2. 질의 응답
  3. 스프링 부트 비누 기반 웹 서비스 용 스프링 보안

스프링 부트 비누 기반 웹 서비스 용 스프링 보안

2014-09-11 10 views
0

SOAP 기반 웹 서비스 및 보안을 위해 다음 구현을 구현했습니다.스프링 부트 비누 기반 웹 서비스 용 스프링 보안

package com.hcentive.webservice.soap; 

import org.apache.log4j.Logger; 
import org.springframework.boot.context.embedded.ServletRegistrationBean; 
import org.springframework.context.ApplicationContext; 
import org.springframework.context.annotation.Bean; 
import org.springframework.context.annotation.Configuration; 
import org.springframework.context.annotation.ImportResource; 
import org.springframework.core.io.ClassPathResource; 
import org.springframework.ws.config.annotation.EnableWs; 
import org.springframework.ws.config.annotation.WsConfigurerAdapter; 
import org.springframework.ws.transport.http.MessageDispatcherServlet; 
import org.springframework.ws.wsdl.wsdl11.DefaultWsdl11Definition; 
import org.springframework.xml.xsd.SimpleXsdSchema; 
import org.springframework.xml.xsd.XsdSchema; 

/** 
* @author Mebin.Jacob 
* Web service configuration class 
* @since 03-Sept-2014 
*/ 
@EnableWs 
@Configuration 
@ImportResource({"classpath:/spring-ws-servlet.xml","classpath:/security.xml"}) 
public class WebServiceConfig extends WsConfigurerAdapter { 

    Logger logger = Logger.getLogger(WebServiceConfig.class); 

    @Bean 
    public ServletRegistrationBean dispatcherServlet(ApplicationContext applicationContext) { 
     MessageDispatcherServlet servlet = new MessageDispatcherServlet(); 
     servlet.setApplicationContext(applicationContext); 
     servlet.setTransformWsdlLocations(true); 
     return new ServletRegistrationBean(servlet, "/ws/*"); 
    } 

    @Bean(name = "coa_application_service") 
    public DefaultWsdl11Definition defaultWsdl11Definition(XsdSchema coa_applicationSchema) { 
     DefaultWsdl11Definition wsdl11Definition = new DefaultWsdl11Definition(); 
     wsdl11Definition.setPortTypeName("FormsPort"); 
     wsdl11Definition.setLocationUri("/ws"); 
     wsdl11Definition.setTargetNamespace("http://hcentive.com/service"); 
     wsdl11Definition.setSchema(coa_applicationSchema); 
     return wsdl11Definition; 
    } 

    /*@Bean 
    public EmbeddedServletContainerFactory servletContainer(){ 
     TomcatEmbeddedServletContainerFactory factory = new TomcatEmbeddedServletContainerFactory(); 
     logger.info("Setting context path "); 
     factory.setContextPath("/spring-ws-servlet.xml"); 
     return factory; 
    } 
*/ 
    @Bean 
    public XsdSchema coa_applicationSchema() { 
     return new SimpleXsdSchema(new ClassPathResource("coa_application_service.xsd")); 
    } 
}
//spring-ws-servlet.xml 

<?xml version="1.0" encoding="UTF-8"?> 
<beans xmlns="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation=" 
    http://www.springframework.org/schema/beans 
    http://www.springframework.org/schema/beans/spring-beans-4.0.xsd 
    http://www.springframework.org/schema/security/spring-security-3.1.xsd"> 


    <bean id="wsSecurityInterceptor" 
     class="org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor"> 
     <property name="policyConfiguration" value="classpath:securityPolicy.xml" /> 
     <property name="callbackHandlers"> 
      <list> 
       <ref bean="keyStoreHandler" /> 
       <ref bean="springCertificateHandler" /> 
      </list> 
     </property> 
    </bean> 
    <bean id="keyStoreHandler" 
     class="org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler"> 
     <property name="keyStore" ref="keyStore" /> 
     <property name="privateKeyPassword" value="changeit" /> 
    </bean> 

    <bean id="keyStore" 
     class="org.springframework.ws.soap.security.support.KeyStoreFactoryBean"> 
     <property name="password" value="changeit" /> 
     <property name="location" value="classpath:/keystore.jks" /> 
    </bean> 


