CODEWITHSUNDEEP
cxfws-security
Junglans
Junglans

Reputation: 21

WS-Security. Server response encryption. Choose encryptionUser dinamically

I am currently studying WS-Security and using CXF to build a basic example with signature and encryption actions. I set the client and server to sign and encrypt the request and response respectively.

I am using Spring to configure the server. This is the configuration:

<context:component-scan base-package="com.jfjp.ws" />
<bean id="passwordCallback"  class="com.jfjp.ws.service.ServerPasswordCallback" />
<jaxws:endpoint id="greetServiceWS" implementor="#greetService" address="/Greeting">

    <jaxws:inInterceptors>
        <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
            <constructor-arg>
                <map>
                    <entry key="action" value="UsernameToken Signature Encrypt"/>
                    <entry key="signaturePropFile" value="server_signverf.properties"/>
                    <entry key="decryptionPropFile" value="server_decrypt.properties"/>
                    <entry key="encryptionKeyIdentifier" value="password"/>
                    <entry key="passwordCallbackRef">
                        <ref bean="passwordCallback"/>
                    </entry>
                </map>
            </constructor-arg>
        </bean>
        <bean class="org.apache.cxf.interceptor.LoggingInInterceptor"></bean>

    </jaxws:inInterceptors>
    <jaxws:outInterceptors>
        <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
            <constructor-arg>
                <map>
                    <entry key="action" value="Signature Encrypt"/>
                    <entry key="user" value="server"/>
                    <entry key="signaturePropFile" value="server_sign.properties"/>
                    <entry key="encryptionPropFile" value="server_encrypt.properties"/>
                    <entry key="encryptionUser" value="client"/>
                    <entry key="passwordCallbackRef">
                        <ref bean="passwordCallback"/>
                    </entry>
                </map>
            </constructor-arg>
        </bean>
        <bean class="org.apache.cxf.interceptor.LoggingOutInterceptor"></bean>
    </jaxws:outInterceptors>
</jaxws:endpoint>

To encrypt the response I need to know the client's public key and I'm doing this by setting the value of encryptionUser with the client certificate alias. But if I do this I can only have one client.

I can configure multiple clients if I use an endpoint for each of them. Is this the correct way?

Can I set the value of encryptionUser dynamically?

Upvotes: 1

Views: 1246

Answers (1)

Colm O hEigeartaigh
Colm O hEigeartaigh

Reputation: 1900

Yes. There is a special value for "encryptionUser" for this scenario -> "useReqSigCert". It uses the client signing certificate to encrypt the response to the client.

See here: http://ws.apache.org/wss4j/config.html

Upvotes: 1

Related Questions