I'm trying to understand how to send https post request with post data using spring web or and other spring tools.
so far I've been using httpclient but i'm trying to convert to spring :)
the https post request should ignore self signed certificate.
please provide an example on how it can be done.
thank you
I use Spring Integration to send http POST and GET
http://static.springsource.org/spring-integration/reference/html/http.html
The request-factory bean need to be configured to allow self-signed certificates.
I use the following wiring to declare apacheHttpsRequestFactory to be used by http Spring Integration endpoints.
The httpClient bean can be injected to other Spring Beans and used to send http requests:
#Autowired
private HttpClient httpClient;
Here is the fragment of spring-intefration-context.xml:
<!-- HTTPS connection to trust self signed certificates -->
<bean id="sslSocketFactory" class="org.apache.http.conn.ssl.SSLSocketFactory">
<constructor-arg name="trustStrategy">
<bean class="org.apache.http.conn.ssl.TrustSelfSignedStrategy" />
</constructor-arg>
<constructor-arg name="hostnameVerifier">
<bean class="org.apache.http.conn.ssl.AllowAllHostnameVerifier" />
</constructor-arg>
</bean>
<bean id="httpsSchemaRegistry" class="org.apache.http.conn.scheme.SchemeRegistry">
<property name="items">
<map>
<entry key="https">
<bean class="org.apache.http.conn.scheme.Scheme">
<constructor-arg value="https" />
<constructor-arg value="443" />
<constructor-arg ref="sslSocketFactory" />
</bean>
</entry>
</map>
</property>
</bean>
<bean id="httpClient" class="org.apache.http.impl.client.DefaultHttpClient">
<constructor-arg>
<bean class="org.apache.http.impl.conn.PoolingClientConnectionManager">
<constructor-arg ref="httpsSchemaRegistry" />
</bean>
</constructor-arg>
</bean>
<bean id="apacheHttpsRequestFactory"
class="org.springframework.http.client.HttpComponentsClientHttpRequestFactory">
<constructor-arg ref="httpClient" />
Related
<bean class="org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter">
<property name="messageConverters">
<util:list>
<bean id="byteArrayMessageConverter" class="org.springframework.http.converter.ByteArrayHttpMessageConverter"/>
</util:list>
</property>
</bean>
I'm new to the Spring java configuration to create a bean. Can some one help me with the java configuration for the above xml configuration. I have an requirement to send image to client through my rest spring controller.
I have a security app context which works fine with Pre-authentication.
I would want to know if it is possible to have both Basic Authentication (With LDAP Bind as authentication manager) and Pre-authentication effective at the same time:
If container provides principal name, we will rely on it (and go to LDAP to get user details), and if pre-authentication of container does not happen (e.g. we have deployed in Jetty for testing without pre-authetication), we would want Basic Authentication to be used which in turns authenticated by LDAP Bind.
Is it something possible? How can I do it?
Here is my existing (simplified) app context:
<s:global-method-security
secured-annotations="enabled"
pre-post-annotations="enabled"
proxy-target-class="true" />
<bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy">
<s:filter-chain-map path-type="ant">
<s:filter-chain pattern="/**"
filters="securityContextPersistenceFilter,preAuthenticatedFilter" />
</s:filter-chain-map>
</bean>
<bean id="securityContextPersistenceFilter"
class="org.springframework.security.web.context.SecurityContextPersistenceFilter">
<property name='securityContextRepository'>
<bean
class='org.springframework.security.web.context.HttpSessionSecurityContextRepository'>
<property name='allowSessionCreation' value='true' />
</bean>
</property>
</bean>
<bean id="preAuthenticatedFilter"
class="org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter">
<property name="authenticationManager" ref="authenticationManager" />
</bean>
<s:authentication-manager alias="authenticationManager">
<s:authentication-provider ref="preAuthenticatedAuthProvider" />
</s:authentication-manager>
<bean id="preAuthenticatedAuthProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
<property name="preAuthenticatedUserDetailsService" >
<bean class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper" >
<property name="userDetailsService" ref="userDetailsService" />
</bean>
</property>
</bean>
<bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<!-- some config skipped -->
</bean>
<bean id="userDetailsService" class="org.springframework.security.ldap.userdetails.LdapUserDetailsService" >
<constructor-arg index="0" ref="ldapUserSearch"/>
<constructor-arg index="1" ref="ldapAuthoritiesPopulator"/>
<property name="userDetailsMapper" ref="fooUserDetailsMapper" />
</bean>
<bean id="fooUserDetailsMapper" class="com.foo.FooUserDetailsMapper" />
<bean id="ldapUserSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<!-- some config skipped -->
</bean>
<bean id="ldapAuthoritiesPopulator"
class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<!-- some config skipped -->
</bean>
<bean id="ldapTemplate" class="org.springframework.ldap.core.simple.SimpleLdapTemplate">
<constructor-arg ref="contextSource" />
</bean>
<bean id="ldapAuthorities" class="com.fil.ims.LdapAuthoritiesServices" />
I have tried the followings but none of them works
add a new ldap authentication provider (org.springframework.security.ldap.authentication.LdapAuthenticationProvider), and add one more <s:authentication-provider> entry under <s:authentication-manager>, or
add a separate org.springframework.security.web.authentication.www.BasicAuthenticationFilter, which points to a new <s:authentication-provider> which points to the new ldap authentication provider (It is complaining for "An AuthenticationEntryPoint is required".)
