Pardon my ignorance.But why do I have to set the password on the client Callback when we are using Signature.I can understand the usage of it when using Usernametoken where we need to send the username/pwd combo and validate it on the server side but when we are using keystores and providing all the relevant information on the signaturePropFile why do we still need to set the password to the keystore password on the client callback handler? Th 2nd part of the question is what is the right way of fetching this password.At the moment I'm doing as follows
abcd123 is my keystore password.Obviously this is ok for test but in a prod scenario where do i go and fetch this password to be set? -- View this message in context: http://cxf.547215.n5.nabble.com/cxf-keystore-security-problem-org-apache-cxf-binding-soap-SoapFault-Empty-username-for-specified-act-tp5726920p5727071.html Sent from the cxf-user mailing list archive at Nabble.com.
