Is it possible to configure a WebServiceTemplate with a java keystore?
edit
I'm looking for a way to configure the location of the keystore in the spring config
I am posting this answer after six years but to be honest there isn't a single post where a complete and concise solution is provided. All you need is spring-ws-core (2.1.4.RELEASE +) and spring-we-security (2.2.4.RELEASE +) dependencies. The next step is to configure custom keystore and truststore as beans and then inject them to web service template in spring configuration.
<bean id="myKeyStore" class="org.springframework.ws.soap.security.support.KeyStoreFactoryBean">
<property name="location" value="file:/tmp/config/my-keystore.jks"/>
<property name="password" value="password"/>
</bean>
<bean id="myTrustStore" class="org.springframework.ws.soap.security.support.KeyStoreFactoryBean">
<property name="location" value="file:/tmp/config/my-truststore.jks"/>
<property name="password" value="different_password"/>
</bean>
<bean id="template" class="org.springframework.ws.client.core.WebServiceTemplate">
<property name="messageSender">
<bean class="org.springframework.ws.transport.http.HttpsUrlConnectionMessageSender">
<property name="trustManagers">
<bean class="org.springframework.ws.soap.security.support.TrustManagersFactoryBean">
<property name="keyStore" ref="mytrustStore" />
</bean>
</property>
<property name="keyManagers">
<bean class="org.springframework.ws.soap.security.support.KeyManagersFactoryBean">
<property name="keyStore" ref="myKeyStore" />
<property name="password" value="password" />
</bean>
</property>
</bean>
</property>
</bean>
In summery there is no need to write any code, the use case can be easily achieved using spring config.
The answers and the questions that I found in this post kept me chasing my tail for a while. In the end I got this working for an application I deployed to WebLogic 11g by importing the keystore into the keystore on my Weblogic server:
C:\bea\jrockit_160_14_R27.6.5-32\jre\bin>keytool -importkeystore -srckeystore \workspace\myProject\webservice.keystore
Then I changed the configuration for the WebLogic keystore to point to this keystore. You can do this through the WL console: Environment->Servers->AdminServer->Keystores. Change the Keystores: selection to "Custom Identity and Custom Trust", then fill in the path in the Identity(incoming), and Trust(outgoing) sections to your keystore location. On Windows XP, mine was in \Documents an Settings\my id\.keystore.
I didn't provide the passphrase and I believe it is optional.
I think you can programatically load a keystore based using a KeyStore.Builder:
http://java.sun.com/j2se/1.5.0/docs/api/java/security/KeyStore.Builder.html#newInstance%28java.lang.String,%20java.security.Provider,%20java.io.File,%20java.security.KeyStore.ProtectionParameter%29
So maybe have a class that has a webservice template or extends it, then set the file path of the keystore on it in your spring config and make it an inizialing bean (@PostConstruct in Spring 3?) which then loads the keystore.
File f = new File(keyStorePath);
KeyStore.Builder builder = KeyStore.Builder.newInstance("type",provider,file,protection);
KeyStore keystore = builder.getKeyStore();
Ok - to actually use it with your webservicetemplate i think it must be based around the keystore callback as documented here: http://static.springsource.org/spring-ws/sites/1.5/reference/html/security.html#d0e4462
Or maybe by using the spring org.springframework.ws.transport.http.HttpsUrlConnectionMessageSender which you can set keystoremanager on. Then that can be used by your webservicetemplate.
A bit like this:
<bean id="template" class="org.springframework.ws.client.core.WebServiceTemplate">
<property name="messageSender">
<bean class="org.springframework.ws.transport.http.HttpsUrlConnectionMessageSender">
<property name=""></property>
</bean>
</property>
</bean>
HTH
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With