    <bean id="springCertificateHandler" 
     class="org.springframework.ws.soap.security.xwss.callback.SpringCertificateValidationCallbackHandler"> 
     <property name="authenticationManager"> 
      <bean class="com.hcentive.security.SimpleAuthenticationManager" /> 
     </property> 
    </bean> 

</beans>

//security.xml

<?xml version="1.0" encoding="UTF-8"?> 
<beans:beans xmlns="http://www.springframework.org/schema/security" 
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
      http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
      http://www.springframework.org/schema/security 
      http://www.springframework.org/schema/security/spring-security-3.2.xsd"> 

    <http> 
     <!-- Every user request needs to be authenticated and authorized --> 
     <intercept-url pattern="/**" access="ROLE_USER"/> 

     <!-- x509 Pre authentication - pull username from the Common Name 
      field of the client certificate and extract the last 'word', in our client 
      cert example, 'John Smith jsmith', the username 'jsmith' --> 
     <x509 subject-principal-regex="CN=.*?\s(\w+)," /> 

     <logout /> 
    </http> 

     <authentication-manager> 
     <authentication-provider> 
      <user-service> 
       <user name="Jacob" 
        authorities="ROLE_USER, ROLE_ADMIN" /> 
      </user-service> 
     </authentication-provider> 
    </authentication-manager> 


</beans:beans>

이 내 로그를 보여줍니다 것입니다 : -

Algorithm: [SHA256withRSA] 
    Signature: 
0000: 48 85 7A CA A7 1D DC 13 D1 0D 3D EB 10 20 A8 0E H.z.......=.. .. 
0010: 1D 2A 82 AF 0D 40 04 1A 4F 57 16 AF CF 2A 13 22 .*[email protected]*." 
0020: 79 A4 EB 81 29 13 56 94 78 AF EF D6 BE 3C B2 1B y...).V.x....<.. 
0030: 7C B2 CC B6 69 00 56 41 58 A1 E5 03 5A 27 5B 97 ....i.VAX...Z'[. 
0040: A5 49 8A 71 9C 78 13 0C 2D BC BD AE E5 26 52 9F .I.q.x..-....&R. 
0050: 8B EA 43 91 E0 DA 46 D2 15 C5 8B 23 E2 98 2E 9E ..C...F....#.... 
0060: 67 80 07 C1 94 76 E8 89 8F E6 10 D2 C4 3A 41 80 g....v.......:A. 
0070: A6 CA E9 59 4F A2 3C 6A FB D9 71 C7 29 0A A1 83 ...YO.<j..q.)... 
0080: D9 9E DE 09 F7 AC 18 EE CE B2 A5 07 0C 0F C5 92 ................ 
0090: A8 82 3D 61 10 00 5A EC 90 E9 E7 94 72 CA 93 AA ..=a..Z.....r... 
00A0: 04 C3 83 61 4C 4D AD 08 D2 54 A8 96 58 5A 06 D3 ...aLM...T..XZ.. 
00B0: C2 0F 52 24 B1 7A EF 7C 52 27 92 88 34 EE 44 83 ..R$.z..R'..4.D. 
00C0: E0 88 94 40 03 7A C3 7B C8 D8 51 5A 0B 56 D3 22 [email protected].QZ.V." 
00D0: 36 11 04 B1 C0 8C F7 B3 B3 7C 4C F1 FF A4 50 41 6.........L...PA 
00E0: 4A EE FC 2D 7C DE F2 54 3F 8A 38 B7 BF E3 6C 89 J..-...T?.8...l. 
00F0: D1 3D 34 55 F5 F9 10 4B 77 A9 36 BF 23 5E 87 B4 .=4U...Kw.6.#^.. 

