Re: How to configure certificate for Symmetric bindings for client

Gina Choi Thu, 24 May 2012 13:48:52 -0700

Hi Glen,

Did you mean something like following? But following two entries almost
identical. How does WSC knows which entry to pick up when to call STS vs
WSP? I try to change your
http://www.jroller.com/gmazza/entry/cxf_sts_tutorial from X.509
authentication between WSC and STS to UT authentication. First I need to
verify if Apache CXF support UT authentication with Symmetric bindings.



   <jaxws:client name="{
http://www.example.org/contract/DoubleIt}DoubleItPort";
createdFromAPI="true">
       <jaxws:properties>
           <entry key="ws-security.sts.client">
               <bean class="org.apache.cxf.ws.security.trust.STSClient">
                   <constructor-arg ref="cxf"/>
                   <property name="wsdlLocation"
value="DoubleItSTSService.wsdl"/>
                   <property name="serviceName" value="{
http://docs.oasis-open.org/ws-sx/ws-trust/200512/}DoubleItSTSService"/>
                   <property name="endpointName" value="{
http://docs.oasis-open.org/ws-sx/ws-trust/200512/}DoubleItSTSPort"/>
                   <property name="properties">
                       <map>
                           <!--entry key="ws-security.signature.username"
value="myclientkey"/-->
                            <entry key="ws-security.callback-handler"
value="client.ClientCallbackHandler"/>
       <entry key="ws-security.username" value="alice"/>
       <entry key="ws-security.signature.properties"
value="clientKeystore.properties"/>
       <entry key="ws-security.encryption.properties"
value="clientKeystore.properties"/>
       <entry key="ws-security.encryption.username" value="myservicekey"/>
                       </map>
                   </property>
               </bean>
           </entry>
           <entry key="ws-security.sts.client">
    <bean
class="org.apache.cxf.ws.security.trust.STSClient">
     <constructor-arg ref="cxf"/>
     <property name="wsdlLocation"
value="DoubleItSTSService.wsdl"/>
     <property name="serviceName" value="{
http://docs.oasis-open.org/ws-sx/ws-trust/200512/}DoubleItSTSService"/>

     <property name="endpointName" value="{
http://docs.oasis-open.org/ws-sx/ws-trust/200512/}DoubleItSTSPort"/>

     <property name="properties">
      <map>
       <entry key="ws-security.signature.username"
value="myclientkey"/>
       <entry key="ws-security.callback-handler"
value="client.ClientCallbackHandler"/>
       <entry key="ws-security.signature.properties"
value="clientKeystore.properties"/>
       <entry key="ws-security.encryption.properties"
value="clientKeystore.properties"/>
       <entry key="ws-security.encryption.username"
value="mystskey"/>
      </map>
     </property>
    </bean>
   </entry>
       </jaxws:properties>
   </jaxws:client>

On Thu, May 24, 2012 at 4:08 PM, Glen Mazza <[email protected]> wrote:

> Unsure, but I believe you'll want two <entry> elements in your cxf.xml,
> one as you have below except without the mystskey config element you have
> there, and then a second <entry> like this: https://github.com/Talend/**
> tesb-rt-se/blob/**83011aebc68c67cb177ff7e800afbe**
> 9bbcab7049/examples/cxf/jaxws-**cxf-sts/client/src/main/**
> resources/cxf.xml<https://github.com/Talend/tesb-rt-se/blob/83011aebc68c67cb177ff7e800afbe9bbcab7049/examples/cxf/jaxws-cxf-sts/client/src/main/resources/cxf.xml>for
>  the sts configuration.  They should both go under the same jaxws:client
> element, and probably under the same jaxws:properties element as well.
>
> HTH,
> Glen
>
>
> On 05/24/2012 12:16 PM, Gina Choi wrote:
>
>> Hi All,
>>
>> I have WSP, WSC and STS(Apache CXF). I am going to use Symmetric bindings
>> between them. So, I added certificate both WSP and STS in client
>> truststore, but I need to configure them in the client config file.
>>
>> Following is part of cxf.xml file. But as you can see, I am using
>> ws-security.encryption.**username twice for sts and service certificate
>> and
>> this is not right. How does program tell which one is which one?
>>
>>                        <map>
>>                            <!--entry key="ws-security.signature.**
>> username"
>> value="myclientkey"/-->
>>                             <entry key="ws-security.callback-**handler"
>> value="client.**ClientCallbackHandler"/>
>>        <entry key="ws-security.username" value="alice"/>
>>        <entry key="ws-security.signature.**properties"
>> value="clientKeystore.**properties"/>
>>        <entry key="ws-security.encryption.**properties"
>> value="clientKeystore.**properties"/>
>>        <entry key="ws-security.encryption.**username" value="mystskey"/>
>>        <entry key="ws-security.encryption.**username"
>> value="myservicekey"/>
>>
>> I have following content in the clientKeystore.properties.
>>
>> org.apache.ws.security.crypto.**merlin.keystore.type=jks
>> org.apache.ws.security.crypto.**merlin.keystore.password=**cspass
>> org.apache.ws.security.crypto.**merlin.keystore.alias=**myclientkey
>> org.apache.ws.security.crypto.**merlin.file=wsclientstore.jks
>>                        </map>
>>
>> And my client.ClientCallbackHandler class has information about password
>> for mystskey and myservicekey. How do I configure it right?
>>
>> Thanks in advance.
>>
>> Gina
>>
>>
>
> --
> Glen Mazza
> Talend Community Coders
> coders.talend.com
> blog: www.jroller.com/gmazza
>
>

Re: How to configure certificate for Symmetric bindings for client

Reply via email to