ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wladislaw Mitzel (JIRA)" <j...@apache.org>
Subject [jira] [Created] (WSS-551) Property passwordEncryptorInstance is not honored
Date Sat, 22 Aug 2015 01:22:46 GMT
Wladislaw Mitzel created WSS-551:
------------------------------------

             Summary: Property passwordEncryptorInstance is not honored
                 Key: WSS-551
                 URL: https://issues.apache.org/jira/browse/WSS-551
             Project: WSS4J
          Issue Type: Bug
    Affects Versions: 2.0.5
            Reporter: Wladislaw Mitzel
            Assignee: Colm O hEigeartaigh


The configuration documentation says
|| Tag name || Tag value || Tag meaning ||
| *WSS4J 2.0.0* PASSWORD_ENCRYPTOR_INSTANCE | passwordEncryptorInstance |	A PasswordEncryptor
instance used to decrypt encrypted passwords in Crypto properties files. The default is the
JasyptPasswordEncryptor. |

When configuring a {{passwordEncryptorInstance}} for {{WSS4JOutInterceptor}} (line 20) the
property is not honored. 
{code:xml|linenumbers=true}
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws"
  xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
		http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">

  <jaxws:endpoint id="hello" address="/hello"
    implementor="de.wlami.wss4jexample.Service">
    <jaxws:outInterceptors>
      <bean id="TimestampSignEncrypt_Response"
        class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
        <constructor-arg>
          <map>
            <entry key="action" value="Timestamp Signature" />
            <entry key="user" value="servicekey" />
            <entry key="signaturePropFile" value="serviceKeystore.properties" />
            <entry key="encryptionPropFile" value="serviceKeystore.properties" />
            <entry key="encryptionUser" value="useReqSigCert" />
            <entry key="passwordCallbackClass" value="de.wlami.wss4jexample.PasswordCallback"
/>
            <entry key="passwordEncryptorInstance" value-ref="customPasswordEncrypter"
/>
          </map>
        </constructor-arg>
      </bean>
    </jaxws:outInterceptors>
  </jaxws:endpoint>

  <bean id="customPasswordEncrypter" class="de.wlami.wss4jexample.CustomPasswordEncrypter"></bean>

</beans>
{code}

The only code which seems to use the documented property is located in {{org.apache.wss4j.stax.ConfigurationConverter.parseCrypto(Map<String,
Object>, WSSSecurityProperties)}}. However this method is only called from test classes
as far as i could see. Using the given configuration the default {{JasyptPasswordEncryptor}}
is created instead of the configured class. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


Mime
View raw message