No, instead the truststore can be referred to in the Signature properties file. If it doesn't exist, it falls back to using the certs from the signing keystore instead:
http://ws.apache.org/wss4j/config.html By the way you are using the same keystores and aliases for both signature and encryption which is not correct. Does the target service expect the request to be encrypted as well as signed? If not you can leave out the encryption properties. Colm. On Thu, Jan 18, 2018 at 9:52 PM, Al Grant <[email protected]> wrote: > Thanks guys but I am still confused. > > In my code: > > > ((BindingProvider)iisrService).getRequestContext().put( > SecurityConstants.ENCRYPT_PROPERTIES, > "client_sign.properties"); > > ((BindingProvider)iisrService).getRequestContext().put( > SecurityConstants.ENCRYPT_USERNAME, > "signingonly"); > > ((BindingProvider)iisrService).getRequestContext().put( > SecurityConstants.SIGNATURE_PROPERTIES, > "client_sign.properties"); > > ((BindingProvider)iisrService).getRequestContext().put( > SecurityConstants.SIGNATURE_USERNAME, > "signingonly"); > > ((BindingProvider)iisrService).getRequestContext().put( > SecurityConstants.CALLBACK_HANDLER, > ClientCallbackHandler.class.getName()); > > I assume somewhere I need to add a > SecurityConstants.SOMETHING_REFERS_TRUSTCONFIG_FILE ? > > Cheers > > AG > > > > > -- > Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
