You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Ted Roeloffzen <te...@gmail.com> on 2013/05/14 14:41:56 UTC
WS-Security question
Good day all,
At this moment I'm working on a webservice-client that has to use
WS-Security, but i can't seem to figure out how configure CXF that it fills
the SOAP-header in the correct way.
We don't use Spring for the configuration, so everything has to be
configured via the API.
We need to have a timestamp, a signature and also a binary security token.
The Canonicalization-algorithm is xml-exc-c14
The signature-algorithm is RSA-SHA256
can someone point me in the right direction for this?
I've already created a WSS4JInInterceptor and a WSS4JOutInterceptor.
Both with a properties-map containing an Action = Timestap Signature,
signatureAlgorithm = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
and signatureDigestAlgorithm = "http://www.w3.org/2001/04/xmlenc#sha256"
do I need to configure anymore other than adding a certificate to the
keystore?
thanks in advance.
kind regards,
Ted
Re: WS-Security question
Posted by Colm O hEigeartaigh <co...@apache.org>.
Yes, it should be possible.
Colm.
On Wed, May 15, 2013 at 1:18 PM, Ted Roeloffzen <te...@gmail.com>wrote:
> Is it Possible to use the CertificateStore as CryptoProvider and
> instantiate that with the X509Certificate that i retreive from the
> database?
>
> Ted
>
>
> 2013/5/15 Colm O hEigeartaigh <co...@apache.org>
>
> > WSS4J uses a "Crypto" provider to retrieve certificates + private keys
> for
> > encrypting/signing etc. So to get a key from a database, you will have to
> > implement your own Crypto provider and plug it in to CXF/WSS4J.
> >
> > Colm.
> >
> >
> > On Wed, May 15, 2013 at 9:17 AM, Ted Roeloffzen <
> ted.roeloffzen@gmail.com
> > >wrote:
> >
> > > We don't have a keystore, but the certificate is persisted in a
> database.
> > > I have to retrieve it from the database and give it to cxf, but is that
> > > even possible?
> > > I can't seem to find any documentation on that
> > >
> > > best regards,
> > >
> > > Ted
> > >
> > >
> > > 2013/5/15 Ted Roeloffzen <te...@gmail.com>
> > >
> > > > Okay thanks.
> > > > This is a first step.
> > > > My problem lies in the fact that the action is not Username_token,
> but
> > > > timestap signature
> > > >
> > > > best regards,
> > > >
> > > > Ted
> > > >
> > > >
> > > > 2013/5/15 Ted <r6...@gmail.com>
> > > >
> > > >> Not sure if this is the official way or not, but this is how I do
> it :
> > > >>
> > > >> AccountWsService service = new AccountWsService("..."));
> > > >> port = service.getAccountWsPort();
> > > >>
> > > >> Client cxfClient = ClientProxy.getClient(port);
> > > >> cxfClient.getOutInterceptors().add(new
> > > >> AuthenticationOutWSS4JInterceptor(user, password));
> > > >>
> > > >> where AuthenticationOutWSS4JInterceptor looks a little like :
> > > >>
> > > >> public class AuthenticationOutWSS4JInterceptor extends
> > > >> WSS4JOutInterceptor implements CallbackHandler
> > > >> {
> > > >> private String password = null;
> > > >>
> > > >> /**
> > > >> * @param user can be userId or userName, all
> depends
> > on
> > > >> what the
> > > >> received requires
> > > >> * @param password can be password or securityToken,
> > all
> > > >> depends on
> > > >> what the received requires
> > > >> */
> > > >> public AuthenticationOutWSS4JInterceptor(Object
> user,
> > > >> String password)
> > > >> {
> > > >> this.password = password;
> > > >>
> > > >> HashMap<String, Object> properties = new
> > > >> HashMap<String, Object>();
> > > >> properties.put(WSHandlerConstants.ACTION,
> > > >> WSHandlerConstants.USERNAME_TOKEN);
> > > >> properties.put(WSHandlerConstants.USER,
> > > >> user.toString());
> > > >>
> > properties.put(WSHandlerConstants.PASSWORD_TYPE,
> > > >> WSConstants.PW_TEXT);
> > > >>
> > > >> properties.put(WSHandlerConstants.PW_CALLBACK_REF, this);
> > > >>
> > > >> setProperties(properties);
> > > >> }
> > > >>
> > > >> @Override
> > > >> public void handle(Callback[] callbacks) throws
> > > >> IOException,
> > > >> UnsupportedCallbackException
> > > >> {
> > > >> for (Callback callback : callbacks)
> > > >> {
> > > >> if (callback instanceof
> > > >> WSPasswordCallback)
> > > >> {
> > > >> WSPasswordCallback
> > > >> wsPasswordCallback = (WSPasswordCallback)callback;
> > > >>
> > > >> wsPasswordCallback.setPassword(password);
> > > >> }
> > > >> }
> > > >> }
> > > >> }
> > > >>
> > > >> On 5/14/13, Ted Roeloffzen <te...@gmail.com> wrote:
> > > >> > Good day all,
> > > >> >
> > > >> > At this moment I'm working on a webservice-client that has to use
> > > >> > WS-Security, but i can't seem to figure out how configure CXF that
> > it
> > > >> fills
> > > >> > the SOAP-header in the correct way.
