keyManagersFactoryBean().getObject()); // set the key store(s)
return messageSender;
}
这适用于 keystore/trustore 部分。我能够成功进行 SSL 握手,但现在我收到 HTTP 401(未授权)。所以我尝试了:
- 要有多个
senders;其中之一HttpComponentsMessageSender上面有用户名和密码...但它不起作用 - 用一些
Wss4jSecurityInterceptorconfig/settings 配置ClientInterceptor...也不起作用 - 要使用从
HttpsUrlConnectionMessageSender继承的发件人,请添加username和password字段,覆盖prepareConnection并设置connection.setRequestProperty以使用Authorizationheader。这次我得到一个 HTTP 405(方法不允许)
任何线索如何做到这一点?
我最终创建了一个新的 class 并将其作为 message sender 注入到 Spring 的 WebServiceTemplate 中。这解决了 HTTP 401 (Unauthorized) — 不太记得 HTTP 405 (Method Not Allowed).
@Bean
public HttpsUrlConnectionMessageSender messageSender() throws Exception {
HttpsUrlConnectionMessageSender messageSender = new BasicAuthHttpsConnectionMessageSender(username, password);
// ...
return messageSender;
}
// You might need org.springframework.ws:spring-ws-support in order to
// have HttpsUrlConnectionMessageSender
public final class BasicAuthHttpsConnectionMessageSender extends HttpsUrlConnectionMessageSender {
private String b64Creds;
public BasicAuthHttpsConnectionMessageSender(String username, String password) {
b64Creds = Base64.getUrlEncoder().encodeToString((username + ":" + password).getBytes(StandardCharsets.UTF_8));
}
@Override
protected void prepareConnection(HttpURLConnection connection) throws IOException {
connection.setRequestProperty(HttpHeaders.AUTHORIZATION, String.format("Basic %s", b64Creds));
super.prepareConnection(connection);
}
}
另请参阅