Re: WS-Security question

Ted Tue, 14 May 2013 18:06:36 -0700

Not sure if this is the official way or not, but this is how I do it :

   AccountWsService service = new AccountWsService("..."));
   port = service.getAccountWsPort();


   Client cxfClient = ClientProxy.getClient(port);
   cxfClient.getOutInterceptors().add(new
AuthenticationOutWSS4JInterceptor(user, password));

where AuthenticationOutWSS4JInterceptor looks a little like :

        public class AuthenticationOutWSS4JInterceptor extends
WSS4JOutInterceptor implements CallbackHandler
        {
                private String password = null;
        
                /**
                 * @param user can be userId or userName, all depends on what 
the
received requires
                 * @param password can be password or securityToken, all 
depends on
what the received requires
                 */
                public AuthenticationOutWSS4JInterceptor(Object user, String 
password)
                {
                        this.password = password;
        
                        HashMap<String, Object> properties = new 
HashMap<String, Object>();
                        properties.put(WSHandlerConstants.ACTION, 
WSHandlerConstants.USERNAME_TOKEN);
                        properties.put(WSHandlerConstants.USER, 
user.toString());
                        properties.put(WSHandlerConstants.PASSWORD_TYPE, 
WSConstants.PW_TEXT);
                        properties.put(WSHandlerConstants.PW_CALLBACK_REF, 
this);
        
                        setProperties(properties);
                }
        
                @Override
                public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException
                {
                        for (Callback callback : callbacks)
                        {
                                if (callback instanceof WSPasswordCallback)
                                {
                                        WSPasswordCallback wsPasswordCallback = 
(WSPasswordCallback)callback;
                                        
wsPasswordCallback.setPassword(password);
                                }
                        }
                }
        }

On 5/14/13, Ted Roeloffzen <[email protected]> wrote:
> Good day all,
>
> At this moment I'm working on a webservice-client that has to use
> WS-Security, but i can't seem to figure out how configure CXF that it fills
> the SOAP-header in the correct way.
> We don't use Spring for the configuration, so everything has to be
> configured via the API.
>
> We need to have a timestamp, a signature and also a binary security token.
> The Canonicalization-algorithm is xml-exc-c14
> The signature-algorithm is RSA-SHA256
>
> can someone point me in the right direction for this?
>
> I've already created a WSS4JInInterceptor and a WSS4JOutInterceptor.
> Both with a properties-map containing an Action = Timestap Signature,
> signatureAlgorithm = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
> and signatureDigestAlgorithm = "http://www.w3.org/2001/04/xmlenc#sha256";
>
> do I need to configure anymore other than adding a certificate to the
> keystore?
>
> thanks in advance.
>
> kind regards,
>
> Ted
>


-- 
Ted.

Re: WS-Security question

Reply via email to