You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Manfred Dohmen <ma...@gmail.com> on 2014/10/31 10:53:59 UTC
WS-Security: dynamically choose key for response signature
Hello,
is there an (easy) way to dynamically choose a key/certificate that shall
be used with CXF/WSS4J to sign the response to a SOAP request?
Our service runs in an application where we configure explicitly
ws-security.signature.crypto with an instance of
org.apache.ws.security.components.crypto.Crypto. For now we choose the
key by the setting
org.apache.ws.security.crypto.merlin.keystore.alias.
Can we hook into CXF's chains or implement some factory?
Thanks,
Manfred
Re: WS-Security: dynamically choose key for response signature
Posted by Colm O hEigeartaigh <co...@apache.org>.
There is no built in way to do this. I guess you will have to implement
your own variant of Merlin + plug this in instead. Alternatively, you could
write a CXF interceptor that sets the appropriate property for the user key
alias depending on the client message.
Colm.
On Fri, Oct 31, 2014 at 9:53 AM, Manfred Dohmen <ma...@gmail.com>
wrote:
> Hello,
>
> is there an (easy) way to dynamically choose a key/certificate that shall
> be used with CXF/WSS4J to sign the response to a SOAP request?
>
> Our service runs in an application where we configure explicitly
> ws-security.signature.crypto with an instance of
> org.apache.ws.security.components.crypto.Crypto. For now we choose the
> key by the setting
> org.apache.ws.security.crypto.merlin.keystore.alias.
>
> Can we hook into CXF's chains or implement some factory?
>
> Thanks,
> Manfred
>
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
RE: WS-Security: dynamically choose key for response signature
Posted by Andrei Shakirin <as...@talend.com>.
Hi,
To choose certificates you can also use XKMS service: http://cxf.apache.org/docs/xml-key-management-service-xkms.html .
It is implemented through the custom Crypto provider as well.
Regards,
Andrei.
> -----Original Message-----
> From: Manfred Dohmen [mailto:manfred.dohmen@gmail.com]
> Sent: Freitag, 31. Oktober 2014 10:54
> To: users@cxf.apache.org
> Subject: WS-Security: dynamically choose key for response signature
>
> Hello,
>
> is there an (easy) way to dynamically choose a key/certificate that shall be used
> with CXF/WSS4J to sign the response to a SOAP request?
>
> Our service runs in an application where we configure explicitly ws-
> security.signature.crypto with an instance of
> org.apache.ws.security.components.crypto.Crypto. For now we choose the key
> by the setting org.apache.ws.security.crypto.merlin.keystore.alias.
>
> Can we hook into CXF's chains or implement some factory?
>
> Thanks,
> Manfred
>
>