Thanks for the confirmation on this.
Cheers, Kang Werner Dittmann wrote:
Right - this property file is not used to store the password to unlock the private key. A good idea could be that the PWCallback class opens a file (could be a property-style file) where you store the password. The idea behind PWcallback is to enable various ways to store/retrieve the password of a user's private key and to use it to unlock it. For example some people store the paasword in a directoy or database or implement a GUI to ask the user. Depends on the use case at hand. Regards, Werner kang tang schrieb:hi, I am using a WSS4J with Axis 1.x to sign SOAP message on my web service client. The client works fine when I use PWcallback in client-config.wsdd and hardcoded the password for my private key in the PWcallback class. But I would like to actually put the password of my private key in crypto.properties as plain text. yes, I understand this is not a good practice, but lets presume this is not an issue in my case. So I removed the 'user' and 'PWcallback' parameters in client-config.wsdd : ---------------------------------------- <handlertype="java:org.apache.ws.axis.security.WSDoAllSender"><parameter name="action" value="Signature" /> <!-- <parameter name="user" value="test" /> <parameter name="passwordCallbackClass"value="test.sample.SamplePWCallback" />--> <parameter name="signatureKeyIdentifier" value="IssuerSerial" /> <parameter name="signaturePropFile" value="crypto.properties" /> </handler> -------------------------------------------- and set them in my crypto.properties: ----------------------------------------------------- org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=pkcs12 org.apache.ws.security.crypto.merlin.keystore.password=xxxxx org.apache.ws.security.crypto.merlin.keystore.alias=test org.apache.ws.security.crypto.merlin.alias.password=xxxxx org.apache.ws.security.crypto.merlin.file=xxx.p12 But the application complains it can't find the 'user' and 'password' for the private key required for signing. It appears the 'org.apache.ws.security.crypto.merlin.alias.password' and 'org.apache.ws.security.crypto.merlin.keystore.alias' in crypto.properties simply won't work? Many thanks, Kang --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
--------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
