CXF uses WS-Security X509 certificate for authentication

First, the related concepts <br /> mentioned x509, to have to mention a few related concepts.
1, Private key
2, Public key
3, KeyStore
4, TrustStore
Private key and Public key is very simple, literal meaning can be understood, is often said that the private key and public key.
KeyStore and TrustStore simply means that the private key and the key storage container. From the above two are the same storage structure, but its concept to be a distinction between, KeyStore is mainly used to store the private key (and possibly Chain), TrustStore is used to store the public key.
More details can be seen another article: http://lukejin.javaeye.com/blog/605634
In CXF, the use of encryption as a way of signing security policy, configuration, and some trouble.
First look at a map:
CXF uses WS-Security X509 certificate for authentication
Simple explanation
1, the client sends to the server first soap A (client) need to use your private key to sign, the use of B (server) public key encryption, and then soap pass B, B with a private key to decrypt A public key used to sign test.
2, the server returns data to the client B first to sign with their private key, encrypted with A's public key, and then soap back to A, A with the private key to decrypt, using B's public key stamped .
As long to figure out this process, then use the CXF becomes relatively easy.

Second, the build environment

Here we can build the environment of the first with CXF maven to create a simple java project, you can create a good package com.tongtech.ti.cxf.demo.security
Then the pom files covering the following pom file in your project pom file.
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
        <modelVersion>4.0.0</modelVersion>
        <groupId>ti-cxf</groupId>
        <artifactId>ti-cxf-security</artifactId>
        <version>0.0.1-SNAPSHOT</version>
        <packaging>jar</packaging>
        <name>Tongtech Demo for CXF Security with wss4j</name>
        <properties>
                <cxf.version>2.4.0-SNAPSHOT</cxf.version>
        </properties>
        <dependencies>
                <dependency>
                        <groupId>org.apache.cxf</groupId>
                        <artifactId>cxf-rt-frontend-jaxws</artifactId>
                        <version>${cxf.version}</version>
                </dependency>
                <dependency>
                        <groupId>org.apache.cxf</groupId>
                        <artifactId>cxf-rt-transports-http</artifactId>
                        <version>${cxf.version}</version>
                </dependency>
                <dependency>
                        <groupId>org.apache.cxf</groupId>
                        <artifactId>cxf-rt-ws-security</artifactId>
                        <version>${cxf.version}</version>
                </dependency>
                <dependency>
                        <groupId>org.apache.cxf</groupId>
                        <artifactId>cxf-rt-transports-http-jetty</artifactId>
                        <version>${cxf.version}</version>
                </dependency>
        </dependencies>

        <build>
                <plugins>
                        <plugin>
                                <groupId>org.apache.maven.plugins</groupId>
                                <artifactId>maven-compiler-plugin</artifactId>
                                <configuration>
                                        <source>1.6</source>
                                        <target>1.6</target>
                                </configuration>
                        </plugin>
                        <plugin>
                                <groupId>org.apache.cxf</groupId>
                                <artifactId>cxf-codegen-plugin</artifactId>
                                <version>${cxf.version}</version>
                                <executions>
                                        <execution>
                                                <id>generate-sources-static</id>
                                                <phase>generate-sources</phase>
                                                <configuration>
                                                        <sourceRoot>${basedir}/target/generate</sourceRoot>
                                                        <wsdlOptions>
                                                                <wsdlOption>
                                                                        <wsdl>${basedir}/src/main/java/com/tongtech/ti/cxf/demo/security/security.wsdl</wsdl>
                                                                        <extraargs>
                                                                                <extraarg>-db</extraarg>
                                                                                <extraarg>jaxb</extraarg>
                                                                                <extraarg>-p</extraarg>
                                                                                <extraarg>com.tongtech.ti.cxf.demo.security.service</extraarg>
                                                                                <extraarg>-all</extraarg>
                                                                        </extraargs>
                                                                </wsdlOption>
                                                        </wsdlOptions>
                                                </configuration>
                                                <goals>
                                                        <goal>wsdl2java</goal>
                                                </goals>
                                        </execution>
                                </executions>
                        </plugin>
                </plugins>
        </build>