What should be the right way to do so?
From my bare understanding, seems 2 should be the right way, if someone can give me some direction, it will be good enough.
Thanks
I am using Spring WebServiceTemplate in my client side code to send request to an existing 3rd party web service.
<bean id="vehicleQuotationWebServiceTemplate" class="org.springframework.ws.client.core.WebServiceTemplate">
<constructor-arg ref="messageFactory"/>
<property name="marshaller" ref="vehicleQuotationMarshaller" />
<property name="unmarshaller" ref="vehicleQuotationMarshaller" />
<property name="faultMessageResolver" ref="vehicleServiceClientFaultMessageResolver" />
<property name="defaultUri" value="http://localhost:8080/quote/endpoints"/>
</bean>
Everything was working fine until they added security check from the server side. Right now, in order to pass the server side security authenication, I need to pass some values from a cookie to the server. This I can do easily in SoapUI by modifying the http header (adding the cookie's value there), but my question is how can I do it in Java code with the Spring's WebServiceTemplate?
You can extend the WebServiceTemplate or in a more easy way use a custom sender who extends Spring's
org.springframework.ws.transport.http.CommonsHttpMessageSender
and set in your bean definition
<bean id="vehicleQuotationWebServiceTemplate" class="org.springframework.ws.client.core.WebServiceTemplate">
<constructor-arg ref="messageFactory"/>
<property name="marshaller" ref="vehicleQuotationMarshaller" />
<property name="unmarshaller" ref="vehicleQuotationMarshaller" />
<property name="faultMessageResolver" ref="vehicleServiceClientFaultMessageResolver" />
<property name="defaultUri" value="http://localhost:8080/quote/endpoints"/>
<property name="messageSender">
<bean class="org.springframework.ws.transport.http.MyHttpComponentsMessageSender"/>
</property>
</bean>
take a look at Spring forums
JSESSIONID and setting cookie for WebServiceTemplate
I have created a web service client using spring ws template. This is working as expected for http protocol. Now I want to make it work with https. I have the relevant client key store(the jks file) and now I want to configure the message sender to send secure request.
Could you please help me on how to proceed on this?
Here is my spring bean configuration:
<bean id="messageFactory" class="org.springframework.ws.soap.saaj.SaajSoapMessageFactory"/>
<bean id="tokenrMarshaller" class="org.springframework.oxm.jaxb.Jaxb2Marshaller">
<property name="contextPath" value="com.token.dto.v1" />
</bean>
<bean id="tokenServiceTemplate" class="org.springframework.ws.client.core.WebServiceTemplate">
<constructor-arg ref="messageFactory" />
<property name="marshaller" ref="tokenrMarshaller"></property>
<property name="unmarshaller" ref="tokenrMarshaller"></property>
<property name="messageSender">
<bean class="org.springframework.ws.transport.http.HttpComponentsMessageSender" />
</property>
<property name="defaultUri" value="${token.url}" />
</bean>
If I change the url from http to https w/o any configuration, the application throws "org.springframework.ws.client.WebServiceTransportException".
