My CXF WS implementation (2.1.1) accept both IssuerSerial et DirectReference signing methods. I want to force WS clients using IssuerSerial, and not DirectReference. How can I do this ? I haven't seen anything in CXF docs.
Here is my WS conf, using Spring : <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:jaxws="http://cxf.apache.org/jaxws"; xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd";> <import resource="classpath:META-INF/cxf/cxf.xml" /> <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" /> <import resource="classpath:META-INF/cxf/cxf-servlet.xml" /> <jaxws:endpoint id="patrimoine" implementor="com.xxx.soa.service.PatrimoineImpl" address="/Patrimoine"> <jaxws:outInterceptors> <bean class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" /> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"> <constructor-arg> <map> <!-- Le message sortant va etre signe --> <entry key="action" value="Signature" /> <!-- Fichier contenant les proprietes telles que les mots de passe ou le chemin vers le keystore --> <entry key="signaturePropFile" value="service.properties" /> <!-- Le certificat du service est envoye dans la reponse SOAP systematiquement. Pour plus de detail, voir http://ws.apache.org/wss4j/cert.html --> <entry key="signatureKeyIdentifier" value="DirectReference" /> <!-- Classe traitant le mot de passe --> <entry key="passwordCallbackClass" value="com.xxx.soa.handler.PasswordHandler" /> <!-- Nom de l'alias du certificat utilise pour signer la reponse --> <entry key="user" value="contrat" /> </map> </constructor-arg> </bean> </jaxws:outInterceptors> <jaxws:outFaultInterceptors> <bean class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" /> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"> <constructor-arg> <map> <!-- Le message sortant va etre signe --> <entry key="action" value="Signature" /> <!-- Fichier contenant les proprietes telles que les mots de passe ou le chemin vers le keystore --> <entry key="signaturePropFile" value="service.properties" /> <!-- Le certificat du service est envoye dans la reponse SOAP systematiquement. Pour plus de detail, voir http://ws.apache.org/wss4j/cert.html --> <entry key="signatureKeyIdentifier" value="DirectReference" /> <!-- Classe traitant le mot de passe --> <entry key="passwordCallbackClass" value="com.xxx.soa.handler.PasswordHandler" /> <!-- Nom de l'alias du certificat utilise pour signer la reponse --> <entry key="user" value="contrat" /> </map> </constructor-arg> </bean> </jaxws:outFaultInterceptors> <jaxws:inInterceptors> <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" /> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> <constructor-arg> <map> <entry key="action" value="Signature" /> <entry key="signaturePropFile" value="service.properties" /> <entry key="signatureKeyIdentifier" value="IssuerSerial"/> <entry key="passwordCallbackClass" value="com.xxx.soa.handler.PasswordHandler" /> </map> </constructor-arg> </bean> </jaxws:inInterceptors> </jaxws:endpoint> </beans> Thank you for your aid. Raphael. -- View this message in context: http://www.nabble.com/How-to-force-WS-clients-using-IssuerSerial%2C-and-not-DirectReference---tp20132286p20132286.html Sent from the cxf-user mailing list archive at Nabble.com.
