You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by Manfred Dohmen <ma...@gmail.com> on 2014/10/31 10:53:59 UTC

WS-Security: dynamically choose key for response signature

Hello,

is there an (easy) way to dynamically choose a key/certificate that shall 
be used with CXF/WSS4J to sign the response to a SOAP request?

Our service runs in an application where we configure explicitly 
ws-security.signature.crypto with an instance of
org.apache.ws.security.components.crypto.Crypto. For now we choose the 
key by the setting
org.apache.ws.security.crypto.merlin.keystore.alias.

Can we hook into CXF's chains or implement some factory?

Thanks,
Manfred

Re: WS-Security: dynamically choose key for response signature

Posted by Colm O hEigeartaigh <co...@apache.org>.

There is no built in way to do this. I guess you will have to implement
your own variant of Merlin + plug this in instead. Alternatively, you could
write a CXF interceptor that sets the appropriate property for the user key
alias depending on the client message.

Colm.

On Fri, Oct 31, 2014 at 9:53 AM, Manfred Dohmen <ma...@gmail.com>
wrote:

> Hello,
>
> is there an (easy) way to dynamically choose a key/certificate that shall
> be used with CXF/WSS4J to sign the response to a SOAP request?
>
> Our service runs in an application where we configure explicitly
> ws-security.signature.crypto with an instance of
> org.apache.ws.security.components.crypto.Crypto. For now we choose the
> key by the setting
> org.apache.ws.security.crypto.merlin.keystore.alias.
>
> Can we hook into CXF's chains or implement some factory?
>
> Thanks,
> Manfred
>
>
>
>

-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

RE: WS-Security: dynamically choose key for response signature

Posted by Andrei Shakirin <as...@talend.com>.

Hi,

To choose certificates you can also use XKMS service: http://cxf.apache.org/docs/xml-key-management-service-xkms.html .
It is implemented through the custom Crypto provider as well.

Regards,
Andrei.

> -----Original Message-----
> From: Manfred Dohmen [mailto:manfred.dohmen@gmail.com]
> Sent: Freitag, 31. Oktober 2014 10:54
> To: users@cxf.apache.org
> Subject: WS-Security: dynamically choose key for response signature
> 
> Hello,
> 
> is there an (easy) way to dynamically choose a key/certificate that shall be used
> with CXF/WSS4J to sign the response to a SOAP request?
> 
> Our service runs in an application where we configure explicitly ws-
> security.signature.crypto with an instance of
> org.apache.ws.security.components.crypto.Crypto. For now we choose the key
> by the setting org.apache.ws.security.crypto.merlin.keystore.alias.
> 
> Can we hook into CXF's chains or implement some factory?
> 
> Thanks,
> Manfred
> 
>