You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2012/04/29 19:15:22 UTC
svn commit: r1331954 - in /cxf/branches/2.5.x-fixes: ./
rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/
rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/
systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs...
Author: sergeyb
Date: Sun Apr 29 17:15:21 2012
New Revision: 1331954
URL: http://svn.apache.org/viewvc?rev=1331954&view=rev
Log:
Merged revisions 1331953 via svnmerge from
https://svn.apache.org/repos/asf/cxf/trunk
........
r1331953 | sergeyb | 2012-04-29 18:11:24 +0100 (Sun, 29 Apr 2012) | 1 line
[CXF-4274] Support for a useReqSigCert for encrypting the responses from JAX-RS endpoints
........
Modified:
cxf/branches/2.5.x-fixes/ (props changed)
cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java
cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java
cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java
cxf/branches/2.5.x-fixes/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
cxf/branches/2.5.x-fixes/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/server.xml
Propchange: cxf/branches/2.5.x-fixes/
------------------------------------------------------------------------------
svn:mergeinfo = /cxf/trunk:1331953
Propchange: cxf/branches/2.5.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.
Modified: cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java?rev=1331954&r1=1331953&r2=1331954&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java (original)
+++ cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/common/SecurityUtils.java Sun Apr 29 17:15:21 2012
@@ -34,6 +34,7 @@ import org.apache.cxf.common.util.Base64
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSecurityException;
@@ -45,11 +46,21 @@ public final class SecurityUtils {
public static final String X509_KEY = "X509_KEY";
public static final String X509_ISSUER_SERIAL = "X509_ISSUER_SERIAL";
+ public static final String USE_REQUEST_SIGNATURE_CERT = "useReqSigCert";
private SecurityUtils() {
}
+ public static boolean isSignedAndEncryptedTwoWay(Message m) {
+ Message outMessage = m.getExchange().getOutMessage();
+ Message requestMessage = outMessage != null && MessageUtils.isRequestor(outMessage)
+ ? outMessage : m;
+ return "POST".equals((String)requestMessage.get(Message.HTTP_REQUEST_METHOD))
+ && m.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES) != null
+ && m.getContextualProperty(SecurityConstants.SIGNATURE_PROPERTIES) != null;
+ }
+
public static X509Certificate loadX509Certificate(Crypto crypto, Element certNode)
throws Exception {
String base64Value = certNode.getTextContent().trim();
@@ -90,14 +101,18 @@ public final class SecurityUtils {
public static String getUserName(Message message, Crypto crypto, String userNameKey) {
String user = (String)message.getContextualProperty(userNameKey);
- if (crypto != null && StringUtils.isEmpty(user)) {
+ return getUserName(crypto, user);
+ }
+
+ public static String getUserName(Crypto crypto, String userName) {
+ if (crypto != null && StringUtils.isEmpty(userName)) {
try {
- user = crypto.getDefaultX509Identifier();
+ userName = crypto.getDefaultX509Identifier();
} catch (WSSecurityException e1) {
throw new Fault(e1);
}
}
- return user;
+ return userName;
}
public static String getPassword(Message message, String userName,
Modified: cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java?rev=1331954&r1=1331953&r2=1331954&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java (original)
+++ cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java Sun Apr 29 17:15:21 2012
@@ -87,11 +87,20 @@ public abstract class AbstractXmlEncInHa
// Subclasses can overwrite it and return the bytes, assuming they know the actual key
protected byte[] getSymmetricKeyBytes(Message message, Element encDataElement) {
+
+ String cryptoKey = null;
+ String propKey = null;
+ if (SecurityUtils.isSignedAndEncryptedTwoWay(message)) {
+ cryptoKey = SecurityConstants.SIGNATURE_CRYPTO;
+ propKey = SecurityConstants.SIGNATURE_PROPERTIES;
+ } else {
+ cryptoKey = SecurityConstants.ENCRYPT_CRYPTO;
+ propKey = SecurityConstants.ENCRYPT_PROPERTIES;
+ }
+
Crypto crypto = null;
try {
- crypto = new CryptoLoader().getCrypto(message,
- SecurityConstants.ENCRYPT_CRYPTO,
- SecurityConstants.ENCRYPT_PROPERTIES);
