cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <>
Subject Re: WS-Security : UsernameToken(Password Digest) + Sign/Encrypt Messages
Date Fri, 20 Sep 2013 10:18:15 GMT
1) "RequireClientCertificate" means that the service endpoint must be
configured to require a client certificate + must be set up with a
trustManager. For example, if you are using Jetty (lines 50 -> 70):

Similarly, the client needs to be configured with a keyManager to supply
the certificate, e.g. (line 111 -> 120):

2) If you are using TLS/TransportBinding, then the messages are already
encrypted/signed at the Transport level. If you require message level
signature/encryption, then you need to use either a Symmetric or Asymmetric
Binding, depending on your requirements.


On Fri, Sep 20, 2013 at 11:04 AM, Faz <>wrote:

> Hi All,I was successful in setting up the WS-security with SSL, along with
> UsernameToken(PasswordDigest) with the below code snippet.All this works
> good, Now i would like to know few here...1. What in CXF should be done, if
> I change the *RequireClientCertificate *to true in *HttpsToken* ?2. I need
> to also have the messages encrypted and Signed along with the above set-up?
> Would setting the *sp:OnlySignEntireHeadersAndBody* tag help me out here? I
> don't need X.509 certificates, but just need to encrypt and decrypt the
> messages?If there is any better option, please let me know. Thnx!
> --
> View this message in context:
> Sent from the cxf-user mailing list archive at

Colm O hEigeartaigh

Talend Community Coder

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message