You can encrypt the password in the Crypto properties file, but you still need to supply a password somehow to decrypt the encrypted password. See here:
http://coheigea.blogspot.ie/2014/02/apache-wss4j-200-part-iv.html Colm. On Fri, Feb 2, 2018 at 5:00 AM, Al Grant <bigal...@gmail.com> wrote: > Similar to last post : > > > ((BindingProvider)iisrService).getRequestContext().put( > SecurityConstants.ENCRYPT_PROPERTIES, > "client_sign.properties"); > > ((BindingProvider)iisrService).getRequestContext().put( > SecurityConstants.SIGNATURE_PROPERTIES, > "client_sign.properties"); > > ((BindingProvider)iisrService).getRequestContext().put( > SecurityConstants.SIGNATURE_USERNAME, > "signingonly"); > > ((BindingProvider)iisrService).getRequestContext().put( > SecurityConstants.CALLBACK_HANDLER, > ClientCallbackHandler.class.getName()); > > Is there a way to avoid having the client_sign.properties file storing the > username and password for the certificate alias in clear text on the hard > disk? > > > > > > -- > Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com