> > > >> > We don't use Spring for the configuration, so everything has to be
> > > >> > configured via the API.
> > > >> >
> > > >> > We need to have a timestamp, a signature and also a binary
> security
> > > >> token.
> > > >> > The Canonicalization-algorithm is xml-exc-c14
> > > >> > The signature-algorithm is RSA-SHA256
> > > >> >
> > > >> > can someone point me in the right direction for this?
> > > >> >
> > > >> > I've already created a WSS4JInInterceptor and a
> WSS4JOutInterceptor.
> > > >> > Both with a properties-map containing an Action = Timestap
> > Signature,
> > > >> > signatureAlgorithm = "
> > > http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
> > > >> "
> > > >> > and signatureDigestAlgorithm = "
> > > http://www.w3.org/2001/04/xmlenc#sha256
> > > >> "
> > > >> >
> > > >> > do I need to configure anymore other than adding a certificate to
> > the
> > > >> > keystore?
> > > >> >
> > > >> > thanks in advance.
> > > >> >
> > > >> > kind regards,
> > > >> >
> > > >> > Ted
> > > >> >
> > > >>
> > > >>
> > > >> --
> > > >> Ted.
> > > >>
> > > >
> > > >
> > >
> >
> >
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
> >
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: WS-Security question
Posted by Ted Roeloffzen <te...@gmail.com>.
Is it Possible to use the CertificateStore as CryptoProvider and
instantiate that with the X509Certificate that i retreive from the database?
Ted
2013/5/15 Colm O hEigeartaigh <co...@apache.org>
> WSS4J uses a "Crypto" provider to retrieve certificates + private keys for
> encrypting/signing etc. So to get a key from a database, you will have to
> implement your own Crypto provider and plug it in to CXF/WSS4J.
>
> Colm.
>
>
> On Wed, May 15, 2013 at 9:17 AM, Ted Roeloffzen <ted.roeloffzen@gmail.com
> >wrote:
>
> > We don't have a keystore, but the certificate is persisted in a database.
> > I have to retrieve it from the database and give it to cxf, but is that
> > even possible?
> > I can't seem to find any documentation on that
> >
> > best regards,
> >
> > Ted
> >
> >
> > 2013/5/15 Ted Roeloffzen <te...@gmail.com>
> >
> > > Okay thanks.
> > > This is a first step.
