axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nandana Mihindukulasooriya" <>
Subject Re: ws-security: Encryption using UserToken
Date Mon, 31 Dec 2007 17:19:15 GMT
Hi Patrick,

However what is still not clear to me is why in that sample there are using
> passwordCallbackClass to set key along with
> encryptionPropFile/decryptionPropFile
> (which eventually points to keystore). Shouldn't keystores  be redundant
> in symmetric encryption?

Yes, in this scenario we don't need encryptionPropFile/decryptionPropFile as
they are only needed when using a key store. This means that sample should
work if just remove the redundant encryptionPropFile/decryptionPropFile
attributes from the configuration.
   But there is a check in WSS4J which checks whether there is a property
when ever there is encryption. This check should be done only if a key store
involved. But this is bit tricky when it comes to decryption as this
( whether an embedded key was used ) is only available while processing the
encrypted elements but the key store is loaded in an earlier stage. But if
just remove that check this sample works fine with
attributes removed from the security configuration parameters.


View raw message