</project>


Then in the WSDL:
Security.wsdl
<?xml version="1.0" encoding="UTF-8"?>
<wsdl:definitions name="security"
        targetNamespace="http://demo.ti.tongtech.com/security/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
        xmlns:tns="http://demo.ti.tongtech.com/security/" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
        xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/">
        <wsdl:types>
                <xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                        targetNamespace="http://demo.ti.tongtech.com/security/">
                        <xsd:element name="input">
                                <xsd:complexType>
                                        <xsd:sequence>
                                                <xsd:element name="in" type="xsd:string"></xsd:element>
                                        </xsd:sequence>
                                </xsd:complexType>
                        </xsd:element>
                        <xsd:element name="inputResponse">
                                <xsd:complexType>
                                        <xsd:sequence>
                                                <xsd:element name="out" type="xsd:string"></xsd:element>
                                        </xsd:sequence>
                                </xsd:complexType>
                        </xsd:element>
                </xsd:schema>
        </wsdl:types>
        <wsdl:message name="inputRequest">
                <wsdl:part name="parameters" element="tns:input"></wsdl:part>
        </wsdl:message>
        <wsdl:message name="inputResponse">
                <wsdl:part name="parameters" element="tns:inputResponse"></wsdl:part>
        </wsdl:message>
        <wsdl:portType name="ISecuriyDemo">
                <wsdl:operation name="input">
                        <wsdl:input message="tns:inputRequest"></wsdl:input>
                        <wsdl:output message="tns:inputResponse"></wsdl:output>
                </wsdl:operation>
        </wsdl:portType>
        <wsdl:binding name="ISecurityBinding" type="tns:ISecuriyDemo">
                <soap:binding
                        transport="http://schemas.xmlsoap.org/soap/http" />
                <wsdl:operation name="input">
                        <soap:operation soapAction="http://demo.ti.tongtech.com/security/input" />
                        <wsdl:input>
                                <soap:body use="literal" />
                        </wsdl:input>
                        <wsdl:output>
                                <soap:body use="literal" />
                        </wsdl:output>
                </wsdl:operation>
        </wsdl:binding>
        <wsdl:service name="ISecuriyService">
                <wsdl:port name="ISecuriyServicePort" binding="tns:ISecurityBinding">
                        <soap:address location="http://localhost:8080/sec" />
                </wsdl:port>
        </wsdl:service>
</wsdl:definitions>

wsdl file on com.tongtech.ti.cxf.demo.security package below.

Following the implementation of mvn eclipse: myeclipse / eclipse: eclipse / idea: idea, maven will automatically create the relevant wsdl code. After code generation copy com.tongtech.ti.cxf.demo.security.service below.
Third, write code
(A) to generate the certificate or certificates <br /> generate more troublesome, the jdk to use a tool - keytool
First, create a client KeyStore and public key in the command line run:
1, creating the private key and the KeyStore:
keytool -genkey -alias clientprivatekey -keypass keypass -keystore Client_KeyStore.jks -storepass storepass -dname "CN=tongtech.com,C=CN" -keyalg RSA

Create a KeyStore, the file name for Client_KeyStore.jks, which has a private key named clientprivatekey.
2, to the private key from the signature:
keytool -selfcert -keystore Client_KeyStore.jks -storepass storepass -alias clientprivatekey -keypass keypass

Signed success, without any prompts.
3, export the private key role is to export the public key certificate will be saved to TrustStore in.
keytool -export -alias clientprivatekey -file Client_PublicCert.cer -keystore Client_KeyStore.jks -storepass storepass

If successful, you can see the prompt:
Stored in a file certification <Client_PublicCert.cer>
Then create a server KeyStore
1, creating the private key and the KeyStore
keytool -genkey -alias serverprivatekey -keypass keypass -keystore Server_KeyStore.jks -storepass storepass -dname "CN=tongtech.com,C=CN" -keyalg RSA

2, a self-signed private key
keytool -selfcert -keystore Server_KeyStore.jks -storepass storepass -alias serverprivatekey -keypass keypass

3, export the private key
keytool -export -alias serverprivatekey -file Server_PublicCert.cer -keystore Server_KeyStore.jks -storepass storepass

