问题描述
我有一个Spring WS客户端,需要使用密钥库/trustore组合以及基本身份验证进行身份验证.
I have a Spring WS client that needs to authenticate using a keystore/trustore combination and also via basic auth.
这是我目前拥有的相关Spring配置:
This is the relevant Spring config that I currently have:
@Configuration
public class SpringWSConfig {
@Bean
public Jaxb2Marshaller jaxb2Marshaller() {
Jaxb2Marshaller marshaller = new Jaxb2Marshaller();
marshaller.setPackagesToScan("io.shido.credit.domain");
return marshaller;
}
@Bean
public WebServiceTemplate webServiceTemplate() throws Exception {
final WebServiceTemplate template = new WebServiceTemplate(jaxb2Marshaller(), jaxb2Marshaller());
template.setDefaultUri("https://domain.tld/SVC/data");
//template.setMessageSenders(new WebServiceMessageSender[]{ messageSender(), messageSender2() });
//template.setInterceptors(new ClientInterceptor[] { wss4jSecurityInterceptor() });
template.setMessageSender(messageSender());
return template;
}
@Bean
public HttpsUrlConnectionMessageSender messageSender() throws Exception {
HttpsUrlConnectionMessageSender messageSender = new HttpsUrlConnectionMessageSender();
messageSender.setTrustManagers(trustManagersFactoryBean().getObject()); // set the trust store(s)
messageSender.setKeyManagers(keyManagersFactoryBean().getObject()); // set the key store(s)
return messageSender;
}
这适用于keystore/trustore部分.我能够成功进行SSL握手,但是现在我得到的是 HTTP 401(未授权).所以我尝试了:
This works for the keystore/trustore part. I'm able to do the SSL handshake successfully, but right now I'm getting an HTTP 401 (Unauthorized). So I tried:
- 具有多个
senders;其中一个HttpComponentsMessageSender带有用户名和密码...但是它不起作用 - 要使用某些
Wss4jSecurityInterceptorconfig/settings配置ClientInterceptor,也行不通 - 要使用从
HttpsUrlConnectionMessageSender继承的发件人,请添加username和password字段,覆盖prepareConnection并将connection.setRequestProperty设置为使用Authorization标头.这次我得到了 HTTP 405(不允许使用方法)
- To have multiple
senders; one of themHttpComponentsMessageSenderwith the username and password on it...but it doesn't work - To configure a
ClientInterceptorwith someWss4jSecurityInterceptorconfig/settings...also doesn't work - To use a sender that inherits from
HttpsUrlConnectionMessageSender, add ausernameandpasswordfields, overwriteprepareConnectionand setconnection.setRequestPropertyto use anAuthorizationheader. This time I get an HTTP 405 (Method Not Allowed)
任何线索如何做到这一点?
Any clues how to do this?
推荐答案
我最终创建了一个新类,并将其作为message sender注入到Spring的WebServiceTemplate中.解决了HTTP 401 (Unauthorized)的问题–不太记得HTTP 405 (Method Not Allowed)了.
I ended up creating a new class and injecting it as a message sender in the Spring's WebServiceTemplate. That solves the HTTP 401 (Unauthorized) — don't quite remember about the HTTP 405 (Method Not Allowed).
@Bean
public HttpsUrlConnectionMessageSender messageSender() throws Exception {
HttpsUrlConnectionMessageSender messageSender = new BasicAuthHttpsConnectionMessageSender(username, password);
// ...
return messageSender;
}
// You might need org.springframework.ws:spring-ws-support in order to
// have HttpsUrlConnectionMessageSender
public final class BasicAuthHttpsConnectionMessageSender extends HttpsUrlConnectionMessageSender {
private String b64Creds;
public BasicAuthHttpsConnectionMessageSender(String username, String password) {
b64Creds = Base64.getUrlEncoder().encodeToString((username + ":" + password).getBytes(StandardCharsets.UTF_8));
}
@Override
protected void prepareConnection(HttpURLConnection connection) throws IOException {
connection.setRequestProperty(HttpHeaders.AUTHORIZATION, String.format("Basic %s", b64Creds));
super.prepareConnection(connection);
}
}
有关更多信息,请参考此答案.两者都是相关的(如果不是差不多的话).
Refer to this answer also for more info. Both are related (if not almost the same).
这篇关于Spring WS Client-使用KeyStore/TrustStore和凭据的身份验证(基本身份验证)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!