You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Andre den Hartog <ha...@gmail.com> on 2010/06/16 10:16:58 UTC
server config -- jaxws:inInterceptor or jaxws:properties?
Hi,
In the CXF manual, a config like this is used:
<jaxws:inInterceptors>
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
<map>
<entry key="action" value="Signature Encrypt"/>
<entry key="signaturePropFile" value="server-certificates.properties"
/>
<entry key="decryptionPropFile" value="server-certificates.properties"
/>
<entry key="passwordCallbackRef">
<ref bean="MyPasswordCallback"/>
</entry>
</map>
</constructor-arg>
</bean>
</jaxws:inInterceptors>
However, in the IBM examples
(http://www.ibm.com/developerworks/java/library/j-jws13.html?ca=drs-) they
use:
<jaxws:properties>
<entry key="ws-security.signature.properties"
value="server-certificates.properties"/>
<entry key="ws-security.signature.username" value="someusername"/>
<entry key="ws-security.encryption.properties"
value="server-certificates.properties"/>
<entry key="ws-security.encryption.username" value="someusername"/>
<entry key="ws-security.callback-handler"
value-ref="DCMRServicesPasswordCallback" />
</jaxws:properties>
Does anyone know what the differences are, and when to use the one versus
the other?
Thanks, Andre
--
View this message in context: http://old.nabble.com/server-config----jaxws%3AinInterceptor-or-jaxws%3Aproperties--tp28900118p28900118.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: server config -- jaxws:inInterceptor or jaxws:properties?
Posted by Andre den Hartog <ha...@gmail.com>.
Hi Glen,
Thanks for the response. We are creating the webservice ourselves so the
choice is still open. We will probably use WS-SecurityPolicy since it's
usually better to define these restrictions in one place. That way it can be
used for both the server and the clients.
Thanks,
André
Glen Mazza wrote:
>
> The first example uses manual WSS4J configuration (which doesn't read a
> WSDL to determine the needed security), the second uses WS-SecurityPolicy.
> Generally, the choice is based on whether your web service provider uses
> WS:Policy security elements in its WSDL; if so use WS-SecPol configuration
> else use manual configuration.
>
> Link #8 here: http://www.jroller.com/gmazza/entry/blog_article_index has
> examples using both for both UsernameToken and X.509.
>
> HTH,
> Glen
>
>
>
> Andre den Hartog wrote:
>>
>> Hi,
>>
>> In the CXF manual, a config like this is used:
>>
>> <jaxws:inInterceptors>
>> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
>> <constructor-arg>
>> <map>
>> <entry key="action" value="Signature Encrypt"/>
>> <entry key="signaturePropFile"
>> value="server-certificates.properties" />
>> <entry key="decryptionPropFile"
>> value="server-certificates.properties" />
>> <entry key="passwordCallbackRef">
>> <ref bean="MyPasswordCallback"/>
>> </entry>
>> </map>
>> </constructor-arg>
>> </bean>
>> </jaxws:inInterceptors>
>>
>> However, in the IBM examples
>> (http://www.ibm.com/developerworks/java/library/j-jws13.html?ca=drs-)
>> they use:
>>
>> <jaxws:properties>
>> <entry key="ws-security.signature.properties"
>> value="server-certificates.properties"/>
>> <entry key="ws-security.signature.username" value="someusername"/>
>> <entry key="ws-security.encryption.properties"
>> value="server-certificates.properties"/>
>> <entry key="ws-security.encryption.username" value="someusername"/>
>> <entry key="ws-security.callback-handler"
>> value-ref="MyPasswordCallback" />
>> </jaxws:properties>
>>
>> Does anyone know what the differences are, and when to use the one versus
>> the other?
>>
>> Thanks, Andre
>>
>
>
--
View this message in context: http://old.nabble.com/server-config----jaxws%3AinInterceptor-or-jaxws%3Aproperties--tp28900118p28902218.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: server config -- jaxws:inInterceptor or jaxws:properties?
Posted by Glen Mazza <gl...@gmail.com>.
The first example uses manual WSS4J configuration (which doesn't read a WSDL
to determine the needed security), the second uses WS-SecurityPolicy.
Generally, the choice is based on whether your web service provider uses
WS:Policy security elements in its WSDL; if so use WS-SecPol configuration
else use manual configuration.
Link #8 here: http://www.jroller.com/gmazza/entry/blog_article_index has
examples using both for both UsernameToken and X.509.
HTH,
Glen
Andre den Hartog wrote:
>
> Hi,
>
> In the CXF manual, a config like this is used:
>
> <jaxws:inInterceptors>
> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
> <constructor-arg>
> <map>
> <entry key="action" value="Signature Encrypt"/>
> <entry key="signaturePropFile" value="server-certificates.properties"
> />
> <entry key="decryptionPropFile"
> value="server-certificates.properties" />
> <entry key="passwordCallbackRef">
> <ref bean="MyPasswordCallback"/>
> </entry>
> </map>
> </constructor-arg>
> </bean>
> </jaxws:inInterceptors>
>
> However, in the IBM examples
> (http://www.ibm.com/developerworks/java/library/j-jws13.html?ca=drs-) they
> use:
>
> <jaxws:properties>
> <entry key="ws-security.signature.properties"
> value="server-certificates.properties"/>
> <entry key="ws-security.signature.username" value="someusername"/>
> <entry key="ws-security.encryption.properties"
> value="server-certificates.properties"/>
> <entry key="ws-security.encryption.username" value="someusername"/>
> <entry key="ws-security.callback-handler"
> value-ref="MyPasswordCallback" />
> </jaxws:properties>
>
> Does anyone know what the differences are, and when to use the one versus
> the other?
>
> Thanks, Andre
>
--
View this message in context: http://old.nabble.com/server-config----jaxws%3AinInterceptor-or-jaxws%3Aproperties--tp28900118p28902095.html
Sent from the cxf-user mailing list archive at Nabble.com.