Announcement Announcement Module
Collapse
No announcement yet.
Wss4j Certificate Signature Authentication Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Wss4j Certificate Signature Authentication

    Hi all,
    I have an example Spring WS version 2.0.1 app working that I'm trying to add security too, I have it accepting digital signatures by using this

    Code:
    <sws:interceptors>
        <bean id="securityInterceptor" class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
    	<property name="validationActions" value="Signature"/>
    	<property name="securementActions" value="NoSecurity"/>
    	<property name="validationSignatureCrypto">
    	    <bean class="org.springframework.ws.soap.security.wss4j.support.CryptoFactoryBean">
    	        <property name="keyStorePassword" value="*****"/>
    	        <property name="keyStoreLocation" value="classpath:/server.jks"/>
    	    </bean>
    	</property>
        </bean>
    </sws:interceptors>
    I would now like to authenticate the certificate but I can't find how to do it using wss4j. Is there an equivalent to SpringCertificateValidationCallbackHandler that XwsSecurityInterceptor uses?

    The docs mention Certificate Authentication
    http://static.springsource.org/sprin...y.html#d4e2706

    But only gives an outbound example.

    Is this possible with wss4j or is xwss the way forward in spring ws security?

    Thanks
    David
    Last edited by David Kerwick; Apr 11th, 2011, 03:59 AM. Reason: Typos

  • #2
    So unless I'm missing something (very possible) there isn't a straight forward way of doing what I want with wss4j as these seem to be the only callbacks

    http://static.springsource.org/sprin...e-summary.html

    Which seems to have no certificate processing.

    I guess XWSS is the more supported of the two and I'll have to go with that and the Maven pain that seems to cause.

    David

    Comment


    • #3
      I would now like to authenticate the certificate but I can't find how to do it using wss4j. Is there an equivalent to SpringCertificateValidationCallbackHandler that XwsSecurityInterceptor uses?
      I would like to repeat this question or the question "Is there a reason why not ?" which was asked in http://forum.springsource.org/showth...DetailsService before.

      Martin

      Comment

      Working...
      X