You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2016/10/11 16:51:20 UTC
[jira] [Commented] (CXF-7086) Dynamically load signature validation
keys using KeyName
[ https://issues.apache.org/jira/browse/CXF-7086?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15565958#comment-15565958 ]
ASF GitHub Bot commented on CXF-7086:
-------------------------------------
GitHub user spark404 opened a pull request:
https://github.com/apache/cxf/pull/177
CXF-7086 Add a Map with KeyNames and aliases to configure xmlsec
This patch is related to https://github.com/apache/santuario-java/pull/8
The goal is to have a solution where the "user" of the XmlSecInInterceptor can specify a map of KeyNames and the keystore aliases that contain the keys to use during the signature validation.
(and possibly also decryption, but that i haven't looked at yet)
Looking for feedback
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/spark404/cxf CXF-7086
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/cxf/pull/177.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #177
----
commit c297508e7e3b4e69c0824a6faa846ab1e54cd9b1
Author: Hugo Trippaers <ht...@schubergphilis.com>
Date: 2016-10-11T14:52:42Z
CXF-7084 Add a configurable KeyName value using the properties
commit 2562213e6c8710201a70e9dd40374af5521a9607
Author: Hugo Trippaers <ht...@schubergphilis.com>
Date: 2016-10-11T16:45:02Z
CXF-7086 Use a map of KeyName and aliases to fill the KeyName lookup map in the XMLSecurityProperties
----
> Dynamically load signature validation keys using KeyName
> --------------------------------------------------------
>
> Key: CXF-7086
> URL: https://issues.apache.org/jira/browse/CXF-7086
> Project: CXF
> Issue Type: New Feature
> Components: JAX-RS Security
> Reporter: Hugo Trippaers
> Priority: Minor
>
> The current implementation of handling incoming messages with a KeyName identifier is to rely on a single "default" key. The SignatureValidationKey. However it is possible to have multiple different KeyNames and the expected behaviour is to select the right certificate based on the KeyName.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)