Yea i have already tried this but not working !
dkulp wrote: > > > You probably need to subclass the WSS4JInInterceptor and override the > method: > > protected boolean verifyTrust(X509Certificate cert, RequestData > reqData) > throws WSSecurityException > > > Dan > > > > > > cLaSic wrote: >> >> Hi, >> >> What if the Server got 3 public keys (alias1, alias2, alias3) and we want >> to use only the second one to verify the signature! How can we do this >> with CXF ? i beleive that we have to override something in the IN >> interceptor. >> >> Regards, >> cLaSic >> >> >> Mayank Mishra-3 wrote: >>> >>> Hi, >>> >>> One way of doing this is by specifying Alias name in trust store related >>> assertions/configuration specified using the WS-Security Policy. You can >>> specify this assertion at policy bound to Binding/Port/Service level. >>> >>> But since the scenario has different client each with its own private >>> key, either you can use the BST signature key reference Identifier in >>> which client sends the public certificate embedded in the secured >>> message. >>> or in the WS-SecurityPolicy, you can specify an KeyValueToken as a >>> token type, then the Security engine would output an RSAKeyValue key in >>> the security header which is the public key certificate I guess. >>> >>> But in both cases, on the receiving side, we require to write a callback >>> handler to extract, validate and reinsert the certificate in the context >>> to use it. >>> >>> With Regards, >>> Mayank >>> >>> cLaSic wrote: >>>> Hi all, >>>> >>>> I have a general question about WS-Security : How the server select a >>>> certificat from the thruststore to authenticate the client signature ? >>>> we >>>> suppose that we have a lot of client, and each one has it's private >>>> key, of >>>> course the server has also each client public key. >>>> >>>> Regards, >>>> cLaSic >>>> >>> >>> >>> >> > > -- View this message in context: http://www.nabble.com/WS-Security-how-the-server-select-a-certificate-tp25795612p25880045.html Sent from the cxf-user mailing list archive at Nabble.com.
