Announcement Announcement Module
Collapse
No announcement yet.
Any chance of the Wss4jSecurityInterceptor being enabled for other algorithms Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Any chance of the Wss4jSecurityInterceptor being enabled for other algorithms

    As I see it now the Wss4jSecurityInterceptor only supports SHA1 as message digest algorithm and only RSA-SHA1 as signature algorithm. Is there a likelihood that this will be customizable in the short term? I am working on a project where SHA256 (xmlenc#sha256) and RSA-SHA256 (xmldsig-more#rsa-sha256]) should be used. If the Wss4jSecurityInterceptor will not support this soon, we will have to abandon using this and revert to writing our own interceptor.

    Alternatively, if someone has tips on how to write an extension/callback on the Wss4jSecurityInterceptor in order to support more algorithms, feel free to let me know.

  • #2
    from SHA1 to SHA256

    Hi gruwez2, did u solve this? We have been using spring ws with SHA1 for several years now, but now the requirements has changed and we need to do Spring ws with SHA256.

    Can u or anyone help me with this. How can we solve it.

    Comment


    • #3
      Originally posted by ubuntu75 View Post
      Hi gruwez2, did u solve this? We have been using spring ws with SHA1 for several years now, but now the requirements has changed and we need to do Spring ws with SHA256.

      Can u or anyone help me with this. How can we solve it.
      Ubuntu75,

      As far as I know this has not been addressed yet by the the standard Wss4jSecurityInterceptor in Spring-WS. I had a quick glance at the API doc for 2.0.0-RC2. Unless I am utterly mistaken, no provision has been made in this class to set a digest algorithm. So I assume this interceptor still uses SHA-1.

      I managed to circumvent this by subclassing Wss4jSecurityInterceptor and setting the securementDigestAlgorithm on the WSHandler property. Since WSHandler and securementDigestAlgorithm are not publicly visible, you need to use the Java reflection API and a number of other dirty hacks to gain access to it. It is not a very elegant way to solve this matter, but it does the job.

      Comment

      Working...
      X