java - CXF security multiple keystore with WSS4JOutInterceptor -

-

i have question cxf security. trying implement webservice autentication in keystore in examples found in internet authentication see 1 one.

i have project running in mode q specify single client since defini private key public key.

if example need service connect 10 different clients, understand have create 10 private keys , 10 public keys.

but set on application server?

i leave lines below current settings have project.

server_decrypt.properties

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.merlin org.apache.ws.security.crypto.merlin.keystore.type=jks org.apache.ws.security.crypto.merlin.keystore.password=storepassword org.apache.ws.security.crypto.merlin.keystore.alias=serverx509v1 org.apache.ws.security.crypto.merlin.file=server-keystore.jks

server_sign.properties

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.merlin org.apache.ws.security.crypto.merlin.keystore.type=jks org.apache.ws.security.crypto.merlin.keystore.password=storepassword org.apache.ws.security.crypto.merlin.keystore.alias=clientx509v1 org.apache.ws.security.crypto.merlin.file=server-truststore.jks

cxf_context.xml

<?xml version="1.0" encoding="utf-8"?> <beans xmlns="http://www.springframework.org/schema/beans"     xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws"     xmlns:beans="http://cxf.apache.org/configuration/beans" xmlns:context="http://www.springframework.org/schema/context"     xsi:schemalocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd         http://cxf.apache.org/configuration/beans http://cxf.apache.org/schemas/configuration/cxf-beans.xsd         http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd         http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">      <import resource="classpath:meta-inf/cxf/cxf.xml" />     <import resource="classpath:meta-inf/cxf/cxf-extension-soap.xml" />     <import resource="classpath:meta-inf/cxf/cxf-servlet.xml" />      <bean id="login" class="org.apache.cxf.interceptor.loggingininterceptor" />     <bean id="logout" class="org.apache.cxf.interceptor.loggingoutinterceptor" />      <bean id="passwordcallback" class="com.pruebas.app.seguridad.passwordcallback" />     <bean class="com.pruebas.app.servicios.consultaimpl" id="consultaimpl" />     <jaxws:endpoint address="/consultaimplws" id="consultaimplws"         implementor="#consultaimpl">         <jaxws:properties>             <entry key="schema-validation-enabled" value="true" />         </jaxws:properties>          <jaxws:outinterceptors>             <bean class="org.apache.cxf.binding.soap.saaj.saajoutinterceptor" />             <ref bean="timestampsignencrypt_response" />         </jaxws:outinterceptors>          <jaxws:ininterceptors>             <ref bean="timestampsignencrypt_request" />             <bean class="org.apache.cxf.binding.soap.saaj.saajininterceptor" />         </jaxws:ininterceptors>      </jaxws:endpoint>      <bean class="org.apache.cxf.ws.security.wss4j.wss4joutinterceptor"         id="timestampsignencrypt_response">         <constructor-arg>             <map>                 <entry key="action" value="timestamp signature encrypt" />                 <entry key="user" value="serverx509v1" />                 <entry key="encryptionuser" value="clientx509v1"/>                 <entry key="signaturepropfile"  value="server_decrypt.properties" />                 <entry key="encryptionpropfile" value="server_sign.properties" />                 <entry key="passwordcallbackclass" value="com.pruebas.app.seguridad.passwordcallback" />                 <entry key="signatureparts"                     value="{element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}timestamp;{element}{http://schemas.xmlsoap.org/soap/envelope/}body" />                 <entry key="encryptionparts"                     value="{element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}timestamp;{element}{http://www.w3.org/2000/09/xmldsig#}signature;{content}{http://schemas.xmlsoap.org/soap/envelope/}body" />              </map>          </constructor-arg>     </bean>      <bean class="org.apache.cxf.ws.security.wss4j.wss4jininterceptor"         id="timestampsignencrypt_request">         <constructor-arg>             <map>                 <entry key="action" value="timestamp signature encrypt" />                 <entry key="signaturepropfile"  value="server_sign.properties" />                 <entry key="decryptionpropfile" value="server_decrypt.properties" />                 <entry key="passwordcallbackclass" value="com.pruebas.app.seguridad.passwordcallback" />             </map>         </constructor-arg>      </bean> </beans>