> > > My problem lies in the fact that the action is not Username_token, but
> > > timestap signature
> > >
> > > best regards,
> > >
> > > Ted
> > >
> > >
> > > 2013/5/15 Ted <r6...@gmail.com>
> > >
> > >> Not sure if this is the official way or not, but this is how I do it :
> > >>
> > >> AccountWsService service = new AccountWsService("..."));
> > >> port = service.getAccountWsPort();
> > >>
> > >> Client cxfClient = ClientProxy.getClient(port);
> > >> cxfClient.getOutInterceptors().add(new
> > >> AuthenticationOutWSS4JInterceptor(user, password));
> > >>
> > >> where AuthenticationOutWSS4JInterceptor looks a little like :
> > >>
> > >> public class AuthenticationOutWSS4JInterceptor extends
> > >> WSS4JOutInterceptor implements CallbackHandler
> > >> {
> > >> private String password = null;
> > >>
> > >> /**
> > >> * @param user can be userId or userName, all depends
> on
> > >> what the
> > >> received requires
> > >> * @param password can be password or securityToken,
> all
> > >> depends on
> > >> what the received requires
> > >> */
> > >> public AuthenticationOutWSS4JInterceptor(Object user,
> > >> String password)
> > >> {
> > >> this.password = password;
> > >>
> > >> HashMap<String, Object> properties = new
> > >> HashMap<String, Object>();
> > >> properties.put(WSHandlerConstants.ACTION,
> > >> WSHandlerConstants.USERNAME_TOKEN);
> > >> properties.put(WSHandlerConstants.USER,
> > >> user.toString());
> > >>
> properties.put(WSHandlerConstants.PASSWORD_TYPE,
> > >> WSConstants.PW_TEXT);
> > >>
> > >> properties.put(WSHandlerConstants.PW_CALLBACK_REF, this);
> > >>
> > >> setProperties(properties);
> > >> }
> > >>
> > >> @Override
> > >> public void handle(Callback[] callbacks) throws
> > >> IOException,
> > >> UnsupportedCallbackException
> > >> {
> > >> for (Callback callback : callbacks)
> > >> {
> > >> if (callback instanceof
> > >> WSPasswordCallback)
> > >> {
> > >> WSPasswordCallback
> > >> wsPasswordCallback = (WSPasswordCallback)callback;
> > >>
> > >> wsPasswordCallback.setPassword(password);
> > >> }
> > >> }
> > >> }
> > >> }
> > >>
> > >> On 5/14/13, Ted Roeloffzen <te...@gmail.com> wrote:
> > >> > Good day all,
> > >> >
> > >> > At this moment I'm working on a webservice-client that has to use
> > >> > WS-Security, but i can't seem to figure out how configure CXF that
> it
> > >> fills
> > >> > the SOAP-header in the correct way.
> > >> > We don't use Spring for the configuration, so everything has to be
> > >> > configured via the API.
> > >> >
> > >> > We need to have a timestamp, a signature and also a binary security
> > >> token.
> > >> > The Canonicalization-algorithm is xml-exc-c14
> > >> > The signature-algorithm is RSA-SHA256
> > >> >
> > >> > can someone point me in the right direction for this?
> > >> >
> > >> > I've already created a WSS4JInInterceptor and a WSS4JOutInterceptor.
> > >> > Both with a properties-map containing an Action = Timestap
> Signature,
> > >> > signatureAlgorithm = "
> > http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
> > >> "
> > >> > and signatureDigestAlgorithm = "
> > http://www.w3.org/2001/04/xmlenc#sha256
> > >> "
> > >> >
> > >> > do I need to configure anymore other than adding a certificate to
> the
> > >> > keystore?
> > >> >
> > >> > thanks in advance.
> > >> >
> > >> > kind regards,
> > >> >
> > >> > Ted
> > >> >
> > >>
> > >>
> > >> --
> > >> Ted.
> > >>
> > >
> > >
> >
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
Re: WS-Security question
Posted by Colm O hEigeartaigh <co...@apache.org>.
WSS4J uses a "Crypto" provider to retrieve certificates + private keys for
encrypting/signing etc. So to get a key from a database, you will have to
implement your own Crypto provider and plug it in to CXF/WSS4J.
Colm.
On Wed, May 15, 2013 at 9:17 AM, Ted Roeloffzen <te...@gmail.com>wrote:
> We don't have a keystore, but the certificate is persisted in a database.
> I have to retrieve it from the database and give it to cxf, but is that
> even possible?
> I can't seem to find any documentation on that
>
> best regards,
>
> Ted
>
>
> 2013/5/15 Ted Roeloffzen <te...@gmail.com>
>
> > Okay thanks.
> > This is a first step.
