Hi, Sorry, I was a bit too fast with my previous post. What about concurrent usage of the port with different security settings? I think this doesn't work in the code example below.
What I mean is that I send message A and B at the same time, through the port below with different security settings. I think in your code example below, it's possible that message B will use the security settings of A as they will use the same request context. - Ed > -----Original Message----- > From: Andrei Shakirin [mailto:ashaki...@talend.com] > Sent: donderdag 13 december 2012 13:09 > To: users@cxf.apache.org > Cc: z...@debrasjes.com > Subject: RE: How to use ws-security info per sending soap message in CXF? > > Hi Ed, > > As I already wrote, you don't even need the interceptor to change the > properties. > You can do it in your client by sending message: > > AddNumbers port = (AddNumbers)service.getPort(portName, AddNumbers.class); > ((BindingProvider)port).getRequestContext().put(SecurityConstants.ENCRYPT_PR OP > ERTIES, <new property location>). > > Although, If you would like to do it in interceptor, you can pass necessary > information with message properties using the same technic. > > The most standard and recommended way to control security in CXF is using WS- > Policy. > You also can apply it dynamically at the runtime. If this way is interesting > for you, I can provide further information how to set WS-Policy dynamically. > > Cheers, > Andrei. > > > -----Original Message----- > > From: Ed Bras [mailto:z...@debrasjes.com] > > Sent: Donnerstag, 13. Dezember 2012 10:31 > > To: users@cxf.apache.org > > Subject: RE: How to use ws-security info per sending soap message in CXF? > > > > Thanks for your answer. > > I understand how I can change security properties in an interceptor. > > The problem is: how do I know when to change these properties? > > > > When I send a soap message, I know which security settings should be used. > > But how do I attach these security settings to a soap message such > > that they can be read by an interceptor and can use them? > > > > - Ed > > > > > -----Original Message----- > > > From: Andrei Shakirin [mailto:ashaki...@talend.com] > > > Sent: woensdag 12 december 2012 18:10 > > > To: users@cxf.apache.org > > > Cc: z...@debrasjes.com > > > Subject: RE: How to use ws-security info per sending soap message in CXF? > > > > > > Hi, > > > > > > a) jaxws client > > > 1) You can set message property: > > > SecurityConstants.ENCRYPT_PROPERTIES and dynamically update property > > > file > > > location: > > > message. put(SecurityConstants.ENCRYPT_PROPERTIES, <new property > > location>); > > > WSS4J will automatically use these properties. > > > > > > It is possible to do it either in custom interceptor (should be > > > called > > before > > > WSS4JOutInterceptor) or in client logic via: > > > > > ((BindingProvider)proxy).getRequestContext().put(SecurityConstants.ENC > > RY > > PT_P > > RO > > > PERTIES, <new property location>). > > > > > > Cons of this solution: you are still restricted to use > > > keystore.properties file. > > > > > > 2) More generic solution is implement own CryptoProvider (implements > > > wss4j CryptoBase interface) and set this implementation in > > > SecurityConstants.ENCRYPT_CRYPTO message property. In provider > > implementation > > > you can get certificates and private keys whatever you want: from > > keystore, > > > remotely from service, etc. > > > > > > b) http conduit > > > TLS parameters can be also configured programmatically: > > > Client c = ClientProxy.getClient(port); HTTPConduit conduit = > > > (HTTPConduit) c.getConduit(); TLSClientParameters tlsParams = new > > > TLSClientParameters(); ... > > > conduit.setTlsClientParameters(tlsParams); > > > > > > see > > http://blog.progs.be/71/cxf-simple-frontend-allow-all-ssl-certificates > > - > > > and-set-basic-authentication-credentials for details. > > > > > > I hope this can help. > > > > > > Cheers, > > > Andrei. > > > > > > > -----Original Message----- > > > > From: Ed Bras [mailto:z...@debrasjes.com] > > > > Sent: Mittwoch, 12. Dezember 2012 15:16 > > > > To: users@cxf.apache.org > > > > Subject: How to use ws-security info per sending soap message in CXF? > > > > > > > > Please some advice on the following requirement: > > > > I like to be able to dynamically change/set the ws-security info > > > > per sending soap message in cxf. How can this best be done. > > > > > > > > Details: I want to change settings like keystore name, keystore > > > > alias, password, host name, etc.. during runtime, preferable per > > > > sending > > message. > > > > > > > > Currently I am using: jaxws client with WSS4JOutInterceptor and > > > > WSS4JInInterceptor interceptor for signing. And I am using http > > > > conduit with tls client parameters for SSL/TLS communications. > > > > Both the jaxws client and http conduit are configured in spring > > > > and have their configuration like keystore name, alias and > > > > password set in the > > Spring > > > config. > > > > > > > > I see options: > > > > 1) I change these settings during runtime through a global property. > > > > 2) I change these settings per sending message (preferable). > > > > > > > > 2) Is preferable but most difficult I think. How should I do this? > > > > > > > > I was thinking about: > > > > a) jaxws client: make my own in- and out interceptor that > > > > intercepts a message and use the correct (cached) > > > > WSS4JOutInterceptor interceptor depending on the security settings > > > > that that message requires. If the WSS4JOutInterceptor interceptor > > > > doesn't exists in cache, it's created (I probably have max 5 > > > > WSS4JOutInterceptor instances > > cached). > > > > However, how can I determine which settings are required in my > > > > interceptor as that is known in an other part of the app when > > > > talking to the @Webservice proxy to create and send the soap > > > > request/message... Maybe I could be able to add some kind of > > > > securityInfo object to the soap message through the > > > > JaxWsClientProxy, but how ?... Or maybe I can set the interceptors > > > > when sending/creating > > the > > > soap message when this security info is still know. > > > > This will then be a light weight interceptor containing the > > > > required settings, linking to the cached interceptors, that is > > > > selected depending on the settings... > > > > > > > > b) http conduit: using a ConduitSelector (never used it but will > > > > find out), such that I am able to select the correct http conduit, > > > > but I have the same problem as in (a): "How to determine which > > > > settings I should use" as they are known when creating/sending a > > > > soap message and > > the > > > interceptors are set later... > > > > Probably I have to set an conduit selector per sending message.. > > > > > > > > Please some advice? > > > > - Ed > >
