cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From anpoky <>
Subject Dynamic encryption user name
Date Fri, 02 Oct 2015 07:46:58 GMT
I have a CXF WebService (as server) with WSS Security and now I would like to
use a public certificate for encryption based on the sender.

I know there is the property


This comes already close to what I would like to do. However, in my setup,
there are different certificates for signature and encryption for all
service clients. So I have a mapping of a sender ID (taken out of a custom
soap header) to one public signature certficate (to validate the signature)
and one public encryption certificate (to enrypt to response).

Is there a way to support this with CXF?

Or, what class of interceptor (or something) do I have to extend to be able
to do this?

I found this in,
AbstractToken, boolean, Crypto)
        if (WSHandlerConstants.USE_REQ_SIG_CERT.equals(encrUser)) {
            List<WSHandlerResult> results = 
            if (results != null) {
                //TODO This is a hack, this should not come under
                if (encrKeyBuilder.isCertSet()) {
            } else {
                unassertPolicy(token, "No security results in incoming
        } else {

Which class do I have to extend to be able to change this code? And how to
use it? Or is it the right way?

cxf-core 3.1.2
cxr-rt-ws-security 3.1.2
wss4j 2.1.2
cxr-rt-ws-policy 3.1.3

View this message in context:
Sent from the cxf-user mailing list archive at

View raw message