To my knowledge, there isn't, no, and this is a very compelling use
case.
I'd suggest doing this programatically through a collection of
interceptors, one which places the client's public key on the
Exchange after the inbound interceptor has consumed the message, and
another that programatically configures the OutInterceptor on the
outbound response interceptor chain, using the key you've placed on
the exchange.
The wrinkle in all of this is that CXF uses WSS4J, which IMO is
pretty limited in its ability to configure keys. Worse, CXF uses the
WSS4J Handler architecture, which makes invalid assumptions about
keys are retrieved.
So I guess I'm saying I don't know how feasible my proposal is, but
it's the avenue of investigation I'd start with, if I were to do what
you are trying to do. (And I've considered it as a possibility)
Hope that helps more than it discourages you!
-Fred
On Dec 15, 2007, at 11:57 AM, Olivier OTTAVI wrote:
Hi,
I have a server with WS-Security enabled on WSS4J, in order to handle
signature and encryption of the soap message.
The client encrypt the soap message with server public key, and
sign it
with its private key. The server validate signature with public
client key
and decrypt it with its private key.
Then the response is sent to the client - signed by the private
server key
and encrypted with the client public key.
It works well, but the only thing that bother me, is that the server
encryption has to be done by setting up the "encryption user"
property with
the client name. Since this name is changing for each request, I
don't know
where to put this information. I would like to have the public key
of the
client that signed the request directly used to encrypt the
response, is
there a simple way to achieve this behavior ?
Thanks