+ crypto = new CryptoLoader().getCrypto(message, cryptoKey, propKey);
} catch (Exception ex) {
throwFault("Crypto can not be loaded", ex);
}
Modified: cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java?rev=1331954&r1=1331953&r2=1331954&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java (original)
+++ cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java Sun Apr 29 17:15:21 2012
@@ -32,6 +32,7 @@ import org.w3c.dom.Node;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.rs.security.common.CryptoLoader;
+import org.apache.cxf.rs.security.common.SecurityUtils;
import org.apache.cxf.rs.security.common.TrustValidator;
import org.apache.cxf.staxutils.W3CDOMStreamReader;
import org.apache.cxf.ws.security.SecurityConstants;
@@ -71,17 +72,20 @@ public class AbstractXmlSigInHandler ext
throwFault("XML Signature is not available", null);
}
+ String cryptoKey = null;
+ String propKey = null;
+ if (SecurityUtils.isSignedAndEncryptedTwoWay(message)) {
+ cryptoKey = SecurityConstants.ENCRYPT_CRYPTO;
+ propKey = SecurityConstants.ENCRYPT_PROPERTIES;
+ } else {
+ cryptoKey = SecurityConstants.SIGNATURE_CRYPTO;
+ propKey = SecurityConstants.SIGNATURE_PROPERTIES;
+ }
+
Crypto crypto = null;
try {
CryptoLoader loader = new CryptoLoader();
- crypto = loader.getCrypto(message,
- SecurityConstants.SIGNATURE_CRYPTO,
- SecurityConstants.SIGNATURE_PROPERTIES);
- if (crypto == null) {
- crypto = loader.getCrypto(message,
- SecurityConstants.ENCRYPT_CRYPTO,
- SecurityConstants.ENCRYPT_PROPERTIES);
- }
+ crypto = loader.getCrypto(message, cryptoKey, propKey);
} catch (Exception ex) {
throwFault("Crypto can not be loaded", ex);
}
Modified: cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java?rev=1331954&r1=1331953&r2=1331954&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java (original)
+++ cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java Sun Apr 29 17:15:21 2012
@@ -40,6 +40,7 @@ import org.apache.cxf.common.util.Base64
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.rs.security.common.CryptoLoader;
import org.apache.cxf.rs.security.common.SecurityUtils;
import org.apache.cxf.ws.security.SecurityConstants;
@@ -53,6 +54,7 @@ import org.apache.ws.security.util.UUIDG
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.encryption.XMLCipher;
+import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.utils.EncryptionConstants;
public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor {
@@ -106,20 +108,34 @@ public class XmlEncOutInterceptor extend
Document encryptedDataDoc = DOMUtils.createDocument();
Element encryptedDataElement = createEncryptedDataElement(encryptedDataDoc);
if (encryptSymmetricKey) {
- CryptoLoader loader = new CryptoLoader();
- Crypto crypto = loader.getCrypto(message,
- SecurityConstants.ENCRYPT_CRYPTO,
- SecurityConstants.ENCRYPT_PROPERTIES);
+ X509Certificate receiverCert = null;
- String user =
- SecurityUtils.getUserName(message, crypto, SecurityConstants.ENCRYPT_USERNAME);
- if (StringUtils.isEmpty(user)) {
- return null;
+ String userName = (String)message.getContextualProperty(SecurityConstants.ENCRYPT_USERNAME);
+ if (userName != null
+ && SecurityUtils.USE_REQUEST_SIGNATURE_CERT.equals(userName)
+ && !MessageUtils.isRequestor(message)) {
+ XMLSignature sig = message.getExchange().getInMessage().getContent(XMLSignature.class);
+ if (sig != null) {
+ receiverCert = sig.getKeyInfo().getX509Certificate();
+ }
+ } else {
+ CryptoLoader loader = new CryptoLoader();
+ Crypto crypto = loader.getCrypto(message,
+ SecurityConstants.ENCRYPT_CRYPTO,
+ SecurityConstants.ENCRYPT_PROPERTIES);
+
+ userName = SecurityUtils.getUserName(crypto, userName);
+ if (StringUtils.isEmpty(userName)) {
+ throw new WSSecurityException("User name is not available");
+ }
+ receiverCert = getReceiverCertificateFromCrypto(crypto, userName);
+ }
+ if (receiverCert == null) {
+ throw new WSSecurityException("Receiver certificate is not available");
}
- X509Certificate cert = getReceiverCertificate(crypto, user);
- byte[] encryptedSecretKey = encryptSymmetricKey(secretKey, cert, crypto);
- addEncryptedKeyElement(encryptedDataElement, cert, encryptedSecretKey);
+ byte[] encryptedSecretKey = encryptSymmetricKey(secretKey, receiverCert);
+ addEncryptedKeyElement(encryptedDataElement, receiverCert, encryptedSecretKey);
