I want the key or alias passed through to the method body.
I have a case where a key infrastructure is already in place, and the
public key og the sender is used for further evaluation in the backend.
If i can get the alias or key for the caller passed to the method on the
backend, then i can use that key to authenticate the user without the need
for further user credentials.
So i would like something along the lines of:
@webservice
public interface SEI{
public ReturnVal doStuff(String/PublicKey alias, Object inVal)
...
Where alias is provided by the CXF runtime, and not visible to the WSDL or
client..
If i have to pick it out of the interceptor chain or something, thats fine
too, i am not picky.
Thanks for the sustained interest:)
On 7 Mar 2015 20:34, "Andrei Shakirin" <[email protected]> wrote:
> Hi Martin,
>
> I assume you would like to get client certificate on the service side to
> use it for encryption of response, correct?
> If yes, I would first of all evaluate using of "useReqSigCert" constant as
> value of in "ws-security.encryption.username" property on the server side.
> In this case service will extract client certificate from request and use
> it to encrypt the response. This approach is very convenient on the server
> side to encrypt responses for different clients. In this case you don't
> need to lookup client certificate on server side at all, service will get
> certificate and proceed encryption automatically.
> Is this close to your question? If not, please elaborate your use case a
> bit more.
>
> Regards,
> Andrei.
>
> > -----Original Message-----
> > From: Martin Nielsen [mailto:[email protected]]
> > Sent: Samstag, 7. März 2015 13:32
> > To: [email protected]
> > Subject: RE: Alternative key sources using asymmetric security?
> >
> > Great!
> >
> > I will get right on that..
> > As a bonus question, i was wondering, is it possible to make either
> the calling
> > public key or alias (or anything that uniquely identifies the key)
> available to the
> > method being invoked by CXF when the client calls a service?
> > Optimally, i would like it defined as a method parameter, but im not
> picky.
> >
> > And thank you :)
> > On 6 Mar 2015 18:11, "Andrei Shakirin" <[email protected]> wrote:
> >
> > > Hi Martin,
> > >
> > > Yes, for sure. You need to provide own implementation of WSS4J Crypto
> > > interface.
> > > Btw CXF supports XKMS standard to get public keys as alternative to
> > > keystore.
> > > You can take this either as example of Crypto implementation:
> > > https://github.com/apache/cxf/blob/master/services/xkms/xkms-client/sr
> > > c/main/java/org/apache/cxf/xkms/crypto/provider/XkmsCryptoProvider.jav
> > > a
> > >
> > > or use XKMS service to manage your certificates:
> > > http://cxf.apache.org/docs/xml-key-management-service-xkms.html
> > >
> > > Regards,
> > > Andrei.
> > >
> > >
> > > > -----Original Message-----
> > > > From: Martin Nielsen [mailto:[email protected]]
> > > > Sent: Freitag, 6. März 2015 10:36
> > > > To: [email protected]
> > > > Subject: Alternative key sources using asymmetric security?
> > > >
> > > > Looking at WS-Security asymmetric encryption, i was wondering if it
> > > > is
> > > possible
> > > > in some way to configure CXF to look somewhere else than a java
> > > > keystore
> > > for
> > > > the key information.
> > > >
> > > > Say that you have a case where you need to add web services to an
> > > application
> > > > that already has a public key for all it's users in a database, for
> > > example. Would
> > > > it be possible to have CXF look for a public key in the database
> > > > instead
> > > of a
> > > > keystore?
> > > >
> > > > -Martin
> > >
>
