How about if you submit a patch then?
On Dec 15, 2007, at 7:37 PM, Olivier OTTAVI wrote:
This is pretty bad, because it is a common scenario in mutual
authentication
- the fact is also that this feature is integreted by the WSS4J
library but
only for the Axis version (WSDoAllReceiver.java) and is handled
properely
with the handleSpecialUser of the WSHandler class , nothing has
been done
inside of CXF to do integration with this feature. There is a lack of
support and integration here between CXF and WSS4J, on the specific
feature
useReqSigCert which is in my opinion very sensitive. This should
again in my
opinion clearly appear on the wiki, to avoid misschoice between
open source
webservice stacks for potential users.
On 12/15/07, Fred Dushin <[EMAIL PROTECTED]> wrote:
To my knowledge, there isn't, no, and this is a very compelling use
case.
I'd suggest doing this programatically through a collection of
interceptors, one which places the client's public key on the
Exchange after the inbound interceptor has consumed the message, and
another that programatically configures the OutInterceptor on the
outbound response interceptor chain, using the key you've placed on
the exchange.
The wrinkle in all of this is that CXF uses WSS4J, which IMO is
pretty limited in its ability to configure keys. Worse, CXF uses the
WSS4J Handler architecture, which makes invalid assumptions about
keys are retrieved.
So I guess I'm saying I don't know how feasible my proposal is, but
it's the avenue of investigation I'd start with, if I were to do what
you are trying to do. (And I've considered it as a possibility)
Hope that helps more than it discourages you!
-Fred
On Dec 15, 2007, at 11:57 AM, Olivier OTTAVI wrote:
Hi,
I have a server with WS-Security enabled on WSS4J, in order to
handle
signature and encryption of the soap message.
The client encrypt the soap message with server public key, and
sign it
with its private key. The server validate signature with public
client key
and decrypt it with its private key.
Then the response is sent to the client - signed by the private
server key
and encrypted with the client public key.
It works well, but the only thing that bother me, is that the
server
encryption has to be done by setting up the "encryption user"
property with
the client name. Since this name is changing for each request, I
don't know
where to put this information. I would like to have the public key
of the
client that signed the request directly used to encrypt the
response, is
there a simple way to achieve this behavior ?
Thanks
