【问题标题】:SOAP with mutual SSL - how to send over credentials?具有相互 SSL 的 SOAP - 如何通过凭据发送?
【发布时间】:2012-08-10 15:18:01
【问题描述】:
public class ResLookupGetService extends Service {
    ServerServicePortType getServerServicePort();
}
public interface ServerServicePortType {
    ServerServiceResponse doSoapMethod(RequestObject request, ParamObject parameters);
}

ServerServicePortType service = new ServerServiceGetService().getServerServicePort();
ServerServiceResponse response = service.doSoapMethod(request, parameters);

在需要相互 SSL 加密之前,上面的代码可以很好地调用我的 SOAP 服务。

一旦打开,我会尝试创建一个 SSL 上下文并像这样设置它:

ServerServicePortType service = new ServerServiceGetService().getServerServicePort();

BindingProvider bindingProvider = (BindingProvider) service;
    bindingProvider.getRequestContext().put(
        "com.sun.xml.internal.ws.transport.https.client.SSLSocketFactory",
        getSslContext().getSocketFactory());

ServerServiceResponse response = service.doSoapMethod(request, parameters);

以及创建SSLContext的代码:

public SSLContext getSslContext(String keyStorePath, String keyStoreType, String trustStorePath) {
  KeyStore keyStore = KeyStore.getInstance(keyStoreType);
  InputStream ksis = ClassLoader.getSystemResourceAsStream(keyStorePath);
  keyStore.load(ksis, "mypassword".toCharArray());
  ksis.close();

  KeyStore trustStore = KeyStore.getInstance("JKS");
  InputStream tsis = ClassLoader.getSystemResourceAsStream(trustStorePath);
  trustStore.load(tsis, "mypassword".toCharArray());
  tsis.close();

  TrustManagerFactory tmf =
      TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
  tmf.init(trustStore);

  KeyManagerFactory kmf =
      KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
  kmf.init(keyStore, "mypassword".toCharArray());

  sslContext = SSLContext.getInstance("TLS");
  sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
  return sslContext;
}

但它似乎没有正确传递我的凭据。我设置正确吗?

谢谢

【问题讨论】:

    标签: java soap jaxb


    【解决方案1】:

    事实证明,使用 BindingProvider 没有任何作用(或者至少我无法使用它来产生影响)。

    在调用 Web 服务之前,我只需设置这些系统属性:

      private void setSystemProps() {
    
        String keyStoreFileName = "ssl/clientKeyStore.jks";
        String keyStorePath = ClassLoader.getSystemResource(keyStoreFileName).getPath();
        String keyStoreType = "JKS";
        String keyStorePassword = "mypassword";
    
        String trustStoreFileName = "ssl/clientTruststore.jks";
        String trustStorePath = ClassLoader.getSystemResource(trustStoreFileName).getPath();
        String trustStoreType = "JKS";
        String trustStorePassword = "mypassword";
    
        Properties systemProps = System.getProperties();
        systemProps.put("javax.net.ssl.keyStore", keyStorePath);
        systemProps.put("javax.net.ssl.keyStorePassword", trustStorePassword);
        systemProps.put("javax.net.ssl.keyStoreType", keyStoreType);
    
        systemProps.put("javax.net.ssl.trustStore", trustStorePath);
        systemProps.put("javax.net.ssl.trustStoreType", trustStoreType);
        systemProps.put("javax.net.ssl.trustStorePassword", keyStorePassword);
        System.setProperties(systemProps);
      }
    

    然后我可以像往常一样进行服务调用:

    ServerServicePortType service = new ServerServiceGetService().getServerServicePort();
    ServerServiceResponse response = service.doSoapMethod(request, parameters);
    

    值得注意的是,当我设置系统属性时,它们接受任何 Object 作为值,而我最初错误地将其设置为 URL 对象而不是字符串。

    所以trustStorePathkeyStorePath 变量被设置为.getPath() 值,这是一个绝对文件路径,例如:

    "/Users/username/path/to/directory/with/ssl/clientKeyStore.jks"
    

    现在一切正常。

    【讨论】:

      猜你喜欢
      • 2020-11-11
      • 2015-10-20
      • 2016-11-03
      • 2016-05-28
      • 1970-01-01
      • 2017-01-22
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多