----

Securing Spring Web Services: Chapter 5

Creating client project o test our web service

Following is the step by step guide to create client project to encrypt the request and decrypt the response at the client side.

Now that we have the server running and expecting encrypted request message from the client, we will now implement web service client to send encrypted web service request message. The web service client will be implemented as a separate maven project.

1.       Create a bookstore client project using the following maven command
mvn archetype:generate -DarchetypeGroupId=org.apache.maven.archetypes -DarchetypeVersion=1.0 -DgroupId=com.bookstore.client -DartifactId=bookstore-web-service-client -DinteractiveMode=false

Same folder structure will be created with a default App.java in com.bookstore.client package, as shown here in the image.




2.       Add a new resources folder parallel to java folder and create applicationContext.xml file in this folder, as shown here.

 3.       To encrypt the request message using server’s public key, the server’s public key certificate has to be imported into client’s keystore.


To import server’s public key certificate first create a java key store file bookstore-client-keystore.jks in resources directory using java’s keytool command. You can run this command from E:\bookstore-web-service\src\main\resources directory.

keytool -genkey -alias bookstore-client -keyalg RSA -keypass client12345 -storepass client12345 -keystore bookstore-client-keystore.jks

Assuming that you have received server’s public key certificate and copied it in E: drive, Import server’s public key certificate using the following command. Run this command from resources directory
keytool -import -alias bookstore-server-import -file e:\bookstore-ws-server-public.cer –keystore bookstore-client-keystore.jks -storepass client12345

Certificate will be added to client’s key store. You can list the content of bookstore-client-keystore using the following command to verify if the server’s public key certificate is successfully imported.
keytool -list -keystore bookstore-client-keystore.jks -storepass client12345

Now that we have created client side key store which has its own public-private key pair and server’s public key certificate, we can now export client’s public key certificate using the following command and import it in server’s key store. Using the client’s public key certificate the server will then be able to encrypt the response.
keytool -export -rfc -alias bookstore-client -file bookstore-ws-client-public.cer -keystore bookstore-client-keystore.jks -storepass client12345

3.       Configure securement and validation properties of Wss4jSecurityInterceptor in applicationContext.xml to
a.       Encrypt outgoing request and
b.      Decrypt incoming encrypted response
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:oxm="http://www.springframework.org/schema/oxm"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
       http://www.springframework.org/schema/oxm
       http://www.springframework.org/schema/oxm/spring-oxm-3.0.xsd">

       <bean id="wsClientSecurityInterceptor" class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
              <!-- configuration to encrypt outgoing request -->
              <property name="securementActions" value="Encrypt" />
              <property name="securementEncryptionUser" value="bookstore-server-import" />
              <property name="securementEncryptionCrypto">
                     <ref bean="keystore" />
              </property>

              <!-- configuration to decrypt incoming response -->
              <property name="validationActions" value="Encrypt" />
              <property name="validationDecryptionCrypto">
                     <ref bean="keystore" />
              </property>
              <property name="validationCallbackHandler">
                     <bean class="org.springframework.ws.soap.security.wss4j.callback.KeyStoreCallbackHandler">
                           <property name="privateKeyPassword" value="client12345" />
                     </bean>
              </property>
       </bean>

       <bean id="keystore" class="org.springframework.ws.soap.security.wss4j.support.CryptoFactoryBean">
              <property name="keyStorePassword" value="client12345" />
              <property name="keyStoreLocation" value="classpath:/bookstore-client-keystore.jks" />
       </bean>
</beans>

4.       Using wsimport tool, parse Web Services Description Language (WSDL) and generate required files (JAX-WS portable artifacts) for web service client to access the published bookstore web services. Run the wsimport tool from bookstore-web-service-client directory.

wsimport -d .\src\main\java -keep http://localhost:8080/bookstore-web-service/services/bookstore.wsdl

Following files required for web service client will be created.

com\bookstore\schema\AddBookRequest.java
com\bookstore\schema\AddBookResponse.java
com\bookstore\schema\Book.java
com\bookstore\schema\BookStoreInterface.java
com\bookstore\schema\BookStoreInterfaceService.java
com\bookstore\schema\DeleteBookRequest.java
com\bookstore\schema\DeleteBookResponse.java
com\bookstore\schema\GetBookRequest.java
com\bookstore\schema\GetBookResponse.java
com\bookstore\schema\ObjectFactory.java
com\bookstore\schema\package-info.java

No comments :

Post a Comment