See javadoc for http://docs.spring.io/spring-ws/site/apidocs/org/springframework/ws/transport/http/HttpComponentsMessageSender.html#setHttpClient%28org.apache.http.client.HttpClient%29
Set httpClient property of messageSender bean.
See my other post on how to configure httpClient bean to work around self-signed certificate issues.
sending https post request with post data using spring web
No need to import keys into keystore.
I have an application which uses spring (also spring security) where few services were kept outside the secured resource set by specifying like below in the applicationContext.xml:
<http pattern="/services/rest/nohisb/Msgs" security="none"/>
Now these services needs to be accessed only via https. Container is configured to have https. Requirement is when user access the above service on http, he should be redirected to https (port number too changes, as it in not the default 443).
Is it possible to achieve this via spring ?
thanks
Nohsib
Yes, it is possible to achieve using Spring Channel Processing and PortMapper
Spring Channel Processing used to define http/https access URL Patterns. For Example-
Https Access URL-
https://localhost/myapp/user/myaccount
Http: Access URL-
http://localhost/myapp/home
Then if user access the secure URL in http mode "http://localhost/myapp/user/myaccount" spring channel security redirect the user to secure URL "https://localhost/myapp/user/myaccount" and vice verse.
PortMapper Bean is used map non-standard port numbers for HTTP and HTTPS mapping
Sample Configuration:
Channel Processing Bean Definition And Port Mapper-
<bean id="channelProcessingFilter" class="org.springframework.security.web.access.channel.ChannelProcessingFilter">
<property name="channelDecisionManager" ref="channelDecisionManager"/>
<property name="securityMetadataSource">
<security:filter-security-metadata-source path-type="ant">
<security:intercept-url pattern="/services/rest/nohisb/Msgs**" access="REQUIRES_SECURE_CHANNEL" />
<security:intercept-url pattern="/**/*.html**" access="REQUIRES_SECURE_CHANNEL" />
<!-- more pattern definition -->
</security:filter-security-metadata-source>
</property>
</bean>
<bean id="channelDecisionManager" class="org.springframework.security.web.access.channel.ChannelDecisionManagerImpl">
<property name="channelProcessors">
<list>
<ref bean="secureChannelProcessor"/>
<ref bean="insecureChannelProcessor"/>
</list>
</property>
</bean>
<bean id="secureChannelProcessor" class="org.springframework.security.web.access.channel.SecureChannelProcessor">
<property name="entryPoint" ref="secureEntryPoint"/>
</bean>
<bean id="insecureChannelProcessor" class="org.springframework.security.web.access.channel.InsecureChannelProcessor">
<property name="entryPoint" ref="insecureEntryPoint"/>
</bean>
<bean id="secureEntryPoint" class="org.springframework.security.web.access.channel.RetryWithHttpsEntryPoint">
<property name="portMapper" ref="portMapper"/>
</bean>
<bean id="insecureEntryPoint" class="org.springframework.security.web.access.channel.RetryWithHttpEntryPoint">
<property name="portMapper" ref="portMapper"/>
</bean>
<bean id="portMapper" class="org.springframework.security.web.PortMapperImpl">
<property name="portMappings">
<map>
<entry key="80" value="443"/>
<entry key="8081" value="8443"/>
<entry key="8443" value="8081"/>
<!-- so on... -->
</map>
</property>
</bean>
Filter Mapping-
<security:http auto-config="false"
entry-point-ref="authenticationProcessingFilterEntryPoint"
access-decision-manager-ref="accessDecisionManager" >
<security:custom-filter position="CHANNEL_FILTER" ref="channelProcessingFilter"/>
<security:intercept-url pattern="/*.html*" access="ROLE_ANONYMOUS,admin,user" />
<security:intercept-url pattern="/*.jsp" access="ROLE_ANONYMOUS,admin,user" />
<!-- more pattern definition -->
</security:http>
You can write Servlet filter that will check request scheme and URL and sent redirect when needed.
But actually such stuff should be done not in the java code, but in a reverse proxy or balancer. Usually servlet container is used behind proxy (nginx?) or apache (mod_proxy) That's the place to configure https/http redirecting etc.
Wouldn't it be simpler to use the Spring Security namespace configuration as described in http://static.springsource.org/spring-security/site/docs/3.0.x/reference/ns-config.html#ns-requires-channel to define port mappings?