I have read the Spring doc regarding Securing your Web services with Spring-WS but it looks for me as if the article is just regarding server side and not client side. Indeed, it is working fine for server side with Wss4jSecurityInterceptor but I need to sign a request to an external Web service.
So, first question. Am I right and chapter 7 of Spring Web Services documentation just apply to server side?
Second. It is possible, to add security, like signed headers, to SOAP requests on client side with Spring in a way similar (simple, elegant) to how it is done on server side?
I have found this question but it looks like signing is done with Apache CXF and this article where signing is done in a home made way.
Thanks in advance.
Well, I am afraid I am going to answer my own questions:
First one: NO. Chapter 7 of Spring Web Services documentation is about both sides, client and server.
Second one: Acording with the answer to the fisrt question, YES, as it is described on chapter 7 of Spring Web Services documentation.
My error was that I was declaring interceptor in this way:
<sws:interceptors>
<ref bean="wsSecurityInterceptor" />
</sws:interceptors>
and this interceptors just affect to server-side Web services. For clients it should be done in this way:
<bean id="webServiceTemplate" class="org.springframework.ws.client.core.WebServiceTemplate">
<property name="marshaller" ref="marshaller" />
<property name="unmarshaller" ref="marshaller" />
<property name="defaultUri"
value="http://localhost:8080/ws-demo/myws" />
<property name="interceptors">
<list>
<ref bean="wsSecurityInterceptor" />
</list>
</property>
</bean>
来源:https://stackoverflow.com/questions/9281019/sign-soap-request-on-client-side-with-spring