On Tue October 13 2009 4:17:36 pm cLaSic wrote: > Yea i have already tried this but not working !
Define "not working". With that method, you are given the X509 cert that was used to sign the method and the reqeust data from which you can get the trust store and such (I think). From that, it's completely up to you to accept that cert or not. Dan > > dkulp wrote: > > You probably need to subclass the WSS4JInInterceptor and override the > > method: > > > > protected boolean verifyTrust(X509Certificate cert, RequestData > > reqData) > > throws WSSecurityException > > > > > > Dan > > > > cLaSic wrote: > >> Hi, > >> > >> What if the Server got 3 public keys (alias1, alias2, alias3) and we > >> want to use only the second one to verify the signature! How can we do > >> this with CXF ? i beleive that we have to override something in the IN > >> interceptor. > >> > >> Regards, > >> cLaSic > >> > >> Mayank Mishra-3 wrote: > >>> Hi, > >>> > >>> One way of doing this is by specifying Alias name in trust store > >>> related assertions/configuration specified using the WS-Security > >>> Policy. You can specify this assertion at policy bound to > >>> Binding/Port/Service level. > >>> > >>> But since the scenario has different client each with its own private > >>> key, either you can use the BST signature key reference Identifier in > >>> which client sends the public certificate embedded in the secured > >>> message. > >>> or in the WS-SecurityPolicy, you can specify an KeyValueToken as a > >>> token type, then the Security engine would output an RSAKeyValue key in > >>> the security header which is the public key certificate I guess. > >>> > >>> But in both cases, on the receiving side, we require to write a > >>> callback handler to extract, validate and reinsert the certificate in > >>> the context to use it. > >>> > >>> With Regards, > >>> Mayank > >>> > >>> cLaSic wrote: > >>>> Hi all, > >>>> > >>>> I have a general question about WS-Security : How the server select a > >>>> certificat from the thruststore to authenticate the client signature ? > >>>> we > >>>> suppose that we have a lot of client, and each one has it's private > >>>> key, of > >>>> course the server has also each client public key. > >>>> > >>>> Regards, > >>>> cLaSic > -- Daniel Kulp [email protected] http://www.dankulp.com/blog
