Re: How to configure certificate for Symmetric bindings for client

Thu, 24 May 2012 13:58:21 -0700 

Follow this structure:
http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/sts/src/demo/wssec/client/wssec-client.xml?revision=1190520&view=markup

Glen

On 05/24/2012 04:48 PM, Gina Choi wrote:

Hi Glen,
Did you mean something like following? But following two entries almost identical. How does WSC knows which entry to pick up when to call STS vs WSP? I try to change your http://www.jroller.com/gmazza/entry/cxf_sts_tutorial from X.509 authentication between WSC and STS to UT authentication. First I need to verify if Apache CXF support UT authentication with Symmetric bindings. <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItPort <http://www.example.org/contract/DoubleIt%7DDoubleItPort>" createdFromAPI="true"> 
<jaxws:properties>
<entry key="ws-security.sts.client">
<bean class="org.apache.cxf.ws.security.trust.STSClient">
<constructor-arg ref="cxf"/>
<property name="wsdlLocation" value="DoubleItSTSService.wsdl"/>
<property name="serviceName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}DoubleItSTSService <http://docs.oasis-open.org/ws-sx/ws-trust/200512/%7DDoubleItSTSService>"/> <property name="endpointName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}DoubleItSTSPort <http://docs.oasis-open.org/ws-sx/ws-trust/200512/%7DDoubleItSTSPort>"/> 
<property name="properties">
<map>
<!--entry key="ws-security.signature.username" value="myclientkey"/-->
<entry key="ws-security.callback-handler" value="client.ClientCallbackHandler"/> 
<entry key="ws-security.username" value="alice"/>
<entry key="ws-security.signature.properties" value="clientKeystore.properties"/> <entry key="ws-security.encryption.properties" value="clientKeystore.properties"/> 
<entry key="ws-security.encryption.username" value="myservicekey"/>
</map>
</property>
</bean>
</entry>
<entry key="ws-security.sts.client">
<bean class="org.apache.cxf.ws.security.trust.STSClient">
<constructor-arg ref="cxf"/>
<property name="wsdlLocation" value="DoubleItSTSService.wsdl"/>
<property name="serviceName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}DoubleItSTSService <http://docs.oasis-open.org/ws-sx/ws-trust/200512/%7DDoubleItSTSService>"/> <property name="endpointName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}DoubleItSTSPort <http://docs.oasis-open.org/ws-sx/ws-trust/200512/%7DDoubleItSTSPort>"/> 
<property name="properties">
<map>
<entry key="ws-security.signature.username" value="myclientkey"/>
<entry key="ws-security.callback-handler" value="client.ClientCallbackHandler"/> <entry key="ws-security.signature.properties" value="clientKeystore.properties"/> <entry key="ws-security.encryption.properties" value="clientKeystore.properties"/> 
<entry key="ws-security.encryption.username" value="mystskey"/>
</map>
</property>
</bean>
</entry>
</jaxws:properties>
</jaxws:client>
On Thu, May 24, 2012 at 4:08 PM, Glen Mazza <[email protected] <mailto:[email protected]>> wrote: 

    Unsure, but I believe you'll want two <entry> elements in your
    cxf.xml, one as you have below except without the mystskey config
    element you have there, and then a second <entry> like this:
    https://github.com/Talend/ tesb-rt-se/blob/
    83011aebc68c67cb177ff7e800afbe 9bbcab7049/examples/cxf/jaxws-
    cxf-sts/client/src/main/ resources/cxf.xml
    
<https://github.com/Talend/tesb-rt-se/blob/83011aebc68c67cb177ff7e800afbe9bbcab7049/examples/cxf/jaxws-cxf-sts/client/src/main/resources/cxf.xml>
    for the sts configuration.  They should both go under the same
    jaxws:client element, and probably under the same jaxws:properties
    element as well.

    HTH,
    Glen


    On 05/24/2012 12:16 PM, Gina Choi wrote:

        Hi All,

        I have WSP, WSC and STS(Apache CXF). I am going to use
        Symmetric bindings
        between them. So, I added certificate both WSP and STS in client
        truststore, but I need to configure them in the client config
        file.

        Following is part of cxf.xml file. But as you can see, I am using
        ws-security.encryption. username twice for sts and service
        certificate and
        this is not right. How does program tell which one is which one?

        <map>
        <!--entry key="ws-security.signature. username"
        value="myclientkey"/-->
        <entry key="ws-security.callback- handler"
        value="client. ClientCallbackHandler"/>
        <entry key="ws-security.username" value="alice"/>
        <entry key="ws-security.signature. properties"
        value="clientKeystore. properties"/>
        <entry key="ws-security.encryption. properties"
        value="clientKeystore. properties"/>
        <entry key="ws-security.encryption. username" value="mystskey"/>
        <entry key="ws-security.encryption. username"
        value="myservicekey"/>

        I have following content in the clientKeystore.properties.

        org.apache.ws.security.crypto. merlin.keystore.type=jks
        org.apache.ws.security.crypto. merlin.keystore.password= cspass
        org.apache.ws.security.crypto. merlin.keystore.alias= myclientkey
        org.apache.ws.security.crypto. merlin.file=wsclientstore.jks
        </map>

        And my client.ClientCallbackHandler class has information
        about password
        for mystskey and myservicekey. How do I configure it right?

        Thanks in advance.

        Gina
-- Glen Mazza 
    Talend Community Coders
    coders.talend.com <http://coders.talend.com>
    blog: www.jroller.com/gmazza <http://www.jroller.com/gmazza>





--
Glen Mazza
Talend Community Coders
coders.talend.com
blog: www.jroller.com/gmazza

Reply via email to