java 使用带有密钥库的 WebServiceTemplate
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2419791/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Using WebServiceTemplate with a keystore
提问by Mark Pope
Is it possible to configure a WebServiceTemplate with a java keystore?
是否可以使用 Java 密钥库配置 WebServiceTemplate?
edit
I'm looking for a way to configure the location of the keystore in the spring config
编辑
我正在寻找一种在 spring 配置中配置密钥库位置的方法
采纳答案by simonlord
I think you can programatically load a keystore based using a KeyStore.Builder:
我认为您可以使用 KeyStore.Builder 以编程方式加载基于密钥库:
So maybe have a class that has a webservice template or extends it, then set the file path of the keystore on it in your spring config and make it an inizialing bean (@PostConstruct in Spring 3?) which then loads the keystore.
因此,可能有一个具有 web 服务模板或扩展它的类,然后在您的 spring 配置中设置密钥库的文件路径,并使其成为一个初始化 bean(Spring 3 中的 @PostConstruct?),然后加载密钥库。
File f = new File(keyStorePath);
KeyStore.Builder builder = KeyStore.Builder.newInstance("type",provider,file,protection);
KeyStore keystore = builder.getKeyStore();
Ok - to actually use it with your webservicetemplate i think it must be based around the keystore callback as documented here: http://static.springsource.org/spring-ws/sites/1.5/reference/html/security.html#d0e4462
好的 - 要实际将它与您的 webservicetemplate 一起使用,我认为它必须基于此处记录的密钥库回调:http: //static.springsource.org/spring-ws/sites/1.5/reference/html/security.html#d0e4462
Or maybe by using the spring org.springframework.ws.transport.http.HttpsUrlConnectionMessageSender which you can set keystoremanager on. Then that can be used by your webservicetemplate.
或者也许通过使用 spring org.springframework.ws.transport.http.HttpsUrlConnectionMessageSender 你可以设置 keystoremanager 。然后可以由您的 webservicetemplate 使用。
A bit like this:
有点像这样:
<bean id="template" class="org.springframework.ws.client.core.WebServiceTemplate">
<property name="messageSender">
<bean class="org.springframework.ws.transport.http.HttpsUrlConnectionMessageSender">
<property name=""></property>
</bean>
</property>
</bean>
HTH
HTH
回答by Suken Shah
I am posting this answer after six years but to be honest there isn't a single post where a complete and concise solution is provided. All you need is spring-ws-core (2.1.4.RELEASE +) and spring-we-security (2.2.4.RELEASE +) dependencies. The next step is to configure custom keystore and truststore as beans and then inject them to web service template in spring configuration.
我在六年后发布了这个答案,但老实说,没有一个帖子提供完整而简洁的解决方案。您只需要 spring-ws-core (2.1.4.RELEASE +) 和 spring-we-security (2.2.4.RELEASE +) 依赖项。下一步是将自定义密钥库和信任库配置为 bean,然后在 spring 配置中将它们注入 Web 服务模板。
<bean id="myKeyStore" class="org.springframework.ws.soap.security.support.KeyStoreFactoryBean">
<property name="location" value="file:/tmp/config/my-keystore.jks"/>
<property name="password" value="password"/>
</bean>
<bean id="myTrustStore" class="org.springframework.ws.soap.security.support.KeyStoreFactoryBean">
<property name="location" value="file:/tmp/config/my-truststore.jks"/>
<property name="password" value="different_password"/>
</bean>
<bean id="template" class="org.springframework.ws.client.core.WebServiceTemplate">
<property name="messageSender">
<bean class="org.springframework.ws.transport.http.HttpsUrlConnectionMessageSender">
<property name="trustManagers">
<bean class="org.springframework.ws.soap.security.support.TrustManagersFactoryBean">
<property name="keyStore" ref="mytrustStore" />
</bean>
</property>
<property name="keyManagers">
<bean class="org.springframework.ws.soap.security.support.KeyManagersFactoryBean">
<property name="keyStore" ref="myKeyStore" />
<property name="password" value="password" />
</bean>
</property>
</bean>
</property>
</bean>In summery there is no need to write any code, the use case can be easily achieved using spring config.
夏天不需要写任何代码,使用spring config就可以轻松实现用例。
回答by Michael Vandewalle
The answers and the questions that I found in this post kept me chasing my tail for a while. In the end I got this working for an application I deployed to WebLogic 11g by importing the keystore into the keystore on my Weblogic server:
我在这篇文章中找到的答案和问题让我追了一阵子。最后,我通过将密钥库导入到我的 Weblogic 服务器上的密钥库中,使这个应用程序为我部署到 WebLogic 11g 的应用程序工作:
C:\bea\jrockit_160_14_R27.6.5-32\jre\bin>keytool -importkeystore -srckeystore \workspace\myProject\webservice.keystore
C:\bea\jrockit_160_14_R27.6.5-32\jre\bin>keytool -importkeystore -srckeystore \workspace\myProject\webservice.keystore
Then I changed the configuration for the WebLogic keystore to point to this keystore. You can do this through the WL console: Environment->Servers->AdminServer->Keystores. Change the Keystores: selection to "Custom Identity and Custom Trust", then fill in the path in the Identity(incoming), and Trust(outgoing) sections to your keystore location. On Windows XP, mine was in \Documents an Settings\my id\.keystore.
