使用 SoapUI 测试自签名证书身份验证 Web 服务答案

【问题标题】：Test self-signed certificate authentication webservice with SoapUI使用 SoapUI 测试自签名证书身份验证 Web 服务
【发布时间】：2015-04-19 04:36:21
【问题描述】：

我正在使用Spring webservice 2.2.x通过<x509/>实现自我证书认证

这样，X509AuthenticationFilter 期待来自 javax.servlet.request.X509Certificate

的客户端证书

X509Certificate[] certs = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");

如何配置 SoapUI 以将客户端证书放在那里？我尝试将 JKS 或 PCS12 密钥库配置为：

显示项目视图 -> WS-Security 配置 -> keyStore
请求属性 -> SSL KeyStore

但它不起作用：在请求中找不到客户端证书

11:58:10.001 [233950856@qtp-444127949-3] DEBUG o.s.security.web.FilterChainProxy - /services at position 1 of 10 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
11:58:10.004 [233950856@qtp-444127949-3] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - No HttpSession currently exists
11:58:10.004 [233950856@qtp-444127949-3] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: null. A new one will be created.
11:58:10.005 [233950856@qtp-444127949-3] DEBUG o.s.security.web.FilterChainProxy - /services at position 2 of 10 in additional filter chain; firing Filter: 'HeaderWriterFilter'
11:58:10.006 [233950856@qtp-444127949-3] DEBUG o.s.security.web.FilterChainProxy - /services at position 3 of 10 in additional filter chain; firing Filter: 'LogoutFilter'
11:58:10.006 [233950856@qtp-444127949-3] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/services'; against '/logout'
11:58:10.006 [233950856@qtp-444127949-3] DEBUG o.s.security.web.FilterChainProxy - /services at position 4 of 10 in additional filter chain; firing Filter: 'X509AuthenticationFilter'
11:58:10.006 [233950856@qtp-444127949-3] DEBUG o.s.s.w.a.p.x.X509AuthenticationFilter - Checking secure context token: null
11:58:10.006 [233950856@qtp-444127949-3] DEBUG o.s.s.w.a.p.x.X509AuthenticationFilter - No client certificate found in request.
11:58:10.006 [233950856@qtp-444127949-3] DEBUG o.s.s.w.a.p.x.X509AuthenticationFilter - No client certificate found in request.
11:58:10.006 [233950856@qtp-444127949-3] DEBUG o.s.s.w.a.p.x.X509AuthenticationFilter - No pre-authenticated principal found in request
11:58:10.007 [233950856@qtp-444127949-3] DEBUG o.s.security.web.FilterChainProxy - /services at position 5 of 10 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
11:58:10.007 [233950856@qtp-444127949-3] DEBUG o.s.security.web.FilterChainProxy - /services at position 6 of 10 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
11:58:10.007 [233950856@qtp-444127949-3] DEBUG o.s.security.web.FilterChainProxy - /services at position 7 of 10 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
11:58:10.007 [233950856@qtp-444127949-3] DEBUG o.s.s.w.a.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'

【问题讨论】：

标签： spring authentication ssl certificate soapui

【解决方案1】：

创建项目后
显示项目视图 -> WS-Security 配置 -> 密钥库
在此处添加客户端 PCKS12 密钥
WS-Security 配置 -> 传出 WS-Secutity 配置 -> 新传出 WSS 配置 -> 具有任意名称
然后找到“Sepcify unique name for configuration”->填写Keystore、Alias和Password（如果有，一般为空）
保存并完成配置

【讨论】：