Or at least, could someone tell me how to add a custom interceptor after WSS4J interceptor to access the signing certificate of a wss signed soap message?
On Mon, Jul 18, 2011 at 1:30 PM, Jaime Hablutzel Egoavil < [email protected]> wrote: > Hi I have a web service exposed with cxf with this wsdl: > > <?xml version='1.0' encoding='UTF-8'?><wsdl: > definitions name="CXFLibraryImplService" targetNamespace=" > http://service2.ws.service.kprtech.com/"; xmlns:ns1=" > http://cxf.apache.org/bindings/xformat"; xmlns:soap=" > http://schemas.xmlsoap.org/wsdl/soap/"; xmlns:tns=" > http://service2.ws.service.kprtech.com/"; xmlns:wsdl=" > http://schemas.xmlsoap.org/wsdl/"; xmlns:xsd=" > http://www.w3.org/2001/XMLSchema";> > <wsdl:types> > <xs:schema elementFormDefault="unqualified" targetNamespace=" > http://service2.ws.service.kprtech.com/"; version="1.0" xmlns:ns1=" > http://cxf.apache.org/bindings/xformat"; xmlns:soap=" > http://schemas.xmlsoap.org/wsdl/soap/"; xmlns:tns=" > http://service2.ws.service.kprtech.com/"; xmlns:wsdl=" > http://schemas.xmlsoap.org/wsdl/"; xmlns:xs=" > http://www.w3.org/2001/XMLSchema"; xmlns:xsd=" > http://www.w3.org/2001/XMLSchema";> > <xs:element name="sayHello" type="tns:sayHello" /> > <xs:element name="sayHelloResponse" type="tns:sayHelloResponse" /> > <xs:complexType name="sayHello"> > <xs:sequence> > <xs:element minOccurs="0" name="arg0" type="xs:string" /> > </xs:sequence> > </xs:complexType> > <xs:complexType name="sayHelloResponse"> > <xs:sequence> > <xs:element minOccurs="0" name="return" type="xs:string" /> > </xs:sequence> > </xs:complexType> > </xs:schema> > </wsdl:types> > <wsdl:message name="sayHello"> > <wsdl:part element="tns:sayHello" name="parameters"> > </wsdl:part> > </wsdl:message> > <wsdl:message name="sayHelloResponse"> > <wsdl:part element="tns:sayHelloResponse" name="parameters"> > </wsdl:part> > </wsdl:message> > <wsdl:portType name="Library"> > <wsdl:operation name="sayHello"> > <wsdl:input message="tns:sayHello" name="sayHello"> > </wsdl:input> > <wsdl:output message="tns:sayHelloResponse" name="sayHelloResponse"> > </wsdl:output> > </wsdl:operation> > </wsdl:portType> > <wsdl:binding name="CXFLibraryImplServiceSoapBinding" type="tns:Library"> > <wsp:PolicyReference URI="#SignEncr" xmlns:wsp=" > http://schemas.xmlsoap.org/ws/2004/09/policy"; /> > <soap:binding style="document" transport=" > http://schemas.xmlsoap.org/soap/http"; /> > <wsdl:operation name="sayHello"> > <soap:operation soapAction="" style="document" /> > <wsdl:input name="sayHello"> > <soap:body use="literal" /> > </wsdl:input> > <wsdl:output name="sayHelloResponse"> > <soap:body use="literal" /> > </wsdl:output> > </wsdl:operation> > </wsdl:binding> > <wsdl:service name="CXFLibraryImplService"> > <wsdl:port binding="tns:CXFLibraryImplServiceSoapBinding" > name="CXFLibraryImplPort"> > <soap:address location=" > http://localhost:8888/domicilios/services/service2"; /> > </wsdl:port> > </wsdl:service> > <wsp:Policy wsu:Id="SignEncr" xmlns:wsp=" > http://schemas.xmlsoap.org/ws/2004/09/policy"; xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > "> > > <wsp:ExactlyOne> > <wsp:All> > <sp:AsymmetricBinding xmlns:sp=" > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> > <wsp:Policy> > <sp:InitiatorToken> > <wsp:Policy> > <sp:X509Token sp:IncludeToken=" > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient > "> > <wsp:Policy> > <sp:RequireThumbprintReference /> > <sp:WssX509V1Token10 /> > </wsp:Policy> > </sp:X509Token> > </wsp:Policy> > </sp:InitiatorToken> > <sp:RecipientToken> > <wsp:Policy> > <sp:X509Token sp:IncludeToken=" > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never > "> > <wsp:Policy> > <sp:RequireThumbprintReference /> > <sp:WssX509V3Token10 /> > </wsp:Policy> > </sp:X509Token> > </wsp:Policy> > </sp:RecipientToken> > <sp:AlgorithmSuite> > <wsp:Policy> > <sp:TripleDesRsa15 /> > </wsp:Policy> > </sp:AlgorithmSuite> > <sp:Layout> > <wsp:Policy> > <sp:Strict /> > </wsp:Policy> > </sp:Layout> > <sp:IncludeTimestamp /> > <sp:OnlySignEntireHeadersAndBody /> > </wsp:Policy> > </sp:AsymmetricBinding> > <sp:Wss10 xmlns:sp=" > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <wsp:Policy> > <sp:MustSupportRefKeyIdentifier /> > <sp:MustSupportRefIssuerSerial /> > </wsp:Policy> > </sp:Wss10> > <sp:SignedParts xmlns:sp=" > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> > <sp:Body /> > </sp:SignedParts> > > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > </wsdl:definitions> > > > And I want to be able to get the certificate in a custom intereceptor to be > able to pass it to spring security session context. > Another thing I want is to be able to override the default behaviour of cxf > trying to validate the certPath, because I want to do this by my own because > certificate aren't in a .jsk keystore but in a database. > > I have read that I need a second interceptor, but how to set an interceptor > and give it lower precedence?? > > Thanks. > > > > -- > Jaime Hablutzel - 9-9956-3299 > > (tildes omitidas intencionalmente) > -- Jaime Hablutzel - 9-9956-3299 (tildes omitidas intencionalmente)
