I have a CXF WebService (as server) with WSS Security and now I would like to
use a public certificate for encryption based on the sender.
I know there is the property
ws-security.encryption.username=useReqSigCert
This comes already close to what I would like to do. However, in my setup,
there are different certificates for signature and encryption for all
service clients. So I have a mapping of a sender ID (taken out of a custom
soap header) to one public signature certficate (to validate the signature)
and one public encryption certificate (to enrypt to response).
Is there a way to support this with CXF?
Or, what class of interceptor (or something) do I have to extend to be able
to do this?
I found this in
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.setEncryptionUser(WSSecEncryptedKey,
AbstractToken, boolean, Crypto)
if (WSHandlerConstants.USE_REQ_SIG_CERT.equals(encrUser)) {
List<WSHandlerResult> results =
CastUtils.cast((List<?>)
message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS));
if (results != null) {
encrKeyBuilder.setUseThisCert(getReqSigCert(results));
//TODO This is a hack, this should not come under
USE_REQ_SIG_CERT
if (encrKeyBuilder.isCertSet()) {
encrKeyBuilder.setUserInfo(getUsername(results));
}
} else {
unassertPolicy(token, "No security results in incoming
message");
}
} else {
encrKeyBuilder.setUserInfo(encrUser);
}
Which class do I have to extend to be able to change this code? And how to
use it? Or is it the right way?
Versions:
cxf-core 3.1.2
cxr-rt-ws-security 3.1.2
wss4j 2.1.2
cxr-rt-ws-policy 3.1.3
--
View this message in context:
http://cxf.547215.n5.nabble.com/Dynamic-encryption-user-name-tp5761404.html
Sent from the cxf-user mailing list archive at Nabble.com.
