In that case, i will respond in both places as well:) I clearly see the advantage of using the security policy instead, and i will. But my primary question still stands. Where do i find some more in-depth documentation of what exactly is possible to define in the security policies? Looking at http://cxf.apache.org/docs/ws-securitypolicy.html, i see more tutorial/example material, and that's well and good for understanding the basics. However, when i look in the security constants, as i said in my first post i only see information like. SIGNATURE_PROPERTIES
public static final String <http://download.oracle.com/javase/1.5.0/docs/api/java/lang/String.html> *SIGNATURE_PROPERTIES* The Crypto property configuration to use for signature, if SIGNATURE_CRYPTO is not set instead. The value of this tag must be either: a) A Java Properties object that contains the Crypto configuration. b) The path of the Crypto property file that contains the Crypto configuration. c) A URL that points to the Crypto property file that contains the Crypto configuration. *See Also:*Constant Field Values<http://cxf.apache.org/javadoc/latest/constant-values.html#org.apache.cxf.ws.security.SecurityConstants.SIGNATURE_PROPERTIES> What goes into this configuration? What kind of Java Properties object? These are the kinds of questions i would like answers to. I just cant seem to find anything more concrete and in-depth than this. Does it exist? On Fri, Sep 7, 2012 at 8:41 PM, Daniel Kulp [via CXF] < [email protected]> wrote: > > I responded to your question on StackOverflow, but I'll repeat it here: > > Honestly, I would recommend NOT using the WSS4J interceptors directly in > CXF at this point. Instead, define a WS-Security policy fragment that will > accurately describe the security requirements and attach that in the WSDL. > Then add the appropriate properties (described > http://cxf.apache.org/docs/ws-securitypolicy.html ) for the additional > information the policy runtime will need. > > The WS-Security Policy stuff is completely standards based and would be > supported by all the various runtimes. The security requirement become part > of the contract (WSDL) which is also important. > > > Dan > > > > On Sep 7, 2012, at 8:58 AM, martin <[hidden > email]<http://user/SendEmail.jtp?type=node&node=5713715&i=0>> > wrote: > > > I walked through a number of tutorials and got a fairly simple timestamp > > signature encryption scheme going. > > But now i have to implement a more advanced solution, where each user > has > > their own keys and those keys can be found in multiple locations. > Needless > > to say i would have to post a lot of questions to get it to work. > Instead i > > have been looking for some documentation for the WS.Security In and Out > > interceptors, more specifically what can go in the constructor map and > how > > those objects should be structured, but i can't find anything apart from > a > > very non-helpful CXF api. > > > > Does anyone know where i can find some actual documentation/manual type > > documents for the security interceptors and callback classes? Or does no > > such thing exist? > > > > > > > > -- > > View this message in context: > http://cxf.547215.n5.nabble.com/Documentation-for-wss4j-interceptors-tp5713696.html > > Sent from the cxf-user mailing list archive at Nabble.com. > > -- > Daniel Kulp > [hidden email] <http://user/SendEmail.jtp?type=node&node=5713715&i=1> - > http://dankulp.com/blog > > Talend Community Coder - http://coders.talend.com > > > > ------------------------------ > If you reply to this email, your message will be added to the discussion > below: > > http://cxf.547215.n5.nabble.com/Documentation-for-wss4j-interceptors-tp5713696p5713715.html > To unsubscribe from Documentation for wss4j interceptors, click > here<http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=5713696&code=c2t1bWxlcmVuQGdtYWlsLmNvbXw1NzEzNjk2fC0xNTEyNDYwMDA3> > . > NAML<http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> > -- View this message in context: http://cxf.547215.n5.nabble.com/Documentation-for-wss4j-interceptors-tp5713696p5713739.html Sent from the cxf-user mailing list archive at Nabble.com.
