如何在spring ws客户端请求中添加证书链

Question

我有一个简单的 spring ws 客户端，它向某个 url 发送请求：

  @SuppressWarnings("unchecked")
  private JAXBElement<O> sendSyncSoapRequest(final JAXBElement<I> req, final String iszrUrl) {
    if (iszrUrl != null) {
      return (JAXBElement<O>) this.wsTemplate.marshalSendAndReceive(iszrUrl, req);
    } else {
      return (JAXBElement<O>) this.wsTemplate.marshalSendAndReceive(req);
    }
  }

现在我需要将证书链附加到肥皂请求中。我该怎么做？请帮忙

Answer 1

所以我已经解决了这个问题。我需要使用新的 httpClient 创建 WebServiceMessageSender，其中包含带有我的证书的 sslFactory：

WebServiceMessageSender sender = new HttpComponentsMessageSender(HttpClients.custom()
            .addInterceptorFirst(new RemoveSoapHeadersInterceptor()).setSSLSocketFactory(factory));
wsTemplate.setMessageSender(sender);        


// copy & paste from HttpComponentsMessageSender:
/**
 * HttpClient {@link org.apache.http.HttpRequestInterceptor} implementation that removes {@code Content-Length} and
 * {@code Transfer-Encoding} headers from the request. Necessary, because SAAJ and other SOAP implementations set
 * these headers themselves, and HttpClient throws an exception if they have been set.
 */
public static class RemoveSoapHeadersInterceptor implements HttpRequestInterceptor {



    @Override
    public void process(HttpRequest request, HttpContext context) throws HttpException, IOException {
        if (request instanceof HttpEntityEnclosingRequest) {
            if (request.containsHeader(HTTP.TRANSFER_ENCODING)) {
                request.removeHeaders(HTTP.TRANSFER_ENCODING);
            }
            if (request.containsHeader(HTTP.CONTENT_LEN)) {
                request.removeHeaders(HTTP.CONTENT_LEN);
            }
        }
    }
}

Answer 2

我不知道 Spring 中有任何语法糖可以在客户端上使用证书身份验证。但是，现在我可能错过了一些东西。在没有其他人指出有一个简单的注释可以应用于您的 Web 服务模板的情况下，这是我的想法。

这不是一个完整的循序渐进的答案，但它应该能让你部分地到达那里。通过使用 WebServiceMessageCallback，您可以在发送消息之前修改 SOAP 消息中的标头。下面的代码演示了如何将用户名和密码添加到标题中。

您应该能够使用相同的机制以类似的方式将证书添加到安全标头。请查看以下文档，该文档解释了基于 SOAP 证书的身份验证，并在第 9 页显示了示例安全标头。

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0.pdf

Object response = getWebServiceTemplate().marshalSendAndReceive(
    exposureRequests,
    new WebServiceMessageCallback() {
    /**
     * The doWithMessage callback enables us to modify the message after it has
     * been built using the nice Spring/JAXB marshalling, just before it gets
     * sent out.
     */
    @Override
    public void doWithMessage(WebServiceMessage message)
        throws IOException, TransformerException {
            applySecurityHeaders(message, SOAP_ACTION);
        }
    }
);


/**
 * Add security headers to the outgoing message, so that the client is 
 * authenticated against the web service.
 */
private void applySecurityHeaders(WebServiceMessage message, String soapAction) 
        throws IOException, TransformerException {
    Assert.isInstanceOf(SoapMessage.class, message);

    SoapMessage soapMessage = (SoapMessage) message;
    soapMessage.setSoapAction(soapAction);
    SoapHeader header = soapMessage.getSoapHeader();
    Transformer transformer = TransformerFactory.newInstance().newTransformer();
    transformer.transform(getSecurityHeaderSource(), header.getResult());
    soapMessage.writeTo(new LoggingOutputStream(log));
}

/**
 * Returns the content required for a basic SOAP security header.
 */
private StringSource getSecurityHeaderSource() {
    return new StringSource(
            "<Security xmlns=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\">\n "
                    + "<UsernameToken>\n"
                    + "<Username><![CDATA[" + username + "]]></Username>\n "
                    + "<Password><![CDATA[" + password + "]]></Password>\n "
                    + "</UsernameToken>\n"
                    + "</Security>\n");
}