Next, import the client public key to the server TrustStore, the public key of the server to the client TrustStore in import.
At the command line, type:
keytool -import -alias clientpublickey -file Client_PublicCert.cer -keystore Server_TrustStore.jks -storepass storepass

Will be prompted to enter

Quote

Owner: CN = tongtech.com, C = CN
Issuer: CN = tongtech.com, C = CN
Serial Number: 4cc7e86c
Valid: Wed Oct 27 16:53:00 CST 2010 to Tue Jan 25 16:53:00 CST 2011
Certificate fingerprints:
MD5: FB: AB: 71:9 F: 56: F3: CB: 65:16: DC: 52: E0: 2D: 27: FF: F6
SHA1: 06: A8: B1: B4: E2: 42:9 D: B2: F7: 99: E7: 70:34:08:96:52: E1: CD: 4A: 76
Signature algorithm name: SHA1withRSA
Version: 3
Trust this certificate? [No]:

Y can play, and then prompts

Quote

Certification has been added to the keystore in the

Similarly, the public key into the server in the client TrustStore
keytool -import -alias serverpublickey -file Server_PublicCert.cer -keystore Client_TrustStore.jks -storepass storepass

The same will be prompted to hit Enter y, suggesting that the success on it.
Here there will be a question, why call keystore? As mentioned at the top, KeyStore and TrustStore is the conceptual distinction.

(B) write the code above to generate a good <br /> maven project into eclipse, in the src / main / java package under the new, the name cert, will generate good KeyStore and just copying the cert package under TrustStore .
1, create a configuration file to create client encryption / decryption configuration: Client_Encrypt.properties
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=storepass
org.apache.ws.security.crypto.merlin.keystore.alias=serverpublickey
org.apache.ws.security.crypto.merlin.file=cert/Client_TrustStore.jks

Experience in establishing client sign / signature configurations: Client_Sign.properties
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=storepass
org.apache.ws.security.crypto.merlin.keystore.alias=clientprivatekey
org.apache.ws.security.crypto.merlin.file=cert/Client_KeyStore.jks

Establishment of service-side encryption / decryption configuration: Server_Decrypt.properties
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=storepass
org.apache.ws.security.crypto.merlin.keystore.alias=serverprivatekey
org.apache.ws.security.crypto.merlin.file=cert/Server_KeyStore.jks

Experience in building a service-side sign / signature configurations: Server_SignVerf.properties
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=storepass
org.apache.ws.security.crypto.merlin.keystore.alias=clientpublickey
org.apache.ws.security.crypto.merlin.file=cert/Server_TrustStore.jks

Tidy:

Quote

May say here, since some of the weird name, the file is the example I copied from the cxf over, I think the original intent should be to sign the client encryption, decryption server stamped, and no sign of the return data encryption intentions, so name from such a way, but that's okay, sort out, thinking more clearly.
Client_Encrypt.properties ---- Client_TrustStore.jks---- serverpublickey
Client_Sign.properties ---- Client_KeyStore.jks---- clientprivatekey
Server_Decrypt.properties ---- Server_KeyStore.jks---- serverprivatekey
Server_SignVerf.properties ---- Server_TrustStore.jks---- clientpublickey

2, preparation of client, server and their respective Callback
First of all first target / generate the code will be copied to the com.tongtech.ti.cxf.demo.security.service, and then in the security directory to establish X509.client and X509.server, were renamed the ISecuriyDemo_ISecuriyServicePort_Client.java and ISecuriyDemo_ISecuriyServicePort_Server.java into Client and Server and move to the X509.client and X509.server package, and then established under the client package UTPasswordClientCallBack.java class.
UTPasswordClientCallBack.java code:
package com.tongtech.ti.cxf.demo.security.X509.client;

import java.io.IOException;

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;

import org.apache.ws.security.WSPasswordCallback;

public class UTPasswordClientCallBack implements CallbackHandler {

        public void handle(Callback[] callbacks) throws IOException,
                        UnsupportedCallbackException {
                WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
                pc.setPassword("keypass");
                System.out.println("Client Identifier=" + pc.getIdentifier());
                System.out.println("Client Password=" + pc.getPassword());
        }