> > My problem lies in the fact that the action is not Username_token, but
> > timestap signature
> >
> > best regards,
> >
> > Ted
> >
> >
> > 2013/5/15 Ted <r6...@gmail.com>
> >
> >> Not sure if this is the official way or not, but this is how I do it :
> >>
> >> AccountWsService service = new AccountWsService("..."));
> >> port = service.getAccountWsPort();
> >>
> >> Client cxfClient = ClientProxy.getClient(port);
> >> cxfClient.getOutInterceptors().add(new
> >> AuthenticationOutWSS4JInterceptor(user, password));
> >>
> >> where AuthenticationOutWSS4JInterceptor looks a little like :
> >>
> >> public class AuthenticationOutWSS4JInterceptor extends
> >> WSS4JOutInterceptor implements CallbackHandler
> >> {
> >> private String password = null;
> >>
> >> /**
> >> * @param user can be userId or userName, all depends on
> >> what the
> >> received requires
> >> * @param password can be password or securityToken, all
> >> depends on
> >> what the received requires
> >> */
> >> public AuthenticationOutWSS4JInterceptor(Object user,
> >> String password)
> >> {
> >> this.password = password;
> >>
> >> HashMap<String, Object> properties = new
> >> HashMap<String, Object>();
> >> properties.put(WSHandlerConstants.ACTION,
> >> WSHandlerConstants.USERNAME_TOKEN);
> >> properties.put(WSHandlerConstants.USER,
> >> user.toString());
> >> properties.put(WSHandlerConstants.PASSWORD_TYPE,
> >> WSConstants.PW_TEXT);
> >>
> >> properties.put(WSHandlerConstants.PW_CALLBACK_REF, this);
> >>
> >> setProperties(properties);
> >> }
> >>
> >> @Override
> >> public void handle(Callback[] callbacks) throws
> >> IOException,
> >> UnsupportedCallbackException
> >> {
> >> for (Callback callback : callbacks)
> >> {
> >> if (callback instanceof
> >> WSPasswordCallback)
> >> {
> >> WSPasswordCallback
> >> wsPasswordCallback = (WSPasswordCallback)callback;
> >>
> >> wsPasswordCallback.setPassword(password);
> >> }
> >> }
> >> }
> >> }
> >>
> >> On 5/14/13, Ted Roeloffzen <te...@gmail.com> wrote:
> >> > Good day all,
> >> >
> >> > At this moment I'm working on a webservice-client that has to use
> >> > WS-Security, but i can't seem to figure out how configure CXF that it
> >> fills
> >> > the SOAP-header in the correct way.
> >> > We don't use Spring for the configuration, so everything has to be
> >> > configured via the API.
> >> >
> >> > We need to have a timestamp, a signature and also a binary security
> >> token.
> >> > The Canonicalization-algorithm is xml-exc-c14
> >> > The signature-algorithm is RSA-SHA256
> >> >
> >> > can someone point me in the right direction for this?
> >> >
> >> > I've already created a WSS4JInInterceptor and a WSS4JOutInterceptor.
> >> > Both with a properties-map containing an Action = Timestap Signature,
> >> > signatureAlgorithm = "
> http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
> >> "
> >> > and signatureDigestAlgorithm = "
> http://www.w3.org/2001/04/xmlenc#sha256
> >> "
> >> >
> >> > do I need to configure anymore other than adding a certificate to the
> >> > keystore?
> >> >
> >> > thanks in advance.
> >> >
> >> > kind regards,
> >> >
> >> > Ted
> >> >
> >>
> >>
> >> --
> >> Ted.
> >>
> >
> >
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
RE: WS-Security question
Posted by Andrei Shakirin <as...@talend.com>.
Hi Ted,
You can find some related information in following blog: http://ashakirin.blogspot.de/2013/04/cxf-security-getting-certificates-from.html
Regards,
Andrei.
> -----Original Message-----
> From: Ted Roeloffzen [mailto:ted.roeloffzen@gmail.com]
> Sent: Mittwoch, 15. Mai 2013 10:18
> To: users
> Subject: Re: WS-Security question
>
> We don't have a keystore, but the certificate is persisted in a database.
> I have to retrieve it from the database and give it to cxf, but is that even
> possible?
> I can't seem to find any documentation on that
>
> best regards,
>
> Ted
>
>
> 2013/5/15 Ted Roeloffzen <te...@gmail.com>
>
> > Okay thanks.
> > This is a first step.
