cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: CXF interceptors - dynamic usage?
Date Mon, 17 Oct 2011 09:18:42 GMT
> I'm reading about "useReqSigCert"  - is this something that will help me?
> It will encrypt with the same cert as the one used in the signature, but to
> read the signature - doesn't my app need to know what certificate to use?

No, as to verify a signature you only need to be in possession of some
trusted issuer of the cert associated with the signature. So if you
have a server application and lots of different clients, ideally your
server application will have a few trusted certs in its truststore to
use to verify digital signatures. You can then use "useReqSigCert" to
encrypt the response using the same cert as was used to verify the
signature.

Colm.


On Fri, Oct 14, 2011 at 11:13 PM, nkunkov <nkunkov@gmail.com> wrote:
> I think i have to clarify my message a bit.
>
> My application will be both a web service client and a web service server.
>
> I implemented web service security using the interceptors and it works when
> my application is a client.  Since it knows where it sends the request it
> can give the interceptor an alias for the keystore and the right certificate
> will be used for encryption.
>
> But i'm struggling to implement security when my application is a server.
> The requests will be coming in from different clients. I need a way to
> identify each client to pass the interceptor the alias name so it can get
> the right certificate.  Or is there a way to do this seamlessly?
>
> I'm reading about "useReqSigCert"  - is this something that will help me?
> It will encrypt with the same cert as the one used in the signature, but to
> read the signature - doesn't my app need to know what certificate to use?
>
> I may not be understanding the security and the CXF very well so bear with
> me...
> Any help will be appreciated...
>
> Thank you,
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/CXF-interceptors-dynamic-usage-tp4903991p4904085.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>



-- 
Colm O hEigeartaigh

http://coheigea.blogspot.com/
Talend - http://www.talend.com/apache

Mime
View raw message