Re: customizing WSSConfig properties (other than the action map) using spring configuration

Mon, 22 Apr 2013 07:35:55 -0700

Thanks, this works. For some reason I had a breakpoint set where this is processed and it never hit it so I was convinced the code where that is handled wasn't executing (without trying it of course :-(). 

David


On 04/22/2013 05:09 AM, Colm O hEigeartaigh wrote:
WSSConfig is not really meant to be exposed. You can set the "precisionInMilliseconds" property (WSHandlerConstants.TIMESTAMP_PRECISION) to false to not send Created values in millisecond precision. 

Colm.
On Mon, Apr 22, 2013 at 9:12 AM, Andrei Shakirin <[email protected] <mailto:[email protected]>> wrote: 

    Hi David,

    It seems there is no easy way to do it now. Only a solution I see
    is to overload handleMessage() method of WSS4JOutInterceptor and
    copy&paste CXF code.
    I think we can provide a message contextual property to use
    preconfigured WSSConfig:

                        WSSConfig config  =
    message.getContextualProperty(SecurityConstants.WSS_CONFIG);
                        if (config != null) {
                            config = WSSConfig.getNewInstance();
                        }
    Patch is welcome.

    @Colm: do you see more elegant solution of this?

    Regards,
    Andrei.

    > -----Original Message-----
    > From: David Mansfield [mailto:[email protected]
    <mailto:[email protected]>]
    > Sent: Sonntag, 21. April 2013 22:42
    > To: [email protected] <mailto:[email protected]>
    > Subject: customizing WSSConfig properties (other than the action
    map) using
    > spring configuration
    >
    > Hi All:
    >
    > I've finally hacked together a configuration of the STSClient
    that works with
    > our partner's almost-compliant implementation.
    >
    > I'm trying to make it "reasonable" now, and one thing I'm stuck
    on is how to
    > change WSSConfig values.
    >
    > In particular, I have had to replace the
    UsernameTokenSignedAction because
    > I need to add:
    >
    >  reqData.getWssConfig().setPrecisionInMilliSeconds(false);
    >
    > (I need to turn off milliseconds, because I'm using the code
    which generates
    > a secret key from a UsernameToken for signing, and the partner's
    key is
    > generated with a wsu:Created that does not include milliseconds
    in the
    > timestamp value, see:
    > org.apache.ws.security.message.token.UsernameToken.java:684)
    >
    > Unlike the dozens of other things I have tweaked by setting
    properties on
    > the bus/client, the values in the WSSConfig seem to be buried
    quite deep in
    > the implementation.
    >
    > It looks like the WSSConfig instance gets created with defaults at
    > WSS4JOutInterceptor.java:177, and there is no way to override
    the defaults,
    > and no way to apply properties to the created WSSConfig object.
    >
    > Is there a spring-y or other programmatic way to configure this
    that I have
    > missed?
    >
    > --
    > Thanks,
    > David Mansfield
    > Cobite, INC.




--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Reply via email to