}
// encrypt payloadDoc
@@ -150,7 +166,7 @@ public class XmlEncOutInterceptor extend
return symmetricKey.getEncoded();
}
- private X509Certificate getReceiverCertificate(Crypto crypto, String user) throws Exception {
+ private X509Certificate getReceiverCertificateFromCrypto(Crypto crypto, String user) throws Exception {
X509Certificate[] certs = SecurityUtils.getCertificates(crypto, user);
return certs[0];
}
@@ -183,8 +199,7 @@ public class XmlEncOutInterceptor extend
// Apache Security XMLCipher does not support
// Certificates for encrypting the keys
protected byte[] encryptSymmetricKey(byte[] keyBytes,
- X509Certificate remoteCert,
- Crypto crypto) throws WSSecurityException {
+ X509Certificate remoteCert) throws WSSecurityException {
Cipher cipher =
EncryptionUtils.initCipherWithCert(
keyEncAlgo, digestAlgo, Cipher.ENCRYPT_MODE, remoteCert
Modified: cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java?rev=1331954&r1=1331953&r2=1331954&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java (original)
+++ cxf/branches/2.5.x-fixes/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java Sun Apr 29 17:15:21 2012
@@ -103,16 +103,10 @@ public class XmlSigOutInterceptor extend
Crypto crypto = loader.getCrypto(message,
SecurityConstants.SIGNATURE_CRYPTO,
SecurityConstants.SIGNATURE_PROPERTIES);
- if (crypto == null) {
- crypto = loader.getCrypto(message,
- SecurityConstants.ENCRYPT_CRYPTO,
- SecurityConstants.ENCRYPT_PROPERTIES);
- userNameKey = SecurityConstants.ENCRYPT_USERNAME;
- }
String user = SecurityUtils.getUserName(message, crypto, userNameKey);
- if (StringUtils.isEmpty(user)) {
- return null;
+ if (StringUtils.isEmpty(user) || SecurityUtils.USE_REQUEST_SIGNATURE_CERT.equals(user)) {
+ throw new WSSecurityException("User name is not available");
}
String password =
Modified: cxf/branches/2.5.x-fixes/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java?rev=1331954&r1=1331953&r2=1331954&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java (original)
+++ cxf/branches/2.5.x-fixes/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java Sun Apr 29 17:15:21 2012
@@ -154,7 +154,7 @@ public class JAXRSXmlSecTest extends Abs
properties.put("ws-security.encryption.username", "bob");
properties.put("ws-security.encryption.properties",
"org/apache/cxf/systest/jaxrs/security/bob.properties");
- doTestPostEncryptedBook(address, properties);
+ doTestPostEncryptedBook(address, false, properties);
}
@Test
@@ -167,7 +167,7 @@ public class JAXRSXmlSecTest extends Abs
properties.put("ws-security.encryption.properties",
"org/apache/cxf/systest/jaxrs/security/bob.properties");
String aes128GCM = "http://www.w3.org/2009/xmlenc11#aes128-gcm";
- doTestPostEncryptedBook(address, properties, SecurityUtils.X509_KEY, aes128GCM, null);
+ doTestPostEncryptedBook(address, false, properties, SecurityUtils.X509_KEY, aes128GCM, null);
}
@Test
@@ -180,7 +180,7 @@ public class JAXRSXmlSecTest extends Abs
properties.put("ws-security.encryption.properties",
"org/apache/cxf/systest/jaxrs/security/bob.properties");
doTestPostEncryptedBook(
- address, properties, SecurityUtils.X509_KEY, XMLCipher.AES_128, XMLCipher.SHA256
+ address, false, properties, SecurityUtils.X509_KEY, XMLCipher.AES_128, XMLCipher.SHA256
);
}
@@ -194,7 +194,7 @@ public class JAXRSXmlSecTest extends Abs
properties.put("ws-security.encryption.properties",
"org/apache/cxf/systest/jaxrs/security/bob.properties");
doTestPostEncryptedBook(
- address, properties, SecurityUtils.X509_ISSUER_SERIAL, XMLCipher.AES_128, null
+ address, false, properties, SecurityUtils.X509_ISSUER_SERIAL, XMLCipher.AES_128, null
);
}
@@ -210,33 +210,34 @@ public class JAXRSXmlSecTest extends Abs
properties.put("ws-security.signature.username", "alice");
properties.put("ws-security.signature.properties",
"org/apache/cxf/systest/jaxrs/security/alice.properties");
- doTestPostEncryptedBook(address, properties);
+ doTestPostEncryptedBook(address, true, properties);
}
@Test
- //Encryption properties are shared by encryption and signature handlers
- public void testPostEncryptedSignedBookSharedProps() throws Exception {
- String address = "https://localhost:" + PORT + "/xmlsec2/bookstore/books";
+ public void testPostEncryptedSignedBookUseReqSigCert() throws Exception {
