Hi Gina, > How does WSC knows which entry to pick up when to call STS vs WSP?
Take a look at the following configuration for an example of this: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-client.xml?view=markup <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItAsymmetricSAML1Port"; createdFromAPI="true"> <jaxws:properties> ... <entry key="ws-security.encryption.properties" value="clientKeystore.properties"/> <entry key="ws-security.encryption.username" value="myservicekey"/> <entry key="ws-security.sts.client"> <bean class="org.apache.cxf.ws.security.trust.STSClient"> ... <property name="properties"> <map> <entry key="ws-security.encryption.properties" value="clientKeystore.properties"/> <entry key="ws-security.encryption.username" value="mystskey"/> ... Here you can see that the client is configuring "myservicekey" as the keystore alias for the WSP, and "mystskey" for the STSClient. Colm. On Thu, May 24, 2012 at 9:48 PM, Gina Choi <[email protected]> wrote: > Hi Glen, > > Did you mean something like following? But following two entries almost > identical. How does WSC knows which entry to pick up when to call STS vs > WSP? I try to change your > http://www.jroller.com/gmazza/entry/cxf_sts_tutorial from X.509 > authentication between WSC and STS to UT authentication. First I need to > verify if Apache CXF support UT authentication with Symmetric bindings. > > > <jaxws:client name="{ > http://www.example.org/contract/DoubleIt}DoubleItPort"; > createdFromAPI="true"> > <jaxws:properties> > <entry key="ws-security.sts.client"> > <bean class="org.apache.cxf.ws.security.trust.STSClient"> > <constructor-arg ref="cxf"/> > <property name="wsdlLocation" > value="DoubleItSTSService.wsdl"/> > <property name="serviceName" value="{ > http://docs.oasis-open.org/ws-sx/ws-trust/200512/}DoubleItSTSService"/> > <property name="endpointName" value="{ > http://docs.oasis-open.org/ws-sx/ws-trust/200512/}DoubleItSTSPort"/> > <property name="properties"> > <map> > <!--entry key="ws-security.signature.username" > value="myclientkey"/--> > <entry key="ws-security.callback-handler" > value="client.ClientCallbackHandler"/> > <entry key="ws-security.username" value="alice"/> > <entry key="ws-security.signature.properties" > value="clientKeystore.properties"/> > <entry key="ws-security.encryption.properties" > value="clientKeystore.properties"/> > <entry key="ws-security.encryption.username" value="myservicekey"/> > </map> > </property> > </bean> > </entry> > <entry key="ws-security.sts.client"> > <bean > class="org.apache.cxf.ws.security.trust.STSClient"> > <constructor-arg ref="cxf"/> > <property name="wsdlLocation" > value="DoubleItSTSService.wsdl"/> > <property name="serviceName" value="{ > http://docs.oasis-open.org/ws-sx/ws-trust/200512/}DoubleItSTSService"/> > > <property name="endpointName" value="{ > http://docs.oasis-open.org/ws-sx/ws-trust/200512/}DoubleItSTSPort"/> > > <property name="properties"> > <map> > <entry key="ws-security.signature.username" > value="myclientkey"/> > <entry key="ws-security.callback-handler" > value="client.ClientCallbackHandler"/> > <entry key="ws-security.signature.properties" > value="clientKeystore.properties"/> > <entry key="ws-security.encryption.properties" > value="clientKeystore.properties"/> > <entry key="ws-security.encryption.username" > value="mystskey"/> > </map> > </property> > </bean> > </entry> > </jaxws:properties> > </jaxws:client> > > On Thu, May 24, 2012 at 4:08 PM, Glen Mazza <[email protected]> wrote: > >> Unsure, but I believe you'll want two <entry> elements in your cxf.xml, >> one as you have below except without the mystskey config element you have >> there, and then a second <entry> like this: https://github.com/Talend/** >> tesb-rt-se/blob/**83011aebc68c67cb177ff7e800afbe** >> 9bbcab7049/examples/cxf/jaxws-**cxf-sts/client/src/main/** >> resources/cxf.xml<https://github.com/Talend/tesb-rt-se/blob/83011aebc68c67cb177ff7e800afbe9bbcab7049/examples/cxf/jaxws-cxf-sts/client/src/main/resources/cxf.xml>for >> the sts configuration. They should both go under the same jaxws:client >> element, and probably under the same jaxws:properties element as well. >> >> HTH, >> Glen >> >> >> On 05/24/2012 12:16 PM, Gina Choi wrote: >> >>> Hi All, >>> >>> I have WSP, WSC and STS(Apache CXF). I am going to use Symmetric bindings >>> between them. So, I added certificate both WSP and STS in client >>> truststore, but I need to configure them in the client config file. >>> >>> Following is part of cxf.xml file. But as you can see, I am using >>> ws-security.encryption.**username twice for sts and service certificate >>> and >>> this is not right. How does program tell which one is which one? >>> >>> <map> >>> <!--entry key="ws-security.signature.** >>> username" >>> value="myclientkey"/--> >>> <entry key="ws-security.callback-**handler" >>> value="client.**ClientCallbackHandler"/> >>> <entry key="ws-security.username" value="alice"/> >>> <entry key="ws-security.signature.**properties" >>> value="clientKeystore.**properties"/> >>> <entry key="ws-security.encryption.**properties" >>> value="clientKeystore.**properties"/> >>> <entry key="ws-security.encryption.**username" value="mystskey"/> >>> <entry key="ws-security.encryption.**username" >>> value="myservicekey"/> >>> >>> I have following content in the clientKeystore.properties. >>> >>> org.apache.ws.security.crypto.**merlin.keystore.type=jks >>> org.apache.ws.security.crypto.**merlin.keystore.password=**cspass >>> org.apache.ws.security.crypto.**merlin.keystore.alias=**myclientkey >>> org.apache.ws.security.crypto.**merlin.file=wsclientstore.jks >>> </map> >>> >>> And my client.ClientCallbackHandler class has information about password >>> for mystskey and myservicekey. How do I configure it right? >>> >>> Thanks in advance. >>> >>> Gina >>> >>> >> >> -- >> Glen Mazza >> Talend Community Coders >> coders.talend.com >> blog: www.jroller.com/gmazza >> >> -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