> > My problem lies in the fact that the action is not Username_token, but
> > timestap signature
> >
> > best regards,
> >
> > Ted
> >
> >
> > 2013/5/15 Ted <r6...@gmail.com>
> >
> >> Not sure if this is the official way or not, but this is how I do it :
> >>
> >> AccountWsService service = new AccountWsService("..."));
> >> port = service.getAccountWsPort();
> >>
> >> Client cxfClient = ClientProxy.getClient(port);
> >> cxfClient.getOutInterceptors().add(new
> >> AuthenticationOutWSS4JInterceptor(user, password));
> >>
> >> where AuthenticationOutWSS4JInterceptor looks a little like :
> >>
> >> public class AuthenticationOutWSS4JInterceptor extends
> >> WSS4JOutInterceptor implements CallbackHandler
> >> {
> >> private String password = null;
> >>
> >> /**
> >> * @param user can be userId or userName, all depends
> >> on what the received requires
> >> * @param password can be password or securityToken,
> >> all depends on what the received requires
> >> */
> >> public AuthenticationOutWSS4JInterceptor(Object user,
> >> String password)
> >> {
> >> this.password = password;
> >>
> >> HashMap<String, Object> properties = new
> >> HashMap<String, Object>();
> >> properties.put(WSHandlerConstants.ACTION,
> >> WSHandlerConstants.USERNAME_TOKEN);
> >> properties.put(WSHandlerConstants.USER,
> >> user.toString());
> >>
> >> properties.put(WSHandlerConstants.PASSWORD_TYPE,
> >> WSConstants.PW_TEXT);
> >>
> >> properties.put(WSHandlerConstants.PW_CALLBACK_REF, this);
> >>
> >> setProperties(properties);
> >> }
> >>
> >> @Override
> >> public void handle(Callback[] callbacks) throws
> >> IOException, UnsupportedCallbackException
> >> {
> >> for (Callback callback : callbacks)
> >> {
> >> if (callback instanceof
> >> WSPasswordCallback)
> >> {
> >> WSPasswordCallback
> >> wsPasswordCallback = (WSPasswordCallback)callback;
> >>
> >> wsPasswordCallback.setPassword(password);
> >> }
> >> }
> >> }
> >> }
> >>
> >> On 5/14/13, Ted Roeloffzen <te...@gmail.com> wrote:
> >> > Good day all,
> >> >
> >> > At this moment I'm working on a webservice-client that has to use
> >> > WS-Security, but i can't seem to figure out how configure CXF that
> >> > it
> >> fills
> >> > the SOAP-header in the correct way.
> >> > We don't use Spring for the configuration, so everything has to be
> >> > configured via the API.
> >> >
> >> > We need to have a timestamp, a signature and also a binary security
> >> token.
> >> > The Canonicalization-algorithm is xml-exc-c14 The
> >> > signature-algorithm is RSA-SHA256
> >> >
> >> > can someone point me in the right direction for this?
> >> >
> >> > I've already created a WSS4JInInterceptor and a WSS4JOutInterceptor.
> >> > Both with a properties-map containing an Action = Timestap
> >> > Signature, signatureAlgorithm =
> >> > "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
> >> "
> >> > and signatureDigestAlgorithm =
> >> > "http://www.w3.org/2001/04/xmlenc#sha256
> >> "
> >> >
> >> > do I need to configure anymore other than adding a certificate to
> >> > the keystore?
> >> >
> >> > thanks in advance.
> >> >
> >> > kind regards,
> >> >
> >> > Ted
> >> >
> >>
> >>
> >> --
> >> Ted.
> >>
> >
> >
Re: WS-Security question
Posted by Ted Roeloffzen <te...@gmail.com>.
We don't have a keystore, but the certificate is persisted in a database.
I have to retrieve it from the database and give it to cxf, but is that
even possible?
I can't seem to find any documentation on that
best regards,
Ted
2013/5/15 Ted Roeloffzen <te...@gmail.com>
> Okay thanks.
> This is a first step.