然后我将 WebLogic 密钥库的配置更改为指向此密钥库。您可以通过 WL 控制台执行此操作:Environment->Servers->AdminServer->Keystores。将 Keystores: 选择更改为"Custom Identity and Custom Trust",然后将Identity(incoming) 和Trust(outgoing) 部分中的路径填写到您的密钥库位置。在 Windows XP 上,我的位于 \Documents an Settings\my id\.keystore 中。
I didn't provide the passphrase and I believe it is optional.
我没有提供密码,我相信它是可选的。
回答by obaudys
Late reply on this thread but anyway: note that once you have your keystore and everything else set up, you may be shocked to find that the WebServiceTemplate doesn't seem to support HTTPS connections!
对此线程的回复较晚,但无论如何:请注意,一旦您设置了密钥库和其他所有内容,您可能会惊讶地发现 WebServiceTemplate 似乎不支持 HTTPS 连接!
Make sure you set the messageSenderproperty to be org.springframework.ws.transport.http.CommonsHttpMessageSender. The default WebServiceMessageSenderimplementation does not support HTTPS.
确保将messageSender属性设置为org.springframework.ws.transport.http.CommonsHttpMessageSender. 默认WebServiceMessageSender实现不支持 HTTPS。
回答by mrcrabs
I'm assuming you mean you want to configure the keystore used by JSSE, since that is the Template will use. JSSE will always always look at the javax.net.ssl.keyStore/javax.net.ssl.keyStorePassword system properties to find the keystore. You can configure these properties in Spring using an InitializingBean like this.
我假设您的意思是要配置 JSSE 使用的密钥库,因为这是模板将使用的。JSSE 将始终查看 javax.net.ssl.keyStore/javax.net.ssl.keyStorePassword 系统属性以查找密钥库。您可以像这样使用 InitializingBean 在 Spring 中配置这些属性。
Note that if you are running in an app server the JSSE may already be configured before Spring initializes. In this case you need to use the app server interface to set the keystore -- usually using -D params on command line.
请注意,如果您在应用服务器中运行,则 JSSE 可能已经在 Spring 初始化之前配置好了。在这种情况下,您需要使用应用服务器界面来设置密钥库——通常在命令行上使用 -D params。
<bean id="jsseInitializer" lazy-init="false" class="com.blah.JsseInitializer">
<property name="trustStoreLocation" value="${pnet.batch.trustStore.location}"/>
<property name="trustStorePassword" value="${pnet.batch.trustStore.password}"/>
<property name="keyStoreLocation" value="${pnet.batch.keyStore.location}"/>
<property name="keyStorePassword" value="${pnet.batch.keyStore.password}"/>
</bean>
public class JsseInitializer implements InitializingBean {
private String trustStoreLocation;
private String trustStorePassword;
private String keyStoreLocation;
private String keyStorePassword;
public String getTrustStoreLocation() {
return trustStoreLocation;
}
public void setTrustStoreLocation(String trustStoreLocation) {
this.trustStoreLocation = trustStoreLocation;
}
public String getTrustStorePassword() {
return trustStorePassword;
}
public void setTrustStorePassword(String trustStorePassword) {
this.trustStorePassword = trustStorePassword;
}
public String getKeyStoreLocation() {
return keyStoreLocation;
}
public void setKeyStoreLocation(String keyStoreLocation) {
this.keyStoreLocation = keyStoreLocation;
}
public String getKeyStorePassword() {
return keyStorePassword;
}
public void setKeyStorePassword(String keyStorePassword) {
this.keyStorePassword = keyStorePassword;
}
public void afterPropertiesSet() throws Exception {
System.setProperty("javax.net.ssl.trustStore", trustStoreLocation);
System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword);
System.setProperty("javax.net.ssl.keyStore", keyStoreLocation);
System.setProperty("javax.net.ssl.keyStorePassword", keyStorePassword);
}
}
回答by Taylor Leese
You should install the certificates you need in the keystore (probably the cacerts file) of the JDK used to run your app server using they keytool command.
您应该使用 keytool 命令在用于运行应用服务器的 JDK 的密钥库(可能是 cacerts 文件)中安装所需的证书。
Here is an example command:
这是一个示例命令:
keytool -import -trustcacerts -alias someAlias -file someCert.crt -keystore yourKeystore
Edit: Based on the updated question it looks like this may be what you are looking for: http://static.springsource.org/spring-ws/sites/1.5/reference/html/security.html
编辑:根据更新的问题,这看起来可能就是您要查找的内容:http: //static.springsource.org/spring-ws/sites/1.5/reference/html/security.html
