I am also interested in some thoughts on this issue. My understanding is that if you want to encrypt something you need a secret (whether it's a password or a private key, etc). So you can create a custom provider that could process an encrypted/obfuscated properties file, but where would you store this secret?
You might have some luck with a feature provided by your application server, for example I believe glassfish provides a way of using aliases in configuration files which are ultimately protected by the master password. On Thu, Mar 20, 2014 at 4:12 PM, JHClouser <[email protected]> wrote: > Hello, > > The version of Apache CXF to which this post applies is 2.7.7. > > I have a WSDL-first web service with a WS-Policy expression that includes > an > X.509 token assertion as an option to authenticate with the service. > > <wsp:Policy > wsu:Id="WsSecurityUsernameToken-Or-WsSecurityX509CertificateToken"> > <wsp:ExactlyOne> > > <wsp:All> > <wssp:UsernameToken > IncludeToken=" > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient > "> > <wsp:Policy/> > </wssp:UsernameToken> > </wsp:All> > > <wsp:All> > <wssp:X509Token > IncludeToken=" > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient > "> > <wsp:Policy/> > </wssp:X509Token> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > > I'd like to use the following annotation to specify the pertinent signature > properties for signature validation. > > @EndpointProperty(key = "ws-security.signature.properties > ", value = "my.properties") > > However, I have a requirement where no sensitive information, such as a key > store password, may be in the clear while at rest. I therefore have an > encrypted property in my.properties, which creates an issue. > > I'd like to apply my custom decryption utility to an encrypted property > before leveraging the WS-SecurityPolicy and signature validation support in > CXF, but how would one recommend I go about that with WSDL-first service? > > Thank you. > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/Signature-Properties-That-Are-Encrypted-tp5741606.html > Sent from the cxf-user mailing list archive at Nabble.com. >
