Hi, There is no easy way to support encrypted values in Crypto properties files in CXF 2.7.x. However, it is supported in CXF 3.0.0 which will be released shortly. See here for more information:
http://coheigea.blogspot.ie/2014/02/apache-wss4j-200-part-iv.html If you can't upgrade to CXF 3.0.0 then you could implement your own Crypto implementation, by copying the Merlin implementation in WSS4J + extending it to decrypt encrypted properties. Colm. On Thu, Mar 20, 2014 at 8:12 PM, JHClouser <[email protected]> wrote: > Hello, > > The version of Apache CXF to which this post applies is 2.7.7. > > I have a WSDL-first web service with a WS-Policy expression that includes > an > X.509 token assertion as an option to authenticate with the service. > > <wsp:Policy > wsu:Id="WsSecurityUsernameToken-Or-WsSecurityX509CertificateToken"> > <wsp:ExactlyOne> > > <wsp:All> > <wssp:UsernameToken > IncludeToken=" > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient > "> > <wsp:Policy/> > </wssp:UsernameToken> > </wsp:All> > > <wsp:All> > <wssp:X509Token > IncludeToken=" > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient > "> > <wsp:Policy/> > </wssp:X509Token> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > > I'd like to use the following annotation to specify the pertinent signature > properties for signature validation. > > @EndpointProperty(key = "ws-security.signature.properties > ", value = "my.properties") > > However, I have a requirement where no sensitive information, such as a key > store password, may be in the clear while at rest. I therefore have an > encrypted property in my.properties, which creates an issue. > > I'd like to apply my custom decryption utility to an encrypted property > before leveraging the WS-SecurityPolicy and signature validation support in > CXF, but how would one recommend I go about that with WSDL-first service? > > Thank you. > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/Signature-Properties-That-Are-Encrypted-tp5741606.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
