使用wss4jsecurityinterceptor进行春季安全性-使用两个密钥为签名和加密配置安全性

时间:2018-08-17 06:49:33

标签: spring-ws wss4j

我正在尝试通过阅读https://memorynotfound.com/spring-ws-certificate-authentication-wss4j/

上的本教程来添加用于保护spring-ws的拦截器

我需要在一个密钥库(server.jks-文件)中使用两个单独的公私钥(一个用于签名,第二个用于加密)。但是我无法配置安全拦截器。

与使用单个密钥库的示例一样,它可以正常工作,但是当单独的密钥用于签名和加密时,我应该如何设置以下内容

@Bean
public KeyStoreCallbackHandler securityCallbackHandler(){
    KeyStoreCallbackHandler callbackHandler = new KeyStoreCallbackHandler();
    callbackHandler.setPrivateKeyPassword("changeit");
    return callbackHandler;
}

@Bean
public Wss4jSecurityInterceptor securityInterceptor() throws Exception {
    Wss4jSecurityInterceptor securityInterceptor = new Wss4jSecurityInterceptor();

    // validate incoming request
    securityInterceptor.setValidationActions("Timestamp Signature Encrypt");
    securityInterceptor.setValidationSignatureCrypto(getCryptoFactoryBean().getObject());
    securityInterceptor.setValidationDecryptionCrypto(getCryptoFactoryBean().getObject());
    securityInterceptor.setValidationCallbackHandler(securityCallbackHandler());

    // encrypt the response
    securityInterceptor.setSecurementEncryptionUser("client-public");
    securityInterceptor.setSecurementEncryptionParts("{Content}{https://memorynotfound.com/beer}getBeerResponse");
    securityInterceptor.setSecurementEncryptionCrypto(getCryptoFactoryBean().getObject());

    // sign the response
    securityInterceptor.setSecurementActions("Signature Encrypt");
    securityInterceptor.setSecurementUsername("server");
    securityInterceptor.setSecurementPassword("changeit");
    securityInterceptor.setSecurementSignatureCrypto(getCryptoFactoryBean().getObject());

    return securityInterceptor;
}

@Bean
public CryptoFactoryBean getCryptoFactoryBean() throws IOException {
    CryptoFactoryBean cryptoFactoryBean = new CryptoFactoryBean();
    cryptoFactoryBean.setKeyStorePassword("changeit");
    cryptoFactoryBean.setKeyStoreLocation(new ClassPathResource("server.jks"));
    return cryptoFactoryBean;
}

对于加密,我们有setSecurementEncryptionUser方法,但是我们如何配置具有别名的setValidationDecryptionCrypto和setValidationSignatureCrypto来解密/验证

0 个答案:

没有答案