ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Closed] (WSS-551) Property passwordEncryptorInstance is not honored
Date Fri, 04 Sep 2015 14:32:47 GMT

     [ https://issues.apache.org/jira/browse/WSS-551?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Colm O hEigeartaigh closed WSS-551.
-----------------------------------

> Property passwordEncryptorInstance is not honored
> -------------------------------------------------
>
>                 Key: WSS-551
>                 URL: https://issues.apache.org/jira/browse/WSS-551
>             Project: WSS4J
>          Issue Type: Bug
>    Affects Versions: 2.0.5
>            Reporter: Wladislaw Mitzel
>            Assignee: Colm O hEigeartaigh
>             Fix For: 2.0.6, 2.1.3
>
>         Attachments: WSS-551_WSHandler.patch, wss4j-example.zip
>
>
> The configuration documentation says
> || Tag name || Tag value || Tag meaning ||
> | *WSS4J 2.0.0* PASSWORD_ENCRYPTOR_INSTANCE | passwordEncryptorInstance |	A PasswordEncryptor
instance used to decrypt encrypted passwords in Crypto properties files. The default is the
JasyptPasswordEncryptor. |
> When configuring a {{passwordEncryptorInstance}} for {{WSS4JOutInterceptor}} (line 20)
the property is not honored. 
> {code:xml|linenumbers=true}
> <?xml version="1.0" encoding="UTF-8"?>
> <beans xmlns="http://www.springframework.org/schema/beans"
>   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws"
>   xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
> 		http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">
>   <jaxws:endpoint id="hello" address="/hello"
>     implementor="de.wlami.wss4jexample.Service">
>     <jaxws:outInterceptors>
>       <bean id="TimestampSignEncrypt_Response"
>         class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
>         <constructor-arg>
>           <map>
>             <entry key="action" value="Timestamp Signature" />
>             <entry key="user" value="servicekey" />
>             <entry key="signaturePropFile" value="serviceKeystore.properties" />
>             <entry key="encryptionPropFile" value="serviceKeystore.properties" />
>             <entry key="encryptionUser" value="useReqSigCert" />
>             <entry key="passwordCallbackClass" value="de.wlami.wss4jexample.PasswordCallback"
/>
>             <entry key="passwordEncryptorInstance" value-ref="customPasswordEncrypter"
/>
>           </map>
>         </constructor-arg>
>       </bean>
>     </jaxws:outInterceptors>
>   </jaxws:endpoint>
>   <bean id="customPasswordEncrypter" class="de.wlami.wss4jexample.CustomPasswordEncrypter"></bean>
> </beans>
> {code}
> The only code which seems to use the documented property is located in {{org.apache.wss4j.stax.ConfigurationConverter.parseCrypto(Map<String,
Object>, WSSSecurityProperties)}}. However this method is only called from test classes
as far as i could see. Using the given configuration the default {{JasyptPasswordEncryptor}}
is created instead of the configured class. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


Mime
View raw message