Hi Martin, You can find more information on what goes in the Signature Crypto properties here (first section):
http://ws.apache.org/wss4j/config.html Colm. On Sun, Sep 9, 2012 at 7:51 PM, martin <[email protected]> wrote: > In that case, i will respond in both places as well:) > I clearly see the advantage of using the security policy instead, and i > will. But my primary question still stands. Where do i find some more > in-depth documentation of what exactly is possible to define in the > security policies? Looking at > http://cxf.apache.org/docs/ws-securitypolicy.html, i see more > tutorial/example material, and that's well and good for understanding the > basics. However, when i look in the security constants, as i said in my > first post i only see information like. > SIGNATURE_PROPERTIES > > public static final String > <http://download.oracle.com/javase/1.5.0/docs/api/java/lang/String.html> > *SIGNATURE_PROPERTIES* > > The Crypto property configuration to use for signature, if > SIGNATURE_CRYPTO is > not set instead. The value of this tag must be either: a) A Java Properties > object that contains the Crypto configuration. b) The path of the Crypto > property file that contains the Crypto configuration. c) A URL that points > to the Crypto property file that contains the Crypto configuration. > > *See Also:*Constant Field > Values< > http://cxf.apache.org/javadoc/latest/constant-values.html#org.apache.cxf.ws.security.SecurityConstants.SIGNATURE_PROPERTIES > > > What goes into this configuration? What kind of Java Properties object? > These are the kinds of questions i would like answers to. I just cant seem > to find anything more concrete and in-depth than this. Does it exist? > > > On Fri, Sep 7, 2012 at 8:41 PM, Daniel Kulp [via CXF] < > [email protected]> wrote: > > > > > I responded to your question on StackOverflow, but I'll repeat it here: > > > > Honestly, I would recommend NOT using the WSS4J interceptors directly in > > CXF at this point. Instead, define a WS-Security policy fragment that > will > > accurately describe the security requirements and attach that in the > WSDL. > > Then add the appropriate properties (described > > http://cxf.apache.org/docs/ws-securitypolicy.html ) for the additional > > information the policy runtime will need. > > > > The WS-Security Policy stuff is completely standards based and would be > > supported by all the various runtimes. The security requirement become > part > > of the contract (WSDL) which is also important. > > > > > > Dan > > > > > > > > On Sep 7, 2012, at 8:58 AM, martin <[hidden email]< > http://user/SendEmail.jtp?type=node&node=5713715&i=0>> > > wrote: > > > > > I walked through a number of tutorials and got a fairly simple > timestamp > > > signature encryption scheme going. > > > But now i have to implement a more advanced solution, where each user > > has > > > their own keys and those keys can be found in multiple locations. > > Needless > > > to say i would have to post a lot of questions to get it to work. > > Instead i > > > have been looking for some documentation for the WS.Security In and Out > > > interceptors, more specifically what can go in the constructor map and > > how > > > those objects should be structured, but i can't find anything apart > from > > a > > > very non-helpful CXF api. > > > > > > Does anyone know where i can find some actual documentation/manual type > > > documents for the security interceptors and callback classes? Or does > no > > > such thing exist? > > > > > > > > > > > > -- > > > View this message in context: > > > http://cxf.547215.n5.nabble.com/Documentation-for-wss4j-interceptors-tp5713696.html > > > Sent from the cxf-user mailing list archive at Nabble.com. > > > > -- > > Daniel Kulp > > [hidden email] <http://user/SendEmail.jtp?type=node&node=5713715&i=1> - > > http://dankulp.com/blog > > > > Talend Community Coder - http://coders.talend.com > > > > > > > > ------------------------------ > > If you reply to this email, your message will be added to the discussion > > below: > > > > > http://cxf.547215.n5.nabble.com/Documentation-for-wss4j-interceptors-tp5713696p5713715.html > > To unsubscribe from Documentation for wss4j interceptors, click here< > http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=5713696&code=c2t1bWxlcmVuQGdtYWlsLmNvbXw1NzEzNjk2fC0xNTEyNDYwMDA3 > > > > . > > NAML< > http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml > > > > > > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/Documentation-for-wss4j-interceptors-tp5713696p5713739.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
