For one of our projects, I should be able to call a webservice that uses WS-Security, i.e. the SOAP request should be signed with an X.509 certificate. I've been doing some tests to call the webservice through the use of the WebServiceRef annotation and I'm able to call the webservice without WS-Security.
So my question is: how can I activate and/or configure WS-Security when using the WebServiceRef annotation ?
Regards, Stefan Lecho.
If it still relevant, have a look at WSIT, and in particular, its WS-Security implementation described here. Basically you just have to use #WebServiceRef as you usually do, provide a wsit-client.xml, and specify the proper <Policy> node.
You might find these useful:
Implementing WS-Security with public key certificates for Metro-based web services
Configuring Keystores and Truststores
Related
Spring Data REST creates a CRUD web server with a discoverable API, so it seems it should be possible to write a generalized web client application for it. Is there such an application?
May be you are looking for a HAL browser
https://www.baeldung.com/spring-rest-hal
or
something like https://www.npmjs.com/package/angular-spring-data-rest
https://www.npmjs.com/package/angular4-hal
I hope you mean sample client stubs. Actually a web client cannot be generalized beyond the resources it has. That will not be quite meaningful.
You can try below with swagger. Using swagger here would be really convenient (over raml etc) since spring-data-rest generates swagger it self for you.
Take your swagger spec
Paste it at https://editor.swagger.io/.
Go Generate Client => Your favorite programming language.
Then it will generate sample client stubs for you in the language you have selected.
I think this should be the far most generalized point that makes sense.
-Addition-
The primary problem spring-data-rest has solved is abstracting out all the common functionalities attached to controller (ex: response/request mapping etc) and making them readily available and configurable, so that the developer no longer needs to re-invent/duplicate them every time when they are coding a new endpoint.
So as you have suggested generating client-stubs is completely out of spring-data-rest scope. Please read the documentation for more info.
Could you please let me know by default whether the spring RestTemplate do certificate revocation status check? If yes, which one it does CRL or OCSP? or If I do the JVM settings it will take as per the JVM settings.
I am not able to find it from any documentation.
I use spring-boot 1.3.5
This is not easy to answer cause RestTemplate is using a ClientHttpRequestFactory to create Requests which will then be executed. The default one which is being used is SimpleClientHttpRequestFactory that uses JDK internals and should let you manipulate its behavior by passing in JVM settings. I'm not aware of the details of the JVM but I think you can configure if it should check CRL, OCSP or both as well as some other things.
But if you are using a different one like Netty4ClientHttppRequestFactory, HttpComponentsClientHttpRequestFactory or OkHttp3ClientHttpRequestFactory the behavior might be different cause the implementation behind might be a different one. In these cases I suggest you have a look at the documentation of those projects.
Hope that helps.
I need to generate Rest client using a wadl. I am aware of wadl2java maven plugin & command line tool provided by Apache-cxf.
However, I could not find any such tool provided by Spring. Does spring provides any plugin to generate client classes using a wadl?
There is a rudimentary client-side code generator from WADL available with Apache CXF JAX-RS implementation http://cxf.apache.org/docs/jaxrs-services-description.html
It generates some boilerplate code, but it is nothing close to client generators for SOAP/WSDL web services.
Spring- rest has RestTemplate class for synchronous client calls. Link
That is quite generic and caters to all the requirements. Like the previous comments there's a few third party wadl2java maven plugins that can be integrated but nothing out of the box.
I have been searching for an example Spring Webservice which is being protected using oauth 2.0..
Looking around I found https://github.com/spring-projects/spring-security-oauth/tree/master/samples/oauth2 but there some files seems to be missing from the project.
Two things that I am looking for is :
When user authenticates, user name and password goes to /login.do , now I can not understand how this Servlet is being configured, if its not controller. web.xml is missing.
When I try to see how beans configured then applicationContext.xml is also missing. I am not able to find those files in order to see how things are configured.
Help Required :
Should I use annotation in order to configure my web service or xml configuration. I am willing to use the latest version, and leverage advanced configurations, for better security.
I have another Single page application ( HTML5 ) , which accesses data from this spring web service, which is being hosted on Google App Engine. My ultimate objective is to create a chrome plugin of (html5) pages and use my service from there..
Please suggest a better path so that I can achieve my objectives.
Best regards,
Shashank Pratap
Apologize for late reply.
1) Regarding Oauth2.0 implementation : Since GAE does not support Servlet 3.0 therefore, developer is restricted to servlet 2.5. Therefore I found that we are restricted to 1.0.5.RELEASE. I was able to configure it successfully.
Best Practice on GAE : Rather than following this approach, I would suggest others to use Google Endpoints. As it supports oauth2.0 as well as we can develop REST API relatively quickly.
Scale ability and Response time : Since I was using Spring dependency injection along with spring security, application responded slower than the combination of Google Endpoints and Google Juice, as juice does injection just in time, where as spring prepares everything as soon as new instance starts, which created problem for me.
2) Chrome Plugin is completely different story. :-)
Please correct if I am wrong.
Thanks,
Shashank Pratap
I have some url that I need to read data from there and use it in my controller.
Usually in java application I use http client, to get data from some url.
My questions are:
What object to use in spring mvc to get data from some url (like http client) ?
How to reuse this objects, so every time not to create it ?
Thank you!
In agreement with the comment by #Evgeny and #Beau above, you can use any client library you like. HttpClient is VERY bean friendly and, for cases where it might be difficult to construct the configuration, you can always provide a Spring factory bean to construct the object.
If you are looking to abstract away the plumbing of the HttpClient API usage, utilize the RestTemplate suggested by #Evgeny (I believe that it is also his brainchild) It is a VERY rich and simple API to leverage.