}


Established with the server package UTPasswordServerCallBack.java
UTPasswordServerCallBack.java code:
package com.tongtech.ti.cxf.demo.security.X509.server;

import java.io.IOException;

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;

import org.apache.ws.security.WSPasswordCallback;

public class UTPasswordServerCallBack implements CallbackHandler {

        public void handle(Callback[] callbacks) throws IOException,
                        UnsupportedCallbackException {
                WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
                pc.setPassword("keypass");
                System.out.println("Server Identifier=" + pc.getIdentifier());
                System.out.println("Server Password=" + pc.getPassword());
        }
}

These two classes, pc.setPassword method parameters are keypass, because we generate all the password keys are keypass, if the key password is different where the need for key Identifier (equivalent to the alias) to judge, to set a different password.

Next will be the preparation of a client and server.
First open Client.java class, copy the following code complete coverage into
package com.tongtech.ti.cxf.demo.security.X509.client;

/**
 * Please modify this class to meet your needs
 * This class is not complete
 */

import java.net.URL;
import java.util.HashMap;
import java.util.Map;

import javax.xml.namespace.QName;

import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.frontend.ClientProxy;
import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
import org.apache.ws.security.handler.WSHandlerConstants;

import com.tongtech.ti.cxf.demo.security.service.ISecuriyDemo;
import com.tongtech.ti.cxf.demo.security.service.ISecuriyService;

/**
 * This class was generated by Apache CXF 2.4.0-SNAPSHOT Tue Oct 26 16:45:43 CST
 * 2010 Generated source version: 2.4.0-SNAPSHOT
 * 
 */

public final class Client {

        private static final QName SERVICE_NAME = new QName(
                        "http://demo.ti.tongtech.com/security/", "ISecuriyService");

        private Client() {
        }

        public static void main(String args[]) throws Exception {
                URL wsdlURL = ISecuriyService.WSDL_LOCATION;

                ISecuriyService ss = new ISecuriyService(wsdlURL, SERVICE_NAME);
                ISecuriyDemo port = ss.getISecuriyServicePort();
                org.apache.cxf.endpoint.Client client = ClientProxy.getClient(port);
                Endpoint cxfEp = client.getEndpoint();

                // Clint Out
                Map<String, Object> outProp = new HashMap<String, Object>();
                outProp.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP
                                + " " + WSHandlerConstants.SIGNATURE + " "
                                + WSHandlerConstants.ENCRYPT);
                outProp.put(WSHandlerConstants.USER, "clientprivatekey");
                outProp.put(WSHandlerConstants.ENCRYPTION_USER, "serverpublickey");
                outProp.put(WSHandlerConstants.PW_CALLBACK_CLASS,
                                UTPasswordClientCallBack.class.getName());
                outProp.put(WSHandlerConstants.SIG_PROP_FILE,
                                "cert/Client_Sign.properties");
                outProp.put(WSHandlerConstants.ENC_PROP_FILE,
                                "cert/Client_Encrypt.properties");
                cxfEp.getOutInterceptors().add(new WSS4JOutInterceptor(outProp));

                // Client In(Return)
                Map<String, Object> inProp = new HashMap<String, Object>();
                inProp.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP
                                + " " + WSHandlerConstants.SIGNATURE + " "
                                + WSHandlerConstants.ENCRYPT);
                inProp.put(WSHandlerConstants.PW_CALLBACK_CLASS,
                                UTPasswordClientCallBack.class.getName());
                inProp.put(WSHandlerConstants.DEC_PROP_FILE,
                                "cert/Client_Sign.properties");
                inProp.put(WSHandlerConstants.SIG_PROP_FILE,
                                "cert/Client_Encrypt.properties");
                cxfEp.getInInterceptors().add(new WSS4JInInterceptor(inProp));

                {
                        System.out.println("Invoking input...");
                        java.lang.String _input_in = "Input Value!";
                        java.lang.String _input__return = port.input(_input_in);
                        System.out.println("input.result=" + _input__return);
                }

