Using WebServiceTemplate with a keystore

Question

Is it possible to configure a WebServiceTemplate with a java keystore?

edit
I'm looking for a way to configure the location of the keystore in the spring config

Answer 1

You should install the certificates you need in the keystore (probably the cacerts file) of the JDK used to run your app server using they keytool command.

Here is an example command:

keytool -import -trustcacerts -alias someAlias -file someCert.crt -keystore yourKeystore

Edit: Based on the updated question it looks like this may be what you are looking for: http://static.springsource.org/spring-ws/sites/1.5/reference/html/security.html

Answer 2

I think you can programatically load a keystore based using a KeyStore.Builder:

http://java.sun.com/j2se/1.5.0/docs/api/java/security/KeyStore.Builder.html#newInstance%28java.lang.String,%20java.security.Provider,%20java.io.File,%20java.security.KeyStore.ProtectionParameter%29

So maybe have a class that has a webservice template or extends it, then set the file path of the keystore on it in your spring config and make it an inizialing bean (@PostConstruct in Spring 3?) which then loads the keystore.

File f = new File(keyStorePath);
KeyStore.Builder builder = KeyStore.Builder.newInstance("type",provider,file,protection);
KeyStore keystore = builder.getKeyStore();

Ok - to actually use it with your webservicetemplate i think it must be based around the keystore callback as documented here: http://static.springsource.org/spring-ws/sites/1.5/reference/html/security.html#d0e4462

Or maybe by using the spring org.springframework.ws.transport.http.HttpsUrlConnectionMessageSender which you can set keystoremanager on. Then that can be used by your webservicetemplate.

A bit like this:

<bean id="template" class="org.springframework.ws.client.core.WebServiceTemplate">
    <property name="messageSender">
        <bean class="org.springframework.ws.transport.http.HttpsUrlConnectionMessageSender">
            <property name=""></property>
        </bean>
    </property>
</bean>

HTH

Answer 3

Late reply on this thread but anyway: note that once you have your keystore and everything else set up, you may be shocked to find that the WebServiceTemplate doesn't seem to support HTTPS connections!

Make sure you set the messageSender property to be org.springframework.ws.transport.http.CommonsHttpMessageSender. The default WebServiceMessageSender implementation does not support HTTPS.

Answer 4

i don't get it, can someone post a working example?

Answer 5

I'm assuming you mean you want to configure the keystore used by JSSE, since that is the Template will use. JSSE will always always look at the javax.net.ssl.keyStore/javax.net.ssl.keyStorePassword system properties to find the keystore. You can configure these properties in Spring using an InitializingBean like this.

Note that if you are running in an app server the JSSE may already be configured before Spring initializes. In this case you need to use the app server interface to set the keystore -- usually using -D params on command line.

<bean id="jsseInitializer" lazy-init="false" class="com.blah.JsseInitializer">
        <property name="trustStoreLocation" value="${pnet.batch.trustStore.location}"/>
        <property name="trustStorePassword" value="${pnet.batch.trustStore.password}"/>
        <property name="keyStoreLocation" value="${pnet.batch.keyStore.location}"/>
        <property name="keyStorePassword" value="${pnet.batch.keyStore.password}"/>
</bean>


public class JsseInitializer implements InitializingBean {

    private String trustStoreLocation;
    private String trustStorePassword;
    private String keyStoreLocation;
    private String keyStorePassword;

    public String getTrustStoreLocation() {
        return trustStoreLocation;
    }


    public void setTrustStoreLocation(String trustStoreLocation) {
        this.trustStoreLocation = trustStoreLocation;
    }


    public String getTrustStorePassword() {
        return trustStorePassword;
    }


    public void setTrustStorePassword(String trustStorePassword) {
        this.trustStorePassword = trustStorePassword;
    }


    public String getKeyStoreLocation() {
        return keyStoreLocation;
    }


    public void setKeyStoreLocation(String keyStoreLocation) {
        this.keyStoreLocation = keyStoreLocation;
    }


    public String getKeyStorePassword() {
        return keyStorePassword;
    }


    public void setKeyStorePassword(String keyStorePassword) {
        this.keyStorePassword = keyStorePassword;
    }

    public void afterPropertiesSet() throws Exception {
        System.setProperty("javax.net.ssl.trustStore", trustStoreLocation);
        System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword);
        System.setProperty("javax.net.ssl.keyStore", keyStoreLocation);
        System.setProperty("javax.net.ssl.keyStorePassword", keyStorePassword);

    }
}