I am new to spring web services and am currently trying to implement spring-ws security for secure transport and encryption/decryption of incoming and outgoing SOAP messages. We have a keystore on our server that is installed in the conf directory under Tomcat. How do I reference that keystore in my spring web app? I'd like to avoid having to move the keystore since it will be utilized by other applications in the future. I've searched for answers most of yesterday, but all the examples I've come across put the keystore file on the class path.
I am assuming you are using WSS4J with Spring-WS, you can put any valid resource to refer to the certificate location.
eg.
<property name="keyStoreLocation" value="file://C:/tomcat/.."/>
Related
I have configured my trustsore and keystore information in the external tomcat's server.xml in the Connector tag. The certificates are stored in the tomcat's /base/lib directory.
I need to deploy a spring boot application to this external tomcat.
How can I make the information about trustsore and keystore available to the spring boot application?
Where in the spring boot application do I need to store the trsustore and keystore .jks files?
I did the same with the datasource in Resource tag in server.xml, and in spring boot application I used
spring.datasource.jndi-name=some name to jndi. How can I configure the same for trsustore and keystore?
The keystore and truststore in Tomcat's <Connector> have a single purpose:
the keystore contains the certificate (and private key) used by the server's SSL port,
the truststore contains the list of CAs, which are trusted if mutual SSL authentication is enabled.
Therefore these settings are specific to each deployment of your application. You shouldn't provide them yourself.
You should only provide system administrators a way to configure those settings. In your case Spring Boot already takes care of it (cf. server.ssl properties).
See also:
What is the difference between javax.net.ssl.keyStore and server.ssl.key-store properties when specifying keystore for a SpringBoot app
I am using Apache Camel Spring DSL to call a REST service over HTTPS. The application is a Spring Boot application and the dependency camel-http is added in pom.xml. I have the certificate file Test.p12 and the password of the certificate. To add the certificate while calling the HTTPS URL, I am following the instructions given in
https://camel.apache.org/components/latest/http-component.html
and trying to add the following bean definition:
<camel:sslContextParameters
id="sslContextParameters">
<camel:keyManagers
keyPassword="keyPassword">
<camel:keyStore
resource="/users/home/server/keystore.jks"
password="keystorePassword"/>
</camel:keyManagers>
</camel:sslContextParameters>
but not able to create a bean. Can anyone please guide me how to call a REST service using HTTPS in Camel and how to add the certificate while calling?
Check out the Spring-Boot configuration of SSLContextParameters in the YAML (or property) file of the application.
You can find it at the bottom of this page.
I have two different spring boot application with SSL enabled in it and also there is an eureka discovery server and these two applications are linked to eureka server.I need to make some https call between these two SSL enabled applications. So I decided to go ahead with feign client .Eureka is able to resolve https url properly for feign client. But while making the call I'm getting "unable to find valid certification path to requested target". I can understand this error is because public key of my client application is not present in truststore of the application from which I'm making feign call. I have already added the public key in my custom truststore, But it is of no use.Property file for the same is below
server.ssl.enabled=true
server.ssl.key-store=classpath:springboot.p12
server.ssl.key-store-password= Pass#123
server.ssl.keyStoreType= PKCS12
server.ssl.keyAlias= springboot
server.ssl.trust-store=classpath:springboot.jks
server.ssl.trust-store-password=Pass#123
eureka.instance.nonSecurePortEnabled=false
eureka.instance.securePortEnabled=true
After digging more into the issue I found that "server.ssl.trust-store" property will set truststore in the embeded tomcat server of spring boot application, But some have my https call is taking default JDK truststore. When I added system properties in my application then everything is working fine. But with spring boot properties file configuration it is not working .
System.setProperty("javax.net.ssl.trustStore", trustStorePath);
System.setProperty("javax.net.ssl.trustStorePassword",trustStorePassword);
I feel setting system properties is an workaround and I'm looking for a better solution .
I even tried enabling ribbon client and added "ribbon.IsSecure=true" property also. But still getting the same issue.
Can someone please provide a suggestion for the same.
Thank you
I'm looking for the Spring project which is providing some secure capability to sending JKS file between two Spring apps. I found a Spring Cloud Config project (currently I'm using it in my apps) and I found topics with same question in internet but no one answer it. Is there any feature that can I use from this project or maybe someone know another project with this features?
There is no project that provides such capability AFAIK. You could serve the JKS file as a resource which is exposed at a certain web endpoint. Add Spring Security to your project so the other application can request the JKS file over HTTPS, and maybe add basic authentication for that specific web endpoint so others can't download it too.
Hope that helps!
Can anybody provide me with a code sample to access rest service url secured with https using spring rest template.
I have the certificate(.pfx format) password and send cient side certificate to server. server side is used on the client side certificate and established the connection
I want to create a springboot application that work as 2 way SSL between client and server.
Thanks.
I created a sample Spring Boot application that demonstrates how to create a RestTemplate that is configured for SSL client authentication. The sample application acts as the server as well which requires SSL mutual authentication (to demonstrate usage via the test case). In practice, the RestTemplate bean would interact with an external service. Hope this helps.
https://github.com/steve-oakey/spring-boot-sample-clientauth
I should note that the most important part of the example is creating the SSLContext. There are plenty of ways to create the SSLContext, I chose a method that uses the SSLContextBuilder from the org.apache.httpcomponents:httpclient library. Other methods such as using the Java API directly, or setting the javax.net.ssl.* JVM properties would also work.