On Wed May 20 2009 9:32:34 am Tom wrote: > AFAIK you do not add a certificate to the request, the request only is > signed. Certificates are added to the keystores on each side, so the > signature can be created / verified.
Not ALWAYS true. If the WS-SecurityPolicy specifies an KeyValueToken as a token type, then the Security engine would output an RSAKeyValue key in the security header which WOULD be the full key. That key can then be used to sign the message, encrypt, etc.... Not really "secure", but useful for an endorsing mechanism. On the receiving side, you WOULD need to write a callback handler to validate the key. By default, WSS4J will reject the key as it won't know whether to trust it or not. Dan > > Tom > > Michael Szalay wrote: > > Thanks for the link. But the document describes the signing of the > > request, not adding a certificate to the http request for mutual > > authentication, right? > > > > Regards > > > > Michael > > > > -----Ursprüngliche Nachricht----- > > Von: Glen Mazza [mailto:[email protected]] > > Gesendet: Mittwoch, 20. Mai 2009 15:19 > > An: [email protected] > > Betreff: Re: Send X509Certificate with request > > > > > > > > http://www.jroller.com/gmazza/entry/implementing_ws_security_with_the ? > > > > HTH, > > Glen > > > > mszalay wrote: > >> Hi all > >> > >> I have a question using Apache CXF as a client for a web service. > >> I would like to send a certificate within the request for mutual > >> authentication. > >> > >> How can I programmatically add a certificate to the request? > >> I looked for a method like TLSClientParameters.addCertificate but > >> I have not found somehing like that. > >> > >> Regards > >> > >> Michael -- Daniel Kulp [email protected] http://www.dankulp.com/blog