> My problem lies in the fact that the action is not Username_token, but
> timestap signature
>
> best regards,
>
> Ted
>
>
> 2013/5/15 Ted <r6...@gmail.com>
>
>> Not sure if this is the official way or not, but this is how I do it :
>>
>> AccountWsService service = new AccountWsService("..."));
>> port = service.getAccountWsPort();
>>
>> Client cxfClient = ClientProxy.getClient(port);
>> cxfClient.getOutInterceptors().add(new
>> AuthenticationOutWSS4JInterceptor(user, password));
>>
>> where AuthenticationOutWSS4JInterceptor looks a little like :
>>
>> public class AuthenticationOutWSS4JInterceptor extends
>> WSS4JOutInterceptor implements CallbackHandler
>> {
>> private String password = null;
>>
>> /**
>> * @param user can be userId or userName, all depends on
>> what the
>> received requires
>> * @param password can be password or securityToken, all
>> depends on
>> what the received requires
>> */
>> public AuthenticationOutWSS4JInterceptor(Object user,
>> String password)
>> {
>> this.password = password;
>>
>> HashMap<String, Object> properties = new
>> HashMap<String, Object>();
>> properties.put(WSHandlerConstants.ACTION,
>> WSHandlerConstants.USERNAME_TOKEN);
>> properties.put(WSHandlerConstants.USER,
>> user.toString());
>> properties.put(WSHandlerConstants.PASSWORD_TYPE,
>> WSConstants.PW_TEXT);
>>
>> properties.put(WSHandlerConstants.PW_CALLBACK_REF, this);
>>
>> setProperties(properties);
>> }
>>
>> @Override
>> public void handle(Callback[] callbacks) throws
>> IOException,
>> UnsupportedCallbackException
>> {
>> for (Callback callback : callbacks)
>> {
>> if (callback instanceof
>> WSPasswordCallback)
>> {
>> WSPasswordCallback
>> wsPasswordCallback = (WSPasswordCallback)callback;
>>
>> wsPasswordCallback.setPassword(password);
>> }
>> }
>> }
>> }
>>
>> On 5/14/13, Ted Roeloffzen <te...@gmail.com> wrote:
>> > Good day all,
>> >
>> > At this moment I'm working on a webservice-client that has to use
>> > WS-Security, but i can't seem to figure out how configure CXF that it
>> fills
>> > the SOAP-header in the correct way.
>> > We don't use Spring for the configuration, so everything has to be
>> > configured via the API.
>> >
>> > We need to have a timestamp, a signature and also a binary security
>> token.
>> > The Canonicalization-algorithm is xml-exc-c14
>> > The signature-algorithm is RSA-SHA256
>> >
>> > can someone point me in the right direction for this?
>> >
>> > I've already created a WSS4JInInterceptor and a WSS4JOutInterceptor.
>> > Both with a properties-map containing an Action = Timestap Signature,
>> > signatureAlgorithm = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
>> "
>> > and signatureDigestAlgorithm = "http://www.w3.org/2001/04/xmlenc#sha256
>> "
>> >
>> > do I need to configure anymore other than adding a certificate to the
>> > keystore?
>> >
>> > thanks in advance.
>> >
>> > kind regards,
>> >
>> > Ted
>> >
>>
>>
>> --
>> Ted.
>>
>
>
Re: WS-Security question
Posted by Ted Roeloffzen <te...@gmail.com>.
Okay thanks.
This is a first step.
My problem lies in the fact that the action is not Username_token, but
timestap signature
best regards,
Ted
2013/5/15 Ted <r6...@gmail.com>
> Not sure if this is the official way or not, but this is how I do it :
>
> AccountWsService service = new AccountWsService("..."));
> port = service.getAccountWsPort();
>
> Client cxfClient = ClientProxy.getClient(port);
> cxfClient.getOutInterceptors().add(new
> AuthenticationOutWSS4JInterceptor(user, password));
>
> where AuthenticationOutWSS4JInterceptor looks a little like :
>
> public class AuthenticationOutWSS4JInterceptor extends
> WSS4JOutInterceptor implements CallbackHandler
> {
> private String password = null;
>
> /**
> * @param user can be userId or userName, all depends on
> what the
> received requires
> * @param password can be password or securityToken, all
> depends on
> what the received requires
> */
> public AuthenticationOutWSS4JInterceptor(Object user,
> String password)
> {
> this.password = password;
>
> HashMap<String, Object> properties = new
> HashMap<String, Object>();
> properties.put(WSHandlerConstants.ACTION,
> WSHandlerConstants.USERNAME_TOKEN);
> properties.put(WSHandlerConstants.USER,
> user.toString());
> properties.put(WSHandlerConstants.PASSWORD_TYPE,
> WSConstants.PW_TEXT);
> properties.put(WSHandlerConstants.PW_CALLBACK_REF,
> this);
>
> setProperties(properties);
> }
>
> @Override
> public void handle(Callback[] callbacks) throws
> IOException,
> UnsupportedCallbackException
> {
> for (Callback callback : callbacks)
> {
> if (callback instanceof WSPasswordCallback)
> {
> WSPasswordCallback
> wsPasswordCallback = (WSPasswordCallback)callback;
>
> wsPasswordCallback.setPassword(password);
> }
> }
> }
> }
>
> On 5/14/13, Ted Roeloffzen <te...@gmail.com> wrote:
> > Good day all,
> >
> > At this moment I'm working on a webservice-client that has to use
> > WS-Security, but i can't seem to figure out how configure CXF that it
> fills
> > the SOAP-header in the correct way.
