Re: transportBinding httpsToken not taken from conduit tlsClientParameters

Mon, 22 Jan 2018 06:56:29 -0800 

The properties you're referring to ("security.signature.properties") are
used for WS-Security (e.g. signing/encrypting the SOAP message). The TLS
keys/certs are used for the Transport layer. In the policy example you
gave, you don't need to configure "security.signature.properties" at all,
as there are no message signing policies.

Colm.

On Mon, Jan 22, 2018 at 2:49 PM, vlad.balan <[email protected]> wrote:

> Hello
>
> can soneone help me and tell me why HttpsToken policy
>
>                 <sp:TransportBinding
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
>                     <wsp:Policy>
>                         <sp:TransportToken>
>                             <wsp:Policy>
>                                 <sp:HttpsToken>
>                                     <wsp:Policy>
>                                         <sp:RequireClientCertificate/>
>                                     </wsp:Policy>
>                                 </sp:HttpsToken>
>                             </wsp:Policy>
>                         </sp:TransportToken>
>                         <sp:Layout>
>                             <wsp:Policy>
>                                 <sp:Strict/>
>                             </wsp:Policy>
>                         </sp:Layout>
>                         <sp:IncludeTimestamp/>
>                         <sp:AlgorithmSuite>
>                             <wsp:Policy>
>                                 <sp:Basic128/>
>                             </wsp:Policy>
>                         </sp:AlgorithmSuite>
>                     </wsp:Policy>
>                 </sp:TransportBinding>
>
>
>
> does not take its parameters (certificates,etc) from conduit (client
> side)/engine (server side)
>
> http:tlsClientParameters element
>
> ( sample:
>
>
>     <http:conduit
> name="{http://apache.org/hello_world_soap_http}SoapPort.http-conduit";>
>         <http:tlsClientParameters  disableCNCheck="true">
>             <sec:keyManagers keyPassword="ckpass">
>                 <sec:keyStore file="src/main/config/clientKeystore.jks"
> password="cspass" type="JKS"/>
>             </sec:keyManagers>
>             <sec:trustManagers>
>                 <sec:keyStore file="src/main/config/clientKeystore.jks"
> password="cspass" type="JKS"/>
>             </sec:trustManagers>
>
>         </http:tlsClientParameters>
>     </http:conduit>
> )
>
>
> and instead needs exlicitly specify them (in properties of client or server
> endpoint)
>
>
>
>
>     <jaxws:client name="{http://apache.org/hello_world_soap_http}SoapPort";
> >
>         <jaxws:properties>
>
>             <entry key="security.signature.properties"
> value="security.signature.properties"/>
>             <entry key="security.encryption.properties"
> value="security.signature.properties"/>
>
> ....
>
>
> Thanks
>
>
>
>
> --
> Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Reply via email to