axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Karen Loughran <k.lough...@qub.ac.uk>
Subject WSS4J signature authentication, doesn't appear to cross reference ca root authority
Date Thu, 10 May 2007 16:33:08 GMT

Hi all,

I'm using apache axis 1.x and have set up WS Security Axis handlers and
wss4j (v1.5) for the authentication of signed messages at the
requestFlow of my service and client.

Having carried out some tests, I realise that wss4j security (at least
action signature) just enables mutual authentication based on user certs
with no cross reference check to the ca root authority chained in the
keystores. 

Is there a way to configure wss4j to cross reference the chained ca root
in the request against the servers the caroot in the servers keystore
and/or the java system wide ca certs ?

Thanks

Karen



---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org


Mime
View raw message