                System.exit(0);
        }

}


Open Server.java, empathy copy the following code to the full and complete coverage:
package com.tongtech.ti.cxf.demo.security.X509.server;

import java.util.HashMap;
import java.util.Map;

import javax.xml.ws.Endpoint;

import org.apache.cxf.jaxws.EndpointImpl;
import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
import org.apache.ws.security.handler.WSHandlerConstants;

import com.tongtech.ti.cxf.demo.security.service.ISecuriyDemoImpl;

/**
 * This class was generated by Apache CXF 2.4.0-SNAPSHOT Tue Oct 26 16:45:43 CST
 * 2010 Generated source version: 2.4.0-SNAPSHOT
 * 
 */

public class Server {

        protected Server() throws Exception {
                System.out.println("Starting Server");
                Object implementor = new ISecuriyDemoImpl();
                String address = "http://localhost:8080/sec";
                EndpointImpl ep = (EndpointImpl) Endpoint.publish(address, implementor);
                org.apache.cxf.endpoint.Endpoint cxfEp = ep.getServer().getEndpoint();

                // ///////////////////////////////////////////////////////////////

                Map<String, Object> inProp = new HashMap<String, Object>();
                inProp.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP
                                + " " + WSHandlerConstants.SIGNATURE + " "
                                + WSHandlerConstants.ENCRYPT);
                inProp.put(WSHandlerConstants.PW_CALLBACK_CLASS,
                                UTPasswordServerCallBack.class.getName());
                inProp.put(WSHandlerConstants.SIG_PROP_FILE,
                                "cert/Server_SignVerf.properties");
                inProp.put(WSHandlerConstants.DEC_PROP_FILE,
                                "cert/Server_Decrypt.properties");
                cxfEp.getInInterceptors().add(new WSS4JInInterceptor(inProp));

                // /////////////////////////////////////////////////////////////////

                Map<String, Object> outProp = new HashMap<String, Object>();
                outProp.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP
                                + " " + WSHandlerConstants.SIGNATURE + " "
                                + WSHandlerConstants.ENCRYPT);
                outProp.put(WSHandlerConstants.USER, "serverprivatekey");
                outProp.put(WSHandlerConstants.PW_CALLBACK_CLASS,
                                UTPasswordServerCallBack.class.getName());
                outProp.put(WSHandlerConstants.ENCRYPTION_USER, "clientpublickey");
                outProp.put(WSHandlerConstants.SIG_PROP_FILE,
                                "cert/Server_Decrypt.properties");//  The private key  
                outProp.put(WSHandlerConstants.ENC_PROP_FILE,
                                "cert/Server_SignVerf.properties");//  The public key  
                cxfEp.getOutInterceptors().add(new WSS4JOutInterceptor(outProp));
        }

        public static void main(String args[]) throws Exception {
                new Server();
                System.out.println("Server ready...");

                Thread.sleep(60 * 60 * 1000);
                System.out.println("Server exiting");
                System.exit(0);
        }
}


Replication is complete, run the server and the client can test. Not a word other than the client can successfully receive the returned information.

If you see soap content, open the service pack under the ISecuriyDemo.java, add the following annotation code:
@WebService(targetNamespace = "http://demo.ti.tongtech.com/security/", name = "ISecuriyDemo")
@XmlSeeAlso({ObjectFactory.class})
//==== Adding the following code  ====
@InInterceptors(interceptors = { "org.apache.cxf.interceptor.LoggingInInterceptor" })
@OutInterceptors(interceptors = { "org.apache.cxf.interceptor.LoggingOutInterceptor" })
//==== Join the code end  ====
public interface ISecuriyDemo {

    @WebResult(name = "out", targetNamespace = "")
    @RequestWrapper(localName = "input", targetNamespace = "http://demo.ti.tongtech.com/security/", className = "com.tongtech.ti.cxf.demo.security.service.Input")
    @WebMethod(action = "http://demo.ti.tongtech.com/security/input")
    @ResponseWrapper(localName = "inputResponse", targetNamespace = "http://demo.ti.tongtech.com/security/", className = "com.tongtech.ti.cxf.demo.security.service.InputResponse")
    public java.lang.String input(
        @WebParam(name = "in", targetNamespace = "")
        java.lang.String in
    );
}


