Hello All,
I am doing Signature / Verification in my web services and I would like the
server to be able to specify the signature algorithm.
In my policy WSDL, the algorithm is specified:
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256Sha256 />
</wsp:Policy>
</sp:AlgorithmSuite>
On the client side, I can easily set the algorithm:
<entry key="signatureAlgorithm"
value="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<entry key="signatureDigestAlgorithm"
value="http://www.w3.org/2001/04/xmlenc#sha256"/>
However, on the server side I tried a similar configuration:
<bean id="wss4jInInterceptor"
class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
<map>
<entry key="action" value="Signature Timestamp"
/>
<entry key="signaturePropRefId"
value="wsCryptoPropertiesSignatureVerificationIn" />
<entry
key="wsCryptoPropertiesSignatureVerificationIn"
value-ref="wsCryptoPropertiesSignatureVerificationIn" />
<entry key="signatureAlgorithm"
value="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<entry key="signatureDigestAlgorithm"
value="http://www.w3.org/2001/04/xmlenc#sha256"/>
</map>
</constructor-arg>
</bean>
But the server does not force the client to use the sha256 algorithm. Is
there any way to tell the server to make the client use a specific
algorithm?
Thanks,
Yogesh
--
View this message in context:
http://cxf.547215.n5.nabble.com/Signature-Verification-Algorithm-tp5713333.html
Sent from the cxf-user mailing list archive at Nabble.com.
