You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Raf177 <ra...@gmail.com> on 2008/10/23 16:34:32 UTC
How to force WS clients using IssuerSerial, and not DirectReference
?
My CXF WS implementation (2.1.1) accept both IssuerSerial et DirectReference
signing methods. I want to force WS clients using IssuerSerial, and not
DirectReference. How can I do this ? I haven't seen anything in CXF docs.
Here is my WS conf, using Spring :
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jaxws="http://cxf.apache.org/jaxws"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">
<import resource="classpath:META-INF/cxf/cxf.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
<import resource="classpath:META-INF/cxf/cxf-servlet.xml" />
<jaxws:endpoint id="patrimoine"
implementor="com.xxx.soa.service.PatrimoineImpl"
address="/Patrimoine">
<jaxws:outInterceptors>
<bean
class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />
<bean
class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<constructor-arg>
<map>
<!-- Le message sortant va etre signe -->
<entry key="action" value="Signature" />
<!-- Fichier contenant les proprietes telles que les mots de passe
ou le chemin vers le keystore -->
<entry key="signaturePropFile"
value="service.properties" />
<!-- Le certificat du service est envoye dans la reponse SOAP
systematiquement. Pour plus de detail, voir
http://ws.apache.org/wss4j/cert.html -->
<entry key="signatureKeyIdentifier"
value="DirectReference" />
<!-- Classe traitant le mot de passe -->
<entry key="passwordCallbackClass"
value="com.xxx.soa.handler.PasswordHandler" />
<!-- Nom de l'alias du certificat utilise pour signer la reponse -->
<entry key="user" value="contrat" />
</map>
</constructor-arg>
</bean>
</jaxws:outInterceptors>
<jaxws:outFaultInterceptors>
<bean
class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" />
<bean
class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<constructor-arg>
<map>
<!-- Le message sortant va etre signe -->
<entry key="action" value="Signature" />
<!-- Fichier contenant les proprietes telles que les mots de passe
ou le chemin vers le keystore -->
<entry key="signaturePropFile"
value="service.properties" />
<!-- Le certificat du service est envoye dans la reponse SOAP
systematiquement. Pour plus de detail, voir
http://ws.apache.org/wss4j/cert.html -->
<entry key="signatureKeyIdentifier"
value="DirectReference" />
<!-- Classe traitant le mot de passe -->
<entry key="passwordCallbackClass"
value="com.xxx.soa.handler.PasswordHandler" />
<!-- Nom de l'alias du certificat utilise pour signer la reponse -->
<entry key="user" value="contrat" />
</map>
</constructor-arg>
</bean>
</jaxws:outFaultInterceptors>
<jaxws:inInterceptors>
<bean
class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
<bean
class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
<map>
<entry key="action" value="Signature" />
<entry key="signaturePropFile"
value="service.properties" />
<entry key="signatureKeyIdentifier"
value="IssuerSerial"/>
<entry key="passwordCallbackClass"
value="com.xxx.soa.handler.PasswordHandler" />
</map>
</constructor-arg>
</bean>
</jaxws:inInterceptors>
</jaxws:endpoint>
</beans>
Thank you for your aid.
Raphael.
--
View this message in context: http://www.nabble.com/How-to-force-WS-clients-using-IssuerSerial%2C-and-not-DirectReference---tp20132286p20132286.html
Sent from the cxf-user mailing list archive at Nabble.com.