You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Paul Hawley <pa...@yahoo.com> on 2012/01/06 23:59:38 UTC
Problem using WSHandlerConstants.USER
Hi -
I am working on creating a client that is trying to combine the following
two beans to make a soap header that includes a UsernameToken, Timestamp,
BinarySecurityToken, and a Signature. The beans work individually but when I
combine them and add the action for "Signature", my user key is being used
as the alias identifier to open the client's keystore. It looks like I need
two users to accomplish this. I tried "signatureUser" and it didn't seem to
make a difference.
Is this possible or am I approaching this in a wrong way? Is there a better
way to do this? I'm new at writing SOAP headers so an example on
"UsernameToken + Signature" would be appreciated!
Thanks - Paul
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"
id="TimestampSignEncrypt_Request1">
<constructor-arg>
<map>
<entry key="action" value="UsernameToken Timestamp"/>
<entry key="user" value="PRC63611.webserv"/>
<entry key="passwordCallbackClass"
value="client.ClientPasswordCallback"/>
</map>
</constructor-arg>
</bean>
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"
id="TimestampSignEncrypt_Request2">
<constructor-arg>
<map>
<entry key="action" value="Signature"/>
<entry key="user" value="myclientkey"/>
<entry key="signaturePropFile"
value="clientKeystore.properties"/>
<entry key="encryptionPropFile"
value="clientKeystore.properties"/>
<entry key="encryptionUser" value="myservicekey"/>
<entry key="passwordCallbackClass"
value="client.ClientKeystorePasswordCallback"/>
<entry key="signatureParts" value="
{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body"/>
<entry key="encryptionParts"
value="{Element}{http://www.w3.org/2000/09/xmldsig#}Signature;{Content}
{http://schemas.xmlsoap.org/soap/envelope/}Body"/>
<entry key="encryptionSymAlgorithm"
value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<entry key="signatureKeyIdentifier"
value="DirectReference"/>
</map>
</constructor-arg>
</bean>
--
View this message in context: http://cxf.547215.n5.nabble.com/Problem-using-WSHandlerConstants-USER-tp5126871p5126871.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Problem using WSHandlerConstants.USER
Posted by Paul Hawley <pa...@yahoo.com>.
Thanks Colm -
That is exactly what I was looking for!
- Paul
--
View this message in context: http://cxf.547215.n5.nabble.com/Problem-using-WSHandlerConstants-USER-tp5126871p5137182.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Problem using WSHandlerConstants.USER
Posted by Colm O hEigeartaigh <co...@apache.org>.
Hi Paul,
CXF ships with a "ut_sign" sample which combines a UsernameToken with
Signature. It's configured in code, but you could easily adapt it to
use spring instead:
http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/ws_security/ut_sign/
Colm.
On Fri, Jan 6, 2012 at 10:59 PM, Paul Hawley <pa...@yahoo.com> wrote:
> Hi -
>
> I am working on creating a client that is trying to combine the following
> two beans to make a soap header that includes a UsernameToken, Timestamp,
> BinarySecurityToken, and a Signature. The beans work individually but when I
> combine them and add the action for "Signature", my user key is being used
> as the alias identifier to open the client's keystore. It looks like I need
> two users to accomplish this. I tried "signatureUser" and it didn't seem to
> make a difference.
>
> Is this possible or am I approaching this in a wrong way? Is there a better
> way to do this? I'm new at writing SOAP headers so an example on
> "UsernameToken + Signature" would be appreciated!
>
> Thanks - Paul
>
>
> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"
> id="TimestampSignEncrypt_Request1">
> <constructor-arg>
> <map>
> <entry key="action" value="UsernameToken Timestamp"/>
> <entry key="user" value="PRC63611.webserv"/>
> <entry key="passwordCallbackClass"
> value="client.ClientPasswordCallback"/>
> </map>
> </constructor-arg>
> </bean>
>
> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"
> id="TimestampSignEncrypt_Request2">
> <constructor-arg>
> <map>
> <entry key="action" value="Signature"/>
> <entry key="user" value="myclientkey"/>
> <entry key="signaturePropFile"
> value="clientKeystore.properties"/>
> <entry key="encryptionPropFile"
> value="clientKeystore.properties"/>
> <entry key="encryptionUser" value="myservicekey"/>
> <entry key="passwordCallbackClass"
> value="client.ClientKeystorePasswordCallback"/>
> <entry key="signatureParts" value="
> {Element}{http://schemas.xmlsoap.org/soap/envelope/}Body"/>
> <entry key="encryptionParts"
> value="{Element}{http://www.w3.org/2000/09/xmldsig#}Signature;{Content}
> {http://schemas.xmlsoap.org/soap/envelope/}Body"/>
> <entry key="encryptionSymAlgorithm"
> value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
> <entry key="signatureKeyIdentifier"
> value="DirectReference"/>
> </map>
> </constructor-arg>
> </bean>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Problem-using-WSHandlerConstants-USER-tp5126871p5126871.html
> Sent from the cxf-user mailing list archive at Nabble.com.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com