> I'll look at the custom AlgorithmSuites, but I am a bit sceptical: what's the use of WS-SecurityPolicy, when using an unknown, unofficial > algorithm suite (identifier) that has to be communicated out of line the the web service clients anyway? (But thanks again, I am curious > anyway.)
Well for one it gives you all of the standard validation that is done of a message against a policy, that you don't get with the "Action" based approach. It also gives you the ability not to have to hard-wire (e.g.) the Algorithm Suite you are using in the client, if the client can have access to the WSDL of the service via a registry or even WSDL publish. Colm. On Tue, Apr 9, 2013 at 4:03 PM, Lattermann, Dirk < [email protected]> wrote: > Hi Colm, > > thank you, I just logged Issue 4954. > > I'll look at the custom AlgorithmSuites, but I am a bit sceptical: what's > the use of WS-SecurityPolicy, when using an unknown, unofficial algorithm > suite (identifier) that has to be communicated out of line the the web > service clients anyway? (But thanks again, I am curious anyway.) > > Dirk > > -----Ursprüngliche Nachricht----- > Von: Colm O hEigeartaigh [mailto:[email protected]] > Gesendet: Dienstag, 9. April 2013 14:46 > An: [email protected] > Betreff: Re: CryptoCoverageChecker and SOAP Fault responses > > Hi Dirk, > > It appears that this is not currently supported. Could you log a JIRA? > > Incidentally, custom AlgorithmSuites are supported in CXF using > WS-SecurityPolicy. See here for an example: > > > http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/ > > http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/ > > Colm. > > > On Tue, Apr 9, 2013 at 8:14 AM, Lattermann, Dirk < > [email protected]> wrote: > > > Hi, > > > > Using CXF 2.4.6 in JBoss EAP 6, I'm securing my web services with > > WS-Security (no WS-SecurityPolicy as the algorithm suite is not > > supported there). > > > > For this, I have configured WSS4JInInterceptors and > > WSS4JOutInterceptors on both client and server, and the setup works. > > > > To check if incoming messages are signed, encrypted, and with > > timestamp token, I also have configured a CryptoCoverageChecker on > > both client and server. Now I have the problem that I cannot obtain > > Fault answers from the server on the client any more because the > > CryptoCoverageChecker kicks in and I don't have a chance to access the > SOAPFaultException from the server. > > The server doesn't sign and encrypt Fault answers (which is ok, and > > this is the case also when using easy WS-SecurityPolicy configurations). > > > > How can I configure the CryptoCoverageChecker to only check regular > > (non-fault) web service responses? Or how can I configure CXF to only > > use a CryptoCoverageChecker on non-fault responses? (With > > WS-SecurityPolicy, this problem seems solved). > > > > Thank you, > > Dirk Lattermann > > -------------------------------------------------------- > > DATAGROUP BGS GmbH > > Dirk Lattermann > > > > > > Auf den Tongruben 3 > > D-53721 Siegburg > > Fon: +49 2241 166-531 > > Fax: +49 2241 166-680 > > E-Mail: [email protected] > > http://www.datagroup.de > > > > Sie finden uns auch auf: > > Facebook<https://www.facebook.com/#!/datagroupag/> | Xing< > > https://www.xing.com/companies/datagroupag/updates/> | Google+< > > https://plus.google.com/s/datagroup#112017044868465108697/posts> | > > LinkedIn<http://www.linkedin.com/company/datagroup-ag/> | Kununu< > > http://www.kununu.com/de/all/de/it/datagroup/> > > > > Geschäftsführung: Hans-Hermann Schaber Amtsgericht Mainz, HRB 44217 > > > > DATAGROUP ist als einer von wenigen IT-Dienstleistern zertifiziert > > nach ISO 20000, der höchstmöglichen Auszeichnung für professionelles > > IT Service Management. > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > -------------------------------------------------------- > DATAGROUP BGS GmbH > Dirk Lattermann > > > Auf den Tongruben 3 > D-53721 Siegburg > Fon: +49 2241 166-531 > Fax: +49 2241 166-680 > E-Mail: [email protected] > http://www.datagroup.de > > Sie finden uns auch auf: > Facebook<https://www.facebook.com/#!/datagroupag/> | Xing< > https://www.xing.com/companies/datagroupag/updates/> | Google+< > https://plus.google.com/s/datagroup#112017044868465108697/posts> | > LinkedIn<http://www.linkedin.com/company/datagroup-ag/> | Kununu< > http://www.kununu.com/de/all/de/it/datagroup/> > > Geschäftsführung: Hans-Hermann Schaber > Amtsgericht Mainz, HRB 44217 > > DATAGROUP ist als einer von wenigen IT-Dienstleistern zertifiziert nach > ISO 20000, der höchstmöglichen Auszeichnung für professionelles IT Service > Management. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
