cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From anpoky <andr...@pokrzywinski.de>
Subject Dynamic encryption user name
Date Fri, 02 Oct 2015 07:46:58 GMT
I have a CXF WebService (as server) with WSS Security and now I would like to
use a public certificate for encryption based on the sender.

I know there is the property

ws-security.encryption.username=useReqSigCert

This comes already close to what I would like to do. However, in my setup,
there are different certificates for signature and encryption for all
service clients. So I have a mapping of a sender ID (taken out of a custom
soap header) to one public signature certficate (to validate the signature)
and one public encryption certificate (to enrypt to response).

Is there a way to support this with CXF?

Or, what class of interceptor (or something) do I have to extend to be able
to do this?

I found this in

org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.setEncryptionUser(WSSecEncryptedKey,
AbstractToken, boolean, Crypto)
        if (WSHandlerConstants.USE_REQ_SIG_CERT.equals(encrUser)) {
            List<WSHandlerResult> results = 
                CastUtils.cast((List<?>)
                   
message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS));
            if (results != null) {
                encrKeyBuilder.setUseThisCert(getReqSigCert(results));
                 
                //TODO This is a hack, this should not come under
USE_REQ_SIG_CERT
                if (encrKeyBuilder.isCertSet()) {
                    encrKeyBuilder.setUserInfo(getUsername(results));
                }
            } else {
                unassertPolicy(token, "No security results in incoming
message");
            }
        } else {
            encrKeyBuilder.setUserInfo(encrUser);
        }

Which class do I have to extend to be able to change this code? And how to
use it? Or is it the right way?

Versions:
cxf-core 3.1.2
cxr-rt-ws-security 3.1.2
wss4j 2.1.2
cxr-rt-ws-policy 3.1.3



--
View this message in context: http://cxf.547215.n5.nabble.com/Dynamic-encryption-user-name-tp5761404.html
Sent from the cxf-user mailing list archive at Nabble.com.

Mime
View raw message