+ String address = "https://localhost:" + PORT + "/xmlsec-useReqSigCert/bookstore/books";
Map<String, Object> properties = new HashMap<String, Object>();
properties.put("ws-security.callback-handler",
"org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback");
properties.put("ws-security.encryption.username", "bob");
properties.put("ws-security.encryption.properties",
"org/apache/cxf/systest/jaxrs/security/bob.properties");
- doTestPostEncryptedBook(address, properties);
-
+ properties.put("ws-security.signature.username", "alice");
+ properties.put("ws-security.signature.properties",
+ "org/apache/cxf/systest/jaxrs/security/alice.properties");
+ doTestPostEncryptedBook(address, true, properties);
}
- public void doTestPostEncryptedBook(String address, Map<String, Object> properties)
+ public void doTestPostEncryptedBook(String address, boolean sign, Map<String, Object> properties)
throws Exception {
doTestPostEncryptedBook(
- address, properties, SecurityUtils.X509_KEY, XMLCipher.AES_128, null
+ address, sign, properties, SecurityUtils.X509_KEY, XMLCipher.AES_128, null
);
}
public void doTestPostEncryptedBook(
- String address, Map<String, Object> properties,
+ String address, boolean sign, Map<String, Object> properties,
String keyIdentifierType, String symmetricAlgorithm,
String digestAlgorithm
) throws Exception {
@@ -249,7 +250,9 @@ public class JAXRSXmlSecTest extends Abs
bean.setBus(springBus);
bean.setProperties(properties);
- bean.getOutInterceptors().add(new XmlSigOutInterceptor());
+ if (sign) {
+ bean.getOutInterceptors().add(new XmlSigOutInterceptor());
+ }
XmlEncOutInterceptor encInterceptor = new XmlEncOutInterceptor();
encInterceptor.setKeyIdentifierType(keyIdentifierType);
encInterceptor.setSymmetricEncAlgorithm(symmetricAlgorithm);
@@ -257,8 +260,13 @@ public class JAXRSXmlSecTest extends Abs
bean.getOutInterceptors().add(encInterceptor);
bean.getInInterceptors().add(new XmlEncInInterceptor());
+ if (sign) {
+ bean.getInInterceptors().add(new XmlSigInInterceptor());
+ }
+
WebClient wc = bean.createWebClient();
+ WebClient.getConfig(wc).getHttpConduit().getClient().setReceiveTimeout(10000000L);
try {
Book book = wc.post(new Book("CXF", 126L), Book.class);
assertEquals(126L, book.getId());
Modified: cxf/branches/2.5.x-fixes/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/server.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/server.xml?rev=1331954&r1=1331953&r2=1331954&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/server.xml (original)
+++ cxf/branches/2.5.x-fixes/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/server.xml Sun Apr 29 17:15:21 2012
@@ -123,22 +123,22 @@ under the License.
<ref bean="xmlSigHandler"/>
</jaxrs:providers>
<jaxrs:outInterceptors>
+ <ref bean="xmlSigOutHandler"/>
<ref bean="xmlEncOutHandler"/>
</jaxrs:outInterceptors>
<jaxrs:properties>
<entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
<entry key="ws-security.encryption.properties"
- value="org/apache/cxf/systest/jaxrs/security/bob.properties"/>
+ value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
<entry key="ws-security.signature.properties"
- value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
+ value="org/apache/cxf/systest/jaxrs/security/bob.properties"/>
</jaxrs:properties>
</jaxrs:server>
-
- <!-- Encryption properties are shared by encryption and signature handlers -->
+
<jaxrs:server
- address="https://localhost:${testutil.ports.jaxrs-xmlsec}/xmlsec2">
+ address="https://localhost:${testutil.ports.jaxrs-xmlsec}/xmlsec-useReqSigCert">
<jaxrs:serviceBeans>
<ref bean="serviceBean"/>
</jaxrs:serviceBeans>
@@ -147,15 +147,20 @@ under the License.
<ref bean="xmlSigHandler"/>
</jaxrs:providers>
<jaxrs:outInterceptors>
+ <ref bean="xmlSigOutHandler"/>
<ref bean="xmlEncOutHandler"/>
</jaxrs:outInterceptors>
<jaxrs:properties>
<entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
+ <entry key="ws-security.signature.properties"
+ value="org/apache/cxf/systest/jaxrs/security/bob.properties"/>
<entry key="ws-security.encryption.properties"
- value="org/apache/cxf/systest/jaxrs/security/bob.properties"/>
+ value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
+ <entry key="ws-security.encryption.username" value="useReqSigCert"/>
</jaxrs:properties>
</jaxrs:server>
+
</beans>