I am using Spring MVC 4 Rest but now as i need to consume a web service i decided to use Spring Ws with Appache Tomcat7 server and I am trying to connect to a third party that is a Bank Api I have to achieve mutual authentication that is two way SSL in order to send my Soap Requests
- If certificates are placed in the trust store and key store respectively in spring ws then while trying to connect to https server will the verification and sending certificates happen automatically?
- What are the steps or procedures to be followed to configure my Spring Ws application to consume a web service over https ?
- If verification and sending is not done automatically then how do i send and verify the certificate before sending the soap request using Spring ws?
Spring WS security provides support via WebServiceTemplate. There are two kinds of security mechanism, SUN's XML and Web Services Security(XWSS) through XwsSecurityInterceptor and Apache's WSS4J throughWss4jSecurityInterceptor. These are just extension points, so you can customize all your security needs ranging from authentication, signing, validation, encryption and decryption.
Please also check my answer regarding keystores and truststore set up to your other question.
More reading here XwsSecurityInterceptor and Wss4jSecurityInterceptor.