On 08/29/2016 07:46 AM, Colm O hEigeartaigh wrote:
You can get the signing certificate via the WSS4J result set which is
stored on the CXF Message Context after WS-Security processing. There is an
example in a unit tests here in the cxf-rt-ws-security module:
https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java;h=31debf3c2081841b9c0ae5b400a6b8b2dba388f8;hb=HEAD
See the "getResults" method on line 482. It gets a List<WSHandlerResult>
Object from the message context. Signing client certificates are then
extracted from this in some of the tests, e.g.:
WSSecurityEngineResult actionResult =
handlerResults.get(0).getActionResults().get(WSConstants.SIGN).get(0);
X509Certificate[] certificates =
(X509Certificate[])
actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATES);
Yow! A far cry from well documented
SubjectAccessor.getRequesterSubject() static method from Metro. That
would have taken me quite some time to unearth. Glad I asked!
You can get the message context by adding a @Resource WebServiceContext
context; to your implementation, and then get the message context from this
via context.getMessageContext().
This part I had...same as my Metro code, b/c that is a standard JAX-WS
annotation, or so I believe.
Thanks very much...a big help!
SL
