I think i have to clarify my message a bit. My application will be both a web service client and a web service server.
I implemented web service security using the interceptors and it works when my application is a client. Since it knows where it sends the request it can give the interceptor an alias for the keystore and the right certificate will be used for encryption. But i'm struggling to implement security when my application is a server. The requests will be coming in from different clients. I need a way to identify each client to pass the interceptor the alias name so it can get the right certificate. Or is there a way to do this seamlessly? I'm reading about "useReqSigCert" - is this something that will help me? It will encrypt with the same cert as the one used in the signature, but to read the signature - doesn't my app need to know what certificate to use? I may not be understanding the security and the CXF very well so bear with me... Any help will be appreciated... Thank you, -- View this message in context: http://cxf.547215.n5.nabble.com/CXF-interceptors-dynamic-usage-tp4903991p4904085.html Sent from the cxf-user mailing list archive at Nabble.com.
