Configuring SOAP Client for Spring WS

This tutorial shows the way internet banking (or other similar application) developers integrate with PowerAuth Server using a SOAP service client.

Prerequisites For the Tutorial

  • Running PowerAuth Server with available SOAP interface.
  • Knowledge of Java EE applications based on Spring Framework.
  • Software: IDE - Spring Tool Suite, Java EE Application Server (Pivotal Server, Tomcat, …)

Integration Manual

Add a Maven Dependency

To add a PowerAuth SOAP service client support in your application, add Maven dependency for PowerAuth RESTful Client module in your pom.xml file:

<dependency>
    <groupId>io.getlime.security</groupId>
    <artifactId>powerauth-java-client-spring</artifactId>
    <version>${powerauth.version}</version>
</dependency>

Configure PowerAuth SOAP Service Client

In order to connect to the correct PowerAuth Server, you need to add following configuration:

@Configuration
@ComponentScan(basePackages = {"io.getlime.security.powerauth"})
public class PowerAuthWebServiceConfiguration {

    @Value("${powerauth.service.url}")
    private String powerAuthServiceUrl;

    @Bean
    public Jaxb2Marshaller marshaller() {
        Jaxb2Marshaller marshaller = new Jaxb2Marshaller();
        marshaller.setContextPath("io.getlime.powerauth.soap.v3");
        return marshaller;
    }

    @Bean
    public PowerAuthServiceClient powerAuthClient(Jaxb2Marshaller marshaller) {
        PowerAuthServiceClient client = new PowerAuthServiceClient();
        client.setDefaultUri(powerAuthServiceUrl);
        client.setMarshaller(marshaller);
        client.setUnmarshaller(marshaller);
        return client;
    }
}

Note: The v3 endpoints provide the most current implementation of PowerAuth cryptography protocol. If you still need to use the v2 endpoints, include the v2 context path for the Marshaller:

marshaller.setContextPaths("io.getlime.powerauth.soap.v2", "io.getlime.powerauth.soap.v3");

Setting Up Credentials

(optional) In case PowerAuth Server uses a restricted access flag in the server configuration, you need to configure credentials for the WS-Security so that your client can connect to the SOAP service - modify your PowerAuthWebServiceConfiguration to include Wss4jSecurityInterceptor bean, like so:

@Value("${powerauth.service.security.clientToken}")
private String clientToken;

@Value("${powerauth.service.security.clientSecret}")
private String clientSecret;

@Bean
public Wss4jSecurityInterceptor securityInterceptor(){
    Wss4jSecurityInterceptor wss4jSecurityInterceptor = new Wss4jSecurityInterceptor();
    wss4jSecurityInterceptor.setSecurementActions("UsernameToken");
    wss4jSecurityInterceptor.setSecurementUsername(clientToken);
    wss4jSecurityInterceptor.setSecurementPassword(clientSecret);
    wss4jSecurityInterceptor.setSecurementPasswordType(WSConstants.PW_TEXT);
    return wss4jSecurityInterceptor;
}

// ...

@Bean
public PowerAuthServiceClient powerAuthClient(Jaxb2Marshaller marshaller) {
    PowerAuthServiceClient client = new PowerAuthServiceClient();
    client.setDefaultUri(powerAuthServiceUrl);
    client.setMarshaller(marshaller);
    client.setUnmarshaller(marshaller);

    // ****
    // HERE ==> Add interceptors for the security
    // ****
    ClientInterceptor interceptor = securityInterceptor();
    client.setInterceptors(new ClientInterceptor[] { interceptor });
    return client;
}

Note: Make sure to use WSS4J, not WSS4J2 - this newer implementation still has couple serious issues.

Note: For SOAP interface, PowerAuth Server uses WS-Security, UsernameToken validation (plain text password). The RESTful interface is secured using Basic HTTP Authentication (pre-emptive).

Using the PowerAuth SOAP Client

In order to use a PowerAuthServiceClient instance, you can easily @Autowire it in your class, for example in your Spring MVC @Controller, like this:

@Controller
@RequestMapping(value = "ib/settings")
public class AuthenticationController {

    @Autowired
    private PowerAuthServiceClient powerAuthServiceClient;

    // ... Controller code

}

PowerAuth Protocol Compatibility

The SOAP client supports two versions of PowerAuth protocol:

  • The version 3 methods are available as default implementation directly on the client class.
  • You can access the version 2 specific methods using the v2() method in the client. This method will be deprecated in a future release.

You can access the WSDL files in following URLs:

  • version 3: http://localhost:8080/powerauth-java-server/soap/serviceV3.wsdl
  • version 2: http://localhost:8080/powerauth-java-server/soap/serviceV2.wsdl

Using the SOAP Service Client

In order to use SOAP service client, follow our generic SOAP client service documentation and read the reference manual.