> > We don't use Spring for the configuration, so everything has to be
> > configured via the API.
> >
> > We need to have a timestamp, a signature and also a binary security
> token.
> > The Canonicalization-algorithm is xml-exc-c14
> > The signature-algorithm is RSA-SHA256
> >
> > can someone point me in the right direction for this?
> >
> > I've already created a WSS4JInInterceptor and a WSS4JOutInterceptor.
> > Both with a properties-map containing an Action = Timestap Signature,
> > signatureAlgorithm = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
> > and signatureDigestAlgorithm = "http://www.w3.org/2001/04/xmlenc#sha256"
> >
> > do I need to configure anymore other than adding a certificate to the
> > keystore?
> >
> > thanks in advance.
> >
> > kind regards,
> >
> > Ted
> >
>
>
> --
> Ted.
>
Re: WS-Security question
Posted by Ted <r6...@gmail.com>.
Not sure if this is the official way or not, but this is how I do it :
AccountWsService service = new AccountWsService("..."));
port = service.getAccountWsPort();
Client cxfClient = ClientProxy.getClient(port);
cxfClient.getOutInterceptors().add(new
AuthenticationOutWSS4JInterceptor(user, password));
where AuthenticationOutWSS4JInterceptor looks a little like :
public class AuthenticationOutWSS4JInterceptor extends
WSS4JOutInterceptor implements CallbackHandler
{
private String password = null;
/**
* @param user can be userId or userName, all depends on what the
received requires
* @param password can be password or securityToken, all depends on
what the received requires
*/
public AuthenticationOutWSS4JInterceptor(Object user, String password)
{
this.password = password;
HashMap<String, Object> properties = new HashMap<String, Object>();
properties.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
properties.put(WSHandlerConstants.USER, user.toString());
properties.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
properties.put(WSHandlerConstants.PW_CALLBACK_REF, this);
setProperties(properties);
}
@Override
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException
{
for (Callback callback : callbacks)
{
if (callback instanceof WSPasswordCallback)
{
WSPasswordCallback wsPasswordCallback = (WSPasswordCallback)callback;
wsPasswordCallback.setPassword(password);
}
}
}
}
On 5/14/13, Ted Roeloffzen <te...@gmail.com> wrote:
> Good day all,
>
> At this moment I'm working on a webservice-client that has to use
> WS-Security, but i can't seem to figure out how configure CXF that it fills
> the SOAP-header in the correct way.
> We don't use Spring for the configuration, so everything has to be
> configured via the API.
>
> We need to have a timestamp, a signature and also a binary security token.
> The Canonicalization-algorithm is xml-exc-c14
> The signature-algorithm is RSA-SHA256
>
> can someone point me in the right direction for this?
>
> I've already created a WSS4JInInterceptor and a WSS4JOutInterceptor.
> Both with a properties-map containing an Action = Timestap Signature,
> signatureAlgorithm = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
> and signatureDigestAlgorithm = "http://www.w3.org/2001/04/xmlenc#sha256"
>
> do I need to configure anymore other than adding a certificate to the
> keystore?
>
> thanks in advance.
>
> kind regards,
>
> Ted
>
--
Ted.