Spring Book – Chapter 16 – Web Services – Spring WS

Error Handling

Spring WS provides way by handling exceptions arising when the endpoint processes the received message by the way of EndpointExceptionResolver’s. These exception resolvers provide information about what endpoint was invoked when the exception was thrown. Listing 16-14 shows the ExceptionResolver interface which should be implemented for by your exception resolvers.

Listing 16-14. ExceptionResolver interface definition

The class org.springframework.ws.soap.server.endpoint.SimpleSoapExceptionResolver is the simplest implementation of ExceptionResolver interface and creates a SOAP 1.1 Server or SOAP 1.2 Receiver Fault, and uses the exception message as the fault string. The class org.springframework.ws.soap.server.endpoint.SoapFaultMappingExceptionResolver is a more sophisticated implementation. This resolver enables you to take the class name of any exception that might be thrown and map it to a SOAP Fault. Listing 16-15 shows configuring SoapFaultMappingExceptionResolver in Spring configuration.

Listing 16-15. Configuring SoapFaultMappingExceptionResolver in Spring configuration file

Securing Spring WS

Spring WS has built-in support for WS-Security. It supports all security features like authentication (is the caller authorized to use the service?), digital signing (caller is who he says?) and encryption/decryption (protect sensitive information). Implementing security is as simple as declaring appropriate interceptors in the Spring configuration file. There are two interceptors which need mention, they are as summarized below:

  • org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor – it is based on Sun XML and Web Services Security package (XWSS) and requires JDK 1.4+.
  • org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor – based on Apache WSS4J.

The various configuration steps in server side can be summarized as below:

  1. Add filters/interceptors to the EndpointMapping declared in earlier section.Listing 16-16 shows this declaration.

Listing 16-16. Declaring filters/interceptors in EndpointMapping

  1. Define the interceptor defined in the previous step in the Spring configuration file as shown in Listing 16-17 below. We are using Wss4jSecurityInterceptor in our configuration and to make it more complicated we will be using encryption with keystore, certificate and private key. I know its too complicated using this, but I thought this will be the case in new generation application requiring more secure web services.

Listing 16-17. Define the WS security interceptor

The various configuration steps in client side can be summarized as below:

  1. In the WebserviceTemplate configuration add the interceptors as shown in Listing 16-18 below.

Listing 16-18. Adding interceptors to WebserviceTemplate bean configuration

  1. Declare the interceptor configured in previous step as shown in Listing 16-19 below. Since we have declared encryption in the server side, we will incorporate the same encryption in the client-side as well.

Listing 16-19. Configuring interceptor in the client side in the Spring configuration file

Without any Java code change and by mere change in the Spring configuration we achieved security in the already configured web service.

Page Visitors: 11225

The following two tabs change content below.
Tomcy John

Tomcy John

Blogger & Author at javacodebook
He is an Enterprise Java Specialist holding a degree in Engineering (B-Tech) with over 10 years of experience in several industries. He's currently working as Principal Architect at Emirates Group IT since 2005. Prior to this he has worked with Oracle Corporation and Ernst & Young. His main specialization is on various web technologies and acts as chief mentor and Architect to facilitate incorporating Spring as Corporate Standard in the organization.
Tomcy John

Latest posts by Tomcy John (see all)

Leave a Reply

Your email address will not be published. Required fields are marked *