I started learning Apache CXF with Spring. First of all, I created a simple client / server model: see here
Now I'm trying to use simple certificate authentication. To change configuration files (for server and client): CXF-servlet.xml
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd"> <jaxws:endpoint id="helloWorld" implementor="service.HelloWorldImpl" address="/HelloWorld"> <jaxws:features> <bean class="org.apache.cxf.feature.LoggingFeature"/> </jaxws:features> <jaxws:inInterceptors> <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"/> <ref bean="WSS4JInInterceptor"/> </jaxws:inInterceptors> </jaxws:endpoint> <bean id="WSS4JInInterceptor" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> <constructor-arg> <map> <entry key="action" value="Signature"/> <entry key="passwordCallbackRef"> <ref bean="passwordCallback"/> </entry> <entry key="signaturePropFile" value="server_sign.properties"/> </map> </constructor-arg> </bean> <bean id="passwordCallback" class="service.PasswordCallbackHandler" />
server_sign.properties
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=jks org.apache.ws.security.crypto.merlin.keystore.password=keyStorePassword org.apache.ws.security.crypto.merlin.file=publicstore.jks
CXF-client-servlet.xml
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schema/jaxws.xsd"> <bean id="client" class="service.HelloWorld" factory-bean="clientFactory" factory-method="create"/> <bean id="clientFactory" class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean"> <property name="serviceClass" value="service.HelloWorld"/> <property name="address" value="http://localhost:8080/services/HelloWorld"/> <property name="outInterceptors"> <list> <bean class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor"/> <ref bean="WSS4JOutInterceptor"/> </list> </property> </bean> <bean id="WSS4JOutInterceptor" class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"> <property name="properties"> <map> <entry key="action" value="Signature"/> <entry key="user" value="ws-client" /> <entry key="passwordCallbackRef"> <ref bean="passwordCallback"/> </entry> <entry key="signaturePropFile" value="client_sign.properties"/> </map> </property> </bean> <bean id="passwordCallback" class="client.PasswordCallbackHandler" />
The client works great. He uses his PasswordCallbackHandler. The problem is that the server does not seem to be using its PasswordCallbackHandler. I started the server in debug mode, but it is not suitable for this class. Can someone please explain what I'm doing wrong?
Thanks in advance.
PROGRESS:
if you try to provide a request from the user which certificate is not in the server key store, an error occurs ("There are no certificates for user ws-client1 to sign")
from resource : "As you can see in the jbossws-cxf.xml file above, the keystore password callback handler also, while the property file has a password for the keystore, this callback handler is used to set a password for each key (it must match the one used when each key was imported into the repository).
source share