and passwordcallback is:

package com.pruebas.app.seguridad;  import java.io.ioexception;  import javax.security.auth.callback.callback; import javax.security.auth.callback.callbackhandler; import javax.security.auth.callback.unsupportedcallbackexception;  import org.apache.ws.security.wspasswordcallback;  public class passwordcallback implements callbackhandler {      public void handle(callback[] callbacks) throws ioexception,             unsupportedcallbackexception {         system.out.println("*******");         wspasswordcallback pc = (wspasswordcallback) callbacks[0];         string usuario = "serverx509v1";         string password = "storepassword";         system.out.println("** pc.getidentifier() " + pc.getidentifier());         system.out.println("** pc.getpassword() " + pc.getpassword());         if (usuario.equals(pc.getidentifier())) {             // set password on callback. compared             // password sent client.          }         pc.setpassword(password);     } }

obviously have server-server-truststore.jks , keystore.jks files in resources folder (src / main / resources). can see set single customer. how make multiple clients connect?


Comments

Post a Comment

Popular posts from this blog

python - How to create jsonb index using GIN on SQLAlchemy? -

-
here's current code creating index jsonb. index("mytable_data_idx_id_key", mytable.data['id'].astext, postgresql_using='gin') but got error. sqlalchemy.exc.programmingerror: (psycopg2.programmingerror) data type text has no default operator class access method "gin" hint: must specify operator class index or define default operator class data type. [sql: "create index event_data_idx_id_key on event using gin ((data ->> 'id'))"] is there way create index on sqlalchemy? the postgresql specific sqlalchemy docs @ http://docs.sqlalchemy.org/en/latest/dialects/postgresql.html#operator-classes mention postgresql_ops dictionary provide "operator class" used postgresql, , provide example illustrating use: index('my_index', my_table.c.id, my_table.c.data, postgresql_ops={ 'data': 'text_pattern_ops', ...
Read more

PHP DOM loadHTML() method unusual warning -

-
i had following code works fine on localhost: $document = new domdocument(); $document->loadhtml($p_result); $form = $document->getelementsbytagname('form')->item(0); // code continues using $form variable after same code updated on outside server, loadhtml() failed , issued warning. warning: domdocument::loadhtml() expects parameter 1 valid path, string given in path/name/to/script.php returned null instead of object code pretty gets fatal error. note contents of $p_result absolutely same on outside server , on localhost. but why displays kind of warning , why not work? doesn't loadhtml() expects argument 1 string in first place? why method expects parameter 1 valid path ? just make clear i'm not calling loadhtmlfile() , i'm calling loadhtml() . thanks. you're affected one of php bugs . issue present in php 5.6.8 , 5.6.9. have affected php version on server, , bug-free version on localhost. the bug forbids null ...
Read more

c# - TransactionScope not rolling back although no complete() is called -

-
i'm using transactionscope rollback transaction fail bool errorreported = false; action<importerrorlog> newerrorcallback = e => { errorreported = true; errorcallback(e); }; using (var transaction = new transactionscope()) { foreach (importtaskdefinition task in taskdefinition) { loader.load(streamfile, newerrorcallback, task.destinationtable, processingtaskid); } if (!errorreported) transaction.complete(); } i'm sure there no transactionscope started ahead or after code. i'm using entity framework insert in db. regardless state of errorreported transaction never rolled in case of error. what missing ? transactionscope sets transaction.current . that's does. wants transacted must @ property. i believe ef each time connection opened reason. probably, connection open when scope installed. open connection inside of scope or enlist manually. ef has nasty "design decision": default opens ...
Read more