] 
preAuthenticatedPrincipal = Jacob, trying to authenticate 
Authentication attempt using org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider 
PreAuthenticated authentication request: org.springframework.security[email protected]fbbdfcac: Principal: Jacob; Credentials: [PROTECTED]; Authenticated: false; Details: org.sprin[email protected]957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Not granted any authorities 
Authentication success: org.springframework.security[email protected]fcc8a5: Principal: [email protected]: Username: Jacob; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN,ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ADMIN, ROLE_USER 
/at position 5 of 10 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' 
/at position 6 of 10 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 
/at position 7 of 10 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 
SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security[email protected]fcc8a5: Principal: [email protected]: Username: Jacob; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN,ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ADMIN, ROLE_USER' 
/at position 8 of 10 in additional filter chain; firing Filter: 'SessionManagementFilter' 
Delegating to org.springframework.securi[email protected]11664436 
HttpSession being created as SecurityContext is non-default 
SecurityContext stored to HttpSession: '[email protected]c8a5: Authentication: org.springframework.security[email protected]fcc8a5: Principal: [email protected]: Username: Jacob; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN,ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ADMIN, ROLE_USER' 
/at position 9 of 10 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' 
/at position 10 of 10 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' 
Secure object: FilterInvocation: URL: /; Attributes: [ROLE_USER] 
Previously Authenticated: org.springframework.security[email protected]fcc8a5: Principal: [email protected]: Username: Jacob; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN,ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ADMIN, ROLE_USER 
Voter: [email protected], returned: 1 
Authorization successful 
RunAsManager did not change Authentication object 
/reached end of additional filter chain; proceeding with original chain 
SecurityContext stored to HttpSession: '[email protected]c8a5: Authentication: org.springframework.security[email protected]fcc8a5: Principal: [email protected]: Username: Jacob; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN,ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ADMIN, ROLE_USER' 
Chain processed normally 
SecurityContextHolder now cleared, as request processing completed 
/error at position 1 of 10 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 
Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: '[email protected]c8a5: Authentication: org.springframework.security[email protected]fcc8a5: Principal: [email protected]: Username: Jacob; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN,ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ADMIN, ROLE_USER' 
/error at position 2 of 10 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter' 
/error at position 3 of 10 in additional filter chain; firing Filter: 'LogoutFilter' 
/error at position 4 of 10 in additional filter chain; firing Filter: 'X509AuthenticationFilter' 
Checking secure context token: org.springframework.security[email protected]fcc8a5: Principal: [email protected]: Username: Jacob; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN,ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ADMIN, ROLE_USER 
/error at position 5 of 10 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' 
/error at position 6 of 10 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 
/error at position 7 of 10 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 
SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security[email protected]fcc8a5: Principal: [email protected]: Username: Jacob; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN,ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ADMIN, ROLE_USER' 
/error at position 8 of 10 in additional filter chain; firing Filter: 'SessionManagementFilter' 
/error at position 9 of 10 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' 
/error at position 10 of 10 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' 
/error reached end of additional filter chain; proceeding with original chain 
Chain processed normally 
SecurityContextHolder now cleared, as request processing completed

승인 및 액세스가 정상적으로 수행되었거나 잘못된 것으로 보입니다. 뭔가를 erasing ?? 그러나 요청은 SOAP 엔드 포인트로 진행되지 않는 것 같습니다. 나는 봄 ws, 봄 장화를 가진 새끼입니다. 잠시 동안 이걸 붙잡 았어. ....

필터를로드 한 후 messageDispatcherservlet에 대한 호출이 수행되지 않은 것처럼 보입니다. 누군가가 왜 그런 일이 일어나지 않는지 전혀 모른다. 내 기록에 어떤 오류도 보이지 않는다 !!!

덕분에, Mebin

출처

2014-09-11 Mebin

답변

4

난 당신이 여기에 보안의 두 종류를 혼합 생각합니다. security.xml에서 HTTP 전송 계층에서만 작동하는 스프링 보안을 사용하여 HTTP 기반 보안을 활성화했습니다. WebServiceConfig에서 SOAP 메시지 레벨에서 작동하는 스프링 웹 서비스로 WS-Security를 ​​활성화했습니다. 두 가지 중 하나를 선택하는 것이 현명합니다. WS-Security 만 사용 가능하게 설정하는 것이 좋습니다.

스프링 부트 응용 프로그램에서 WS-Security를 ​​사용하는 샘플을 보려면 here을 확인하십시오. 특히 WebServiceServerConfig을 참조하십시오.

출처

2014-09-12 09:37:38

 관련 문제

  • 관련 문제 없음^_^