Hi, The short answer is that there isn't an easy way of doing this. This is because CXF follows the Basic Security Profile which says:
Any SIG_KEY_INFO MUST contain a SECURITY_TOKEN_REFERENCE child element. http://www.ws-i.org/profiles/basicsecurityprofile-1.1.html#KeyInfo You have a couple of options. One option is to upgrade WSS4J to pick up the following fix: https://issues.apache.org/jira/browse/WSS-619 I've added a test that shows how you could use this here. It requires coding configuration though rather than the spring configuration you are using: http://svn.apache.org/viewvc?view=revision&revision=1846407 The other option is to override WSSecSignature.prepare in WSS4J and implement the logic you want there. Colm. On Sun, Nov 11, 2018 at 4:19 PM dev cxf <[email protected]> wrote: > Hello Team, > > I would like to contact you about a problemI have during 2 week on > WS-SECURITY using CXF* 3.1.3* (jax-ws). > Indeed, my configuration file spring is as follows: > > *<jaxws:endpoint id="my_WS" implementor="#my_WS" address="/services" > wsdlLocation="wsdl/xxxx.wsdl"> * > * <jaxws:outInterceptors>* > * <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">* > * <constructor-arg>* > * <map>* > * <entry key="action" value="Signature" />* > * <entry key="signaturePropFile" value="security.out.properties"/>* > * <entry key="user" value="${user}"/>* > * <entry key="passwordCallbackRef">* > * <ref bean="serverPasswordCallback"/>* > * </entry>* > * <entry key="signatureKeyIdentifier" value="X509KeyIdentifier"/>* > * <entry key="signatureDigestAlgorithm" > value="http://www.w3.org/2001/04/xmlenc#sha256 > <http://www.w3.org/2001/04/xmlenc#sha256>"/>* > * <entry key="signatureAlgorithm" > value="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 > <http://www.w3.org/2001/04/xmldsig-more#rsa-sha256>"/>* > * <entry key="signatureParts" value="{Content}{}Body "/>* > * </map>* > * </constructor-arg> * > * </bean>* > * </jaxws:outInterceptors>* > * <jaxws:properties>* > * <entry key="schema-validation-enabled" value="false" />* > * <entry key="security.sts.token.usecert" value="true" />* > * </jaxws:properties>* > *</jaxws:endpoint>* > > By specifying key "*signatureKeyIdentifier*" as "*X509KeyIdentifier*" > value, I got a result at the section "keyInfo" as follows: > > *<ds: KeyInfo>* > * <wsse: SecurityTokenReference>* > * <wsse: KeyIdentifier EncodingType = "... # Base64Binary"* > * ValueType = "# ... X509v3"> MIIB ...* > * </ wsse: KeyIdentifier>* > * </ wsse: SecurityTokenReference>* > *</ ds: KeyInfo>* > > By cons, this is not the result I want, I want a result like this: > > *<ds: KeyInfo Id = "KI-ED321E02A6CAE33F8615378788884713">* > * <ds: X509Data>* > * <X509Certificate> MIICXTCCA .. </ X509Certificate>* > * </ds: X509Data>* > *</ds: KeyInfo>* > > It's been 2 weeks that I try to find a solution to this, but always in > vain. > Thank you for your help. > > Cordially, > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
