cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Glen Mazza <glen.ma...@gmail.com>
Subject Simplify the configuration options on the WS-Trust page?
Date Thu, 22 Jul 2010 19:44:42 GMT

Team,

On the STS client page[1], the property keys configured for the direct and
indirect configuration options for an STS client seem unnecessarily
different:

direct configuration uses:
<entry key="ws-security.username" value="joe"/>
<entry key="ws-security.callback-handler"
value="interop.client.KeystorePasswordCallback"/>
<entry key="ws-security.signature.properties" value="etc/alice.properties"/> 
<entry key="ws-security.encryption.properties" value="etc/bob.properties"/>

indirect configuration uses:
<entry key="ws-security.sts.token.properties" value="etc/bob.properties"/>  
<entry key="ws-security.callback-handler"
value="interop.client.KeystorePasswordCallback"/>
<entry key="ws-security.signature.properties" value="etc/alice.properties"/> 
<entry key="ws-security.encryption.properties" value="etc/bob.properties"/>	

The example would probably be clearer if the configuration were the same for
both, or at least some explanation given why they should be different. 
(BTW, what is "ws-security.sts.token.properties" for?  I haven't needed it.)

Any problem with standardizing to the same sample config?  This is what I'm
using locally for my test client against a Metro STS:

<entry key="ws-security.username" value="alice"/>
<entry key="ws-security.callback-handler" value="client.MyCallbackHandler"/>
<entry key="ws-security.signature.properties"
value="clientKeystore.properties"/> 
<entry key="ws-security.encryption.properties"
value="clientKeystore.properties"/> 
<entry key="ws-security.encryption.username" value="mystskey"/>

Where clientKeystore.properties is this:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=cspass
org.apache.ws.security.crypto.merlin.keystore.alias=myclientkey
org.apache.ws.security.crypto.merlin.file=clientstore.jks

It seems to work fine, requires one less properties file, providing you use
the same keystore for the truststore--I can put in a sentence telling the
user to have separate "ws-security.signature.properties" and
"ws-security.encryption.properties" values if the keystore and truststore
are different.

Thoughts?

Thanks,
Glen

[1] http://cxf.apache.org/docs/ws-trust.html
-- 
View this message in context: http://cxf.547215.n5.nabble.com/Simplify-the-configuration-options-on-the-WS-Trust-page-tp1842738p1842738.html
Sent from the cxf-dev mailing list archive at Nabble.com.

Mime
View raw message