Hi Ashwin,
let me explain what I'm intending to do
1) I want to sign the message on client's side in order for server to verify
the sender and also verify that message content wasn't changed (I do not
care about it if someone can read the message).
I want the client to use private key to generate the signature and server to
use client's public key to verify the signature
2) I believe that in order to do it I need to use action="Signature"
3) By one way I mean that only client puts its signature and the server
verifies it (server just send the response without any security mechanisms)
4) Because it's one way we care only about client's OUT and server's IN
wss4j interceptors
I reduced the cxf-ws-security example to implement only above scenario and
it works.
Here's the reduced configuration:
CXF consumer In interceptor:
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"
id="TimestampSignEncrypt_Request">
<constructor-arg>
<map>
<entry key="action" value="Signature"/>
<entry key="signaturePropFile" value="alice.properties"/>
<entry key="passwordCallbackClass"
value="org.apache.servicemix.samples.cxf_ws_security.KeystorePasswordCallback"/>
</map>
</constructor-arg>
</bean>
Client's Out interceptor:
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"
id="TimestampSignEncrypt_Request">
<constructor-arg>
<map>
<entry key="action" value="Signature"/>
<entry key="user" value="alice"/>
<entry key="signaturePropFile" value="alice.properties"/>
<entry key="signatureKeyIdentifier"
value="DirectReference"/>
<entry key="passwordCallbackClass"
value="org.apache.servicemix.samples.cxf_ws_security.KeystorePasswordCallback"/>
<entry key="signatureParts"
value="{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body"/>
</map>
</constructor-arg>
</bean>
I check what is sent and indeed XML Digital signature is sent.
Now my problem is that I don't know why it works in terms of keys
(keystores) because I don't know what's inside. I guess that in my scenario
client need to have private key and the server need to have client's public
key but when I tried to change the keys to ones generated by myself I got an
error on server side saying that signature wasn't verified.
In this example I use only alice.properties that is alice.jks (so it is in
this example) and I guess it contains both public and private key, is that
correct?
In reality you'll have these keys separated, so how to change this example
to do it?
--
View this message in context:
http://www.nabble.com/CXF-WSS-example-tp20857457p20955861.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
