[jira] [Created] (WSS-551) Property passwordEncryptorInstance is not honored

Fri, 21 Aug 2015 18:23:21 -0700 

Wladislaw Mitzel created WSS-551:
------------------------------------

             Summary: Property passwordEncryptorInstance is not honored
                 Key: WSS-551
                 URL: https://issues.apache.org/jira/browse/WSS-551
             Project: WSS4J
          Issue Type: Bug
    Affects Versions: 2.0.5
            Reporter: Wladislaw Mitzel
            Assignee: Colm O hEigeartaigh


The configuration documentation says
|| Tag name || Tag value || Tag meaning ||
| *WSS4J 2.0.0* PASSWORD_ENCRYPTOR_INSTANCE | passwordEncryptorInstance |       
A PasswordEncryptor instance used to decrypt encrypted passwords in Crypto 
properties files. The default is the JasyptPasswordEncryptor. |

When configuring a {{passwordEncryptorInstance}} for {{WSS4JOutInterceptor}} 
(line 20) the property is not honored. 
{code:xml|linenumbers=true}
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans";
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; 
xmlns:jaxws="http://cxf.apache.org/jaxws";
  xsi:schemaLocation="http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
                http://cxf.apache.org/jaxws 
http://cxf.apache.org/schemas/jaxws.xsd";>

  <jaxws:endpoint id="hello" address="/hello"
    implementor="de.wlami.wss4jexample.Service">
    <jaxws:outInterceptors>
      <bean id="TimestampSignEncrypt_Response"
        class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
        <constructor-arg>
          <map>
            <entry key="action" value="Timestamp Signature" />
            <entry key="user" value="servicekey" />
            <entry key="signaturePropFile" value="serviceKeystore.properties" />
            <entry key="encryptionPropFile" value="serviceKeystore.properties" 
/>
            <entry key="encryptionUser" value="useReqSigCert" />
            <entry key="passwordCallbackClass" 
value="de.wlami.wss4jexample.PasswordCallback" />
            <entry key="passwordEncryptorInstance" 
value-ref="customPasswordEncrypter" />
          </map>
        </constructor-arg>
      </bean>
    </jaxws:outInterceptors>
  </jaxws:endpoint>

  <bean id="customPasswordEncrypter" 
class="de.wlami.wss4jexample.CustomPasswordEncrypter"></bean>

</beans>
{code}

The only code which seems to use the documented property is located in 
{{org.apache.wss4j.stax.ConfigurationConverter.parseCrypto(Map<String, Object>, 
WSSSecurityProperties)}}. However this method is only called from test classes 
as far as i could see. Using the given configuration the default 
{{JasyptPasswordEncryptor}} is created instead of the configured class. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to