GithubHelp home page GithubHelp logo

dhval / sample-ws-security-wss4j Goto Github PK

View Code? Open in Web Editor NEW
10.0 1.0 3.0 276 KB

A minimalist Spring WS Security sample to generate outgoing SOAP security header with X509 Token/Digital Signature profile.

Java 100.00%

sample-ws-security-wss4j's Introduction

Spring WS-Security with WSS4J

This is a working example of creating a SOAP service with X509 Token profile to sign the request using digital signatures (digSig).

Spring WSS supports two implementations of WS-Security:WSS4J and XWSS, using ClientInterceptor class.

  • Wss4jSecurityInterceptor.
  • XwsSecurityInterceptor.

To make this sample working yet minimalist, I am using WSS4j which is more portable, additionally other details like trustsstore, Custom SAML assertions, encryption, JAXB/XJC configurations are omitted.

For customizing see; wss4j-config. Below details are implemented in ClientConfig.java.

Signature Identifier Profiles

// X509KeyIdentifier, DirectReference
securityInterceptor.setSecurementSignatureKeyIdentifier("DirectReference");

Security Actions

// Timestamp Signature SAMLTokenSigned SAMLTokenUnsigned
securityInterceptor.setSecurementActions("Timestamp Signature");

Signature Parts

securityInterceptor.setSecurementSignatureParts(
    "{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;" +
        "{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body"

Sample WSS Outgoing Header

Creating keystore

This example will need a java key store (jks) file like which is NOT included, you will need to create it using keytool.

Running this sample

$ mvn clean spring-boot:run

Output-Image

License

The project has been released under the MIT License. Issues and suggestions for this sample are welcome, Tracker

sample-ws-security-wss4j's People

Contributors

swativerma8567 avatar

Stargazers

Bryan Kenneally avatar avatar Shrikant Agiwal avatar Jamil Naber avatar Ganesh Tiwari avatar Sergio Wiesner avatar Juan Román avatar giulius84 avatar Toomas Pärna avatar Lukáš Voříšek avatar

Watchers

Dhval Mudawal avatar

Forkers

indrajeetsinghthakur myselfronin xielianghai

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.