Hi Lukasz,
Finally I get the reason why your changes in the properties can't be
loaded, CXF-2038 [1] track this isssue.
[1]https://issues.apache.org/jira/browse/CXF-2038
Freeman
Lukasz L. wrote:
Hi Ashwin,
I took a look at WSS4JInInterceptor class and it seems that exception should
be thrown:
if (returnCert != null && !verifyTrust(returnCert, reqData))
{
LOG.warning("The certificate used for the signature is
not trusted");
throw new
WSSecurityException(WSSecurityException.FAILED_CHECK);
}
I did more tests and I found possible cause of confusion. It seems that some
configuration settings aren't reloaded after service assembly redeployment
but in addition the server needs to be restarted.
I did tests in which I was changing bob.properties file (changing keystore
file name) and redeploying the service assembly. After redeployment the
bahaviour wasn't changed e.g. when I changed from right keystore to the
wrong one the signature still was valid as if the old key was taken into
account.
When I stopped and started server without any further changes the bahaviour
was as I expected (that in above case I got signature validation exception).
It's a bit strange because all properties and keystore file are inside SU
and it should be reloaded after redeployment.
Ashwin Karpe wrote:
Hi Lukasz,
I believe this may be related to the interceptor code itself. The
interceptor code will need to be suitably modified to perform the check.
The default example interceptor code shipping in SMX is not strict. It
does not throw an exception when the match is not made and allows the call
to go ahead. It was not designed for direct commercial use. Please check
out the Java code for the interceptor and modify accordingly. Examples of
how to throw a security exception and appropriate codes should be
available in the WS-Security spec.
The match is made in the Java code associated with the interceptor.
