Fwd: CXF Security policy signature method

Tue, 13 Aug 2013 06:20:50 -0700 

I was afraid of that.

The policy that is used is as follows:

<wsp:Policy wsu:Id="...">
  <wsp:ExactlyOne>
   <wsp:All>
        <sp:AsymmetricBinding>
           <wsp:Policy>
               <sp:InitiatorToken>
                   <wsp:Policy>
                       <sp:X509Token sp:IncludeToken="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient
">
                           <wsp:Policy>
                               <sp:RequireThumbprintReference/>
                               <sp:WssX509V3Token10/>
                           </wsp:Policy>
                       </sp:X509Token>
                   </wsp:Policy>
             </sp:InitiatorToken>
             <sp:RecipientToken>
                  <wsp:Policy>
                        <sp:X509Token sp:IncludeToken="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToInitiator
">
                             <wsp:Policy>
                                 <sp:RequireThumbprintReference/>
                                 <sp:WssX509V3Token10/>
                            </wsp:Policy>
                      </sp:X509Token>
                 </wsp:Policy>
              </sp:RecipientToken>
             <sp:AlgorithmSuite>
                     <wsp:Policy>
                         <sp:Basic256Sha256Rsa15/>
                     </wsp:Policy>
             </sp:AlgorithmSuite>
             <sp:Layout>
                  <wsp:Policy>
                        <sp:Lax/>
                  </wsp:Policy>
             </sp:Layout>
             <sp:IncludeTimestamp/>
             <sp:OnlySignEntireHeadersAndBody/>
       </wsp:Policy>
    </sp:AsymmetricBinding>
    </wsp:All>
   </wsp:ExactlyOne>
</wsp:Policy>


When I look at this policy, I'd think that SHA256 would be used i thought
RSA-SHA256 would be used as the signature-algorithm, but when I look at the
XML that is output by CXF RSA-SHA1 is used.

Where am I going wrong?

Ted




2013/8/13 Colm O hEigeartaigh <[email protected]>

> You can't set the SignatureAlgorithm if you are using WS-SecurityPolicy,
> as it defaults to that of the spec. What requirements do you have? What
> signature algorithm do you want to use?
>
> Colm.
>
>
> On Tue, Aug 13, 2013 at 1:36 PM, Ted Roeloffzen 
> <[email protected]>wrote:
>
>> Hi Colm,
>>
>> The WSS4JOutInterceptor is created and configured automatically by CXF,
>> right?
>> Can I somehow retrieve the WSS4JOutInterceptor during the process and set
>> the signatureAlgorithm tag, without having to configure the entire
>> interceptor?
>>
>> Ted
>>
>>
>>
>>
>> 2013/8/13 Colm O hEigeartaigh <[email protected]>
>>
>>> If you are using WS-SecurityPolicy, then the spec defines the signature
>>> method as "RSA-SHA1" for Asymmetric Signature, and "HMAC-SHA1" for
>>> Symmetric Signature. Otherwise, you can set it via the
>>> "signatureAlgorithm"
>>> configuration tag on the WSS4JOutInterceptor.
>>>
>>> Colm.
>>>
>>>
>>> On Tue, Aug 13, 2013 at 8:08 AM, Ted Roeloffzen <
>>> [email protected]>wrote:
>>>
>>> > Hi All,
>>> >
>>> > How does CXF determine which signature method to use?
>>> > Does it retrieve it from the security-policy in the WSDL or do you
>>> have to
>>> > configure it?
>>> >
>>> > kind regards,
>>> >
>>> > Ted
>>> >
>>>
>>>
>>>
>>> --
>>> Colm O hEigeartaigh
>>>
>>> Talend Community Coder
>>> http://coders.talend.com
>>>
>>
>>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>

Reply via email to