Right - this property file is not used to store the password to unlock the private key.
A good idea could be that the PWCallback class opens a file (could be a property-style file) where you store the password. The idea behind PWcallback is to enable various ways to store/retrieve the password of a user's private key and to use it to unlock it. For example some people store the paasword in a directoy or database or implement a GUI to ask the user. Depends on the use case at hand. Regards, Werner kang tang schrieb: > hi, > > I am using a WSS4J with Axis 1.x to sign SOAP message on my web service > client. > > The client works fine when I use PWcallback in client-config.wsdd and > hardcoded the password for > my private key in the PWcallback class. > > But I would like to actually put the password of my private key in > crypto.properties as plain text. yes, I > understand this is not a good practice, but lets presume this is not an > issue in my case. > > So I removed the 'user' and 'PWcallback' parameters in client-config.wsdd : > > ---------------------------------------- > <handler > > type="java:org.apache.ws.axis.security.WSDoAllSender"> > <parameter name="action" > value="Signature" /> > <!-- > <parameter name="user" value="test" /> > <parameter name="passwordCallbackClass" > > value="test.sample.SamplePWCallback" /> > --> > > <parameter name="signatureKeyIdentifier" > value="IssuerSerial" /> > > <parameter name="signaturePropFile" > value="crypto.properties" /> > > </handler> > -------------------------------------------- > > > and set them in my crypto.properties: > > ----------------------------------------------------- > org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin > > org.apache.ws.security.crypto.merlin.keystore.type=pkcs12 > org.apache.ws.security.crypto.merlin.keystore.password=xxxxx > org.apache.ws.security.crypto.merlin.keystore.alias=test > org.apache.ws.security.crypto.merlin.alias.password=xxxxx > org.apache.ws.security.crypto.merlin.file=xxx.p12 > > > > But the application complains it can't find the 'user' and 'password' > for the private key required for signing. > It appears the 'org.apache.ws.security.crypto.merlin.alias.password' and > 'org.apache.ws.security.crypto.merlin.keystore.alias' > in crypto.properties simply won't work? > > Many thanks, > Kang > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
