Hi Martin, Yes, for sure. You need to provide own implementation of WSS4J Crypto interface. Btw CXF supports XKMS standard to get public keys as alternative to keystore. You can take this either as example of Crypto implementation: https://github.com/apache/cxf/blob/master/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/provider/XkmsCryptoProvider.java
or use XKMS service to manage your certificates: http://cxf.apache.org/docs/xml-key-management-service-xkms.html Regards, Andrei. > -----Original Message----- > From: Martin Nielsen [mailto:[email protected]] > Sent: Freitag, 6. März 2015 10:36 > To: [email protected] > Subject: Alternative key sources using asymmetric security? > > Looking at WS-Security asymmetric encryption, i was wondering if it is > possible > in some way to configure CXF to look somewhere else than a java keystore for > the key information. > > Say that you have a case where you need to add web services to an application > that already has a public key for all it's users in a database, for example. > Would > it be possible to have CXF look for a public key in the database instead of a > keystore? > > -Martin
