Hi, Private key is password protected in the java keystore. CXF needs private key for the signature, therefore password should be provided using PasswordCallback for each alias.
Regards, Andrei. > -----Original Message----- > From: cvm [mailto:[email protected]] > Sent: Donnerstag, 2. Mai 2013 16:54 > To: [email protected] > Subject: Re: cxf keystore security problem - > org.apache.cxf.binding.soap.SoapFault: Empty username for specified action. > > Pardon my ignorance.But why do I have to set the password on the client > Callback when we are using Signature.I can understand the usage of it when > using Usernametoken where we need to send the username/pwd combo > and validate it on the server side but when we are using keystores and > providing all the relevant information on the signaturePropFile why do we > still need to set the password to the keystore password on the client callback > handler? > Th 2nd part of the question is what is the right way of fetching this > password.At the moment I'm doing as follows > > > > abcd123 is my keystore password.Obviously this is ok for test but in a prod > scenario where do i go and fetch this password to be set? > > > > > -- > View this message in context: http://cxf.547215.n5.nabble.com/cxf- > keystore-security-problem-org-apache-cxf-binding-soap-SoapFault-Empty- > username-for-specified-act-tp5726920p5727071.html > Sent from the cxf-user mailing list archive at Nabble.com.
