Hi, a) jaxws client 1) You can set message property: SecurityConstants.ENCRYPT_PROPERTIES and dynamically update property file location: message. put(SecurityConstants.ENCRYPT_PROPERTIES, <new property location>); WSS4J will automatically use these properties.
It is possible to do it either in custom interceptor (should be called before WSS4JOutInterceptor) or in client logic via: ((BindingProvider)proxy).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES, <new property location>). Cons of this solution: you are still restricted to use keystore.properties file. 2) More generic solution is implement own CryptoProvider (implements wss4j CryptoBase interface) and set this implementation in SecurityConstants.ENCRYPT_CRYPTO message property. In provider implementation you can get certificates and private keys whatever you want: from keystore, remotely from service, etc. b) http conduit TLS parameters can be also configured programmatically: Client c = ClientProxy.getClient(port); HTTPConduit conduit = (HTTPConduit) c.getConduit(); TLSClientParameters tlsParams = new TLSClientParameters(); ... conduit.setTlsClientParameters(tlsParams); see http://blog.progs.be/71/cxf-simple-frontend-allow-all-ssl-certificates-and-set-basic-authentication-credentials for details. I hope this can help. Cheers, Andrei. > -----Original Message----- > From: Ed Bras [mailto:z...@debrasjes.com] > Sent: Mittwoch, 12. Dezember 2012 15:16 > To: users@cxf.apache.org > Subject: How to use ws-security info per sending soap message in CXF? > > Please some advice on the following requirement: > I like to be able to dynamically change/set the ws-security info per sending > soap message in cxf. How can this best be done. > > Details: I want to change settings like keystore name, keystore alias, > password, host name, etc.. during runtime, preferable per sending message. > > Currently I am using: jaxws client with WSS4JOutInterceptor and > WSS4JInInterceptor interceptor for signing. And I am using http conduit with > tls client parameters for SSL/TLS communications. Both the jaxws client and > http conduit are configured in spring and have their configuration like > keystore name, alias and password set in the Spring config. > > I see options: > 1) I change these settings during runtime through a global property. > 2) I change these settings per sending message (preferable). > > 2) Is preferable but most difficult I think. How should I do this? > > I was thinking about: > a) jaxws client: make my own in- and out interceptor that intercepts a > message and use the correct (cached) WSS4JOutInterceptor interceptor > depending on the security settings that that message requires. If the > WSS4JOutInterceptor interceptor doesn't exists in cache, it's created (I > probably have max 5 WSS4JOutInterceptor instances cached). > However, how can I determine which settings are required in my interceptor > as that is known in an other part of the app when talking to the @Webservice > proxy to create and send the soap request/message... Maybe I could be able > to add some kind of securityInfo object to the soap message through the > JaxWsClientProxy, but how ?... Or maybe I can set the interceptors when > sending/creating the soap message when this security info is still know. > This will then be a light weight interceptor containing the required settings, > linking to the cached interceptors, that is selected depending on the > settings... > > b) http conduit: using a ConduitSelector (never used it but will find out), > such > that I am able to select the correct http conduit, but I have the same problem > as in (a): "How to determine which settings I should use" as they are known > when creating/sending a soap message and the interceptors are set later... > Probably I have to set an conduit selector per sending message.. > > Please some advice? > - Ed
