Re: Signature Verification Algorithm

Mon, 03 Sep 2012 05:53:36 -0700 

> But the server does not force the client to use the sha256 algorithm.  Is
> there any way to tell the server to make the client use a specific
> algorithm?

It seems like you are mixing a WS-SecurityPolicy configuration (the
"AlgorithmSuite" policy) with the WSS4JInInterceptor, which is the old
style non-policy interceptor.

For the WS-SecurityPolicy case you don't have to add any interceptor in
configuration, it is done for you. The server will check the algorithms the
client is using according to the AlgorithmSuite policy automatically.

Colm.

On Wed, Aug 29, 2012 at 6:46 PM, ychawla <[email protected]>wrote:

> Hello All,
> I am doing Signature / Verification in my web services and I would like the
> server to be able to specify the signature algorithm.
>
> In my policy WSDL, the algorithm is specified:
>                                                 <sp:AlgorithmSuite>
>                                                         <wsp:Policy>
>
> <sp:Basic256Sha256 />
>                                                         </wsp:Policy>
>                                                 </sp:AlgorithmSuite>
>
> On the client side, I can easily set the algorithm:
>
>
> <entry key="signatureAlgorithm"
> value="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
> <entry key="signatureDigestAlgorithm"
> value="http://www.w3.org/2001/04/xmlenc#sha256"/>
>
> However, on the server side I tried a similar configuration:
>
>         <bean id="wss4jInInterceptor"
> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
>                 <constructor-arg>
>                         <map>
>                                 <entry key="action" value="Signature
> Timestamp" />
>                                 <entry key="signaturePropRefId"
> value="wsCryptoPropertiesSignatureVerificationIn" />
>                                 <entry
> key="wsCryptoPropertiesSignatureVerificationIn"
>
> value-ref="wsCryptoPropertiesSignatureVerificationIn" />
>
>
>                                 <entry key="signatureAlgorithm"
> value="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
>                                 <entry key="signatureDigestAlgorithm"
> value="http://www.w3.org/2001/04/xmlenc#sha256"/>
>
>                         </map>
>                 </constructor-arg>
>         </bean>
>
> But the server does not force the client to use the sha256 algorithm.  Is
> there any way to tell the server to make the client use a specific
> algorithm?
>
> Thanks,
> Yogesh
>
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/Signature-Verification-Algorithm-tp5713333.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Reply via email to