-
Notifications
You must be signed in to change notification settings - Fork 11
Configuring SOAP Client for Spring
PowerAuth Server documentation has been moved to: https://developers.wultra.com/docs/develop/powerauth-server/Configuring-SOAP-Client-for-Spring
Please use the new developer portal to access documentation.
This tutorial shows the way internet banking (or other similar application) developers integrate with PowerAuth Server using a SOAP service client.
- Running PowerAuth Server with available SOAP interface.
- Knowledge of Java EE applications based on Spring Framework.
- Software: IDE - Spring Tool Suite, Java EE Application Server (Pivotal Server, Tomcat, ...)
To add a PowerAuth SOAP service client support in your application, add Maven dependency for PowerAuth RESTful Client module in your pom.xml file:
<dependency>
<groupId>io.getlime.security</groupId>
<artifactId>powerauth-java-client-spring</artifactId>
<version>${powerauth.version}</version>
</dependency>In order to connect to the correct PowerAuth Server, you need to add following configuration:
@Configuration
@ComponentScan(basePackages = {"io.getlime.security.powerauth"})
public class PowerAuthWebServiceConfiguration {
@Value("${powerauth.service.url}")
private String powerAuthServiceUrl;
@Bean
public Jaxb2Marshaller marshaller() {
Jaxb2Marshaller marshaller = new Jaxb2Marshaller();
marshaller.setContextPath("io.getlime.powerauth.soap");
return marshaller;
}
@Bean
public PowerAuthServiceClient powerAuthClient(Jaxb2Marshaller marshaller) {
PowerAuthServiceClient client = new PowerAuthServiceClient();
client.setDefaultUri(powerAuthServiceUrl);
client.setMarshaller(marshaller);
client.setUnmarshaller(marshaller);
return client;
}
}(optional) In case PowerAuth Server uses a restricted access flag in the server configuration, you need to configure credentials for the WS-Security so that your client can connect to the SOAP service - modify your PowerAuthWebServiceConfiguration to include Wss4jSecurityInterceptor bean, like so:
@Value("${powerauth.service.security.clientToken}")
private String clientToken;
@Value("${powerauth.service.security.clientSecret}")
private String clientSecret;
@Bean
public Wss4jSecurityInterceptor securityInterceptor(){
Wss4jSecurityInterceptor wss4jSecurityInterceptor = new Wss4jSecurityInterceptor();
wss4jSecurityInterceptor.setSecurementActions("UsernameToken");
wss4jSecurityInterceptor.setSecurementUsername(clientToken);
wss4jSecurityInterceptor.setSecurementPassword(clientSecret);
wss4jSecurityInterceptor.setSecurementPasswordType(WSConstants.PW_TEXT);
return wss4jSecurityInterceptor;
}
// ...
@Bean
public PowerAuthServiceClient powerAuthClient(Jaxb2Marshaller marshaller) {
PowerAuthServiceClient client = new PowerAuthServiceClient();
client.setDefaultUri(powerAuthServiceUrl);
client.setMarshaller(marshaller);
client.setUnmarshaller(marshaller);
// ****
// HERE ==> Add interceptors for the security
// ****
ClientInterceptor interceptor = securityInterceptor();
client.setInterceptors(new ClientInterceptor[] { interceptor });
return client;
}Note: Make sure to use WSS4J, not WSS4J2 - this newer implementation still has couple serious issues.
Note: For SOAP interface, PowerAuth Server uses WS-Security, UsernameToken validation (plain text password). The RESTful interface is secured using Basic HTTP Authentication (pre-emptive).
In order to use a PowerAuthServiceClient instance, you can easily @Autowire it in your class, for example in your Spring MVC @Controller, like this:
@Controller
@RequestMapping(value = "ib/settings")
public class AuthenticationController {
@Autowired
private PowerAuthServiceClient powerAuthServiceClient;
// ... Controller code
}In order to use SOAP service client, follow our generic SOAP client service documentation and read the reference manual.
If you need any assistance, do not hesitate to drop us a line at [email protected].
Deployment Tutorials
Integration Tutorials
Reference Manual
Additional Topics