Finally, the client, for example, simply explain to configure access points:
Clients include:
                org.apache.cxf.endpoint.Client client = ClientProxy.getClient(port);
                Endpoint cxfEp = client.getEndpoint();

                // Clint Out
                Map<String, Object> outProp = new HashMap<String, Object>();
                outProp.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP
                                + " " + WSHandlerConstants.SIGNATURE + " "
                                + WSHandlerConstants.ENCRYPT);
                outProp.put(WSHandlerConstants.USER, "clientprivatekey");
                outProp.put(WSHandlerConstants.ENCRYPTION_USER, "serverpublickey");
                outProp.put(WSHandlerConstants.PW_CALLBACK_CLASS,
                                UTPasswordClientCallBack.class.getName());
                outProp.put(WSHandlerConstants.SIG_PROP_FILE,
                                "cert/Client_Sign.properties");
                outProp.put(WSHandlerConstants.ENC_PROP_FILE,
                                "cert/Client_Encrypt.properties");
                cxfEp.getOutInterceptors().add(new WSS4JOutInterceptor(outProp));

                // Client In(Return)
                Map<String, Object> inProp = new HashMap<String, Object>();
                inProp.put(WSHandlerConstants.ACTION, WSHandlerConstants.TIMESTAMP
                                + " " + WSHandlerConstants.SIGNATURE + " "
                                + WSHandlerConstants.ENCRYPT);
                inProp.put(WSHandlerConstants.PW_CALLBACK_CLASS,
                                UTPasswordClientCallBack.class.getName());
                inProp.put(WSHandlerConstants.DEC_PROP_FILE,
                                "cert/Client_Sign.properties");
                inProp.put(WSHandlerConstants.SIG_PROP_FILE,
                                "cert/Client_Encrypt.properties");
                cxfEp.getInInterceptors().add(new WSS4JInInterceptor(inProp));

The first line, using CXF's Client Agent (ClientProxy) to get the Endpoint, and then added to the Endpoint WSS4J in the Intercepter.
Need to add two WSS4J the Intercepter, WSS4JOutInterceptor and WSS4JInInterceptor, outIntercepter the client request to the server, as a customer brought in stations (OutBound) the Intercepter, need to configure WSS4J related attributes:
WSHandlerConstants.ACTION, WSHandlerConstants.USER, WSHandlerConstants.ENCRYPTION_USER, WSHandlerConstants.PW_CALLBACK_CLASS, WSHandlerConstants.SIG_PROP_FILE, WSHandlerConstants.ENC_PROP_FILE, these properties into the map, the incoming WSS4JOutInterceptor in.
For customers who brought in stations, the signature requires the client private key (Client_Sign.properties) for signing, encryption, public key server needs (Client_Encrypt.properties) encryption, the signature attribute in the configuration file for the WSHandlerConstants.SIG_PROP_FILE, WSHandlerConstants.ENC_PROP_FILE as encrypted configuration file.
Into the station, by contrast, need to test the server public key signing (Client_Encrypt.properties), requires the client to decrypt the private key (Client_Sign.properties).
Server side and client-side contrast, the same meaning and the client.
  • del.icio.us
  • StumbleUpon
  • Digg
  • TwitThis
  • Mixx
  • Technorati
  • Facebook
  • NewsVine
  • Reddit
  • Google
  • LinkedIn
  • YahooMyWeb

Related Posts of CXF uses WS-Security X509 certificate for authentication

  • Build flex + spring + blazeds + hibernate application

    Build flex + spring + blazeds + hibernate application First, set up the project blazeds 1, will blazeds.war extract to a directory, such as: myflex /; 2, set up java works were such as: MyFlex, in the orientation of selection create project from exis ...

  • Process migration from tomcat to websphere changes

    Process migration from tomcat to websphere changes Because customers use the web application server software used by different what tomcat5, tomcat6, websphere5.1, websphere6.1, weblogic8, and so on, and the software used inconsistent standards, ibm's

  • JAVA EE JSP_JNDI

    dsfdsa http://lindows.javaeye.com/admin/blogs/213348 Tomcat 6 with the connection pool data source configuration http://www.blogjava.net/ec2008/archive/2008/07/19/216063.html project: test Driver path: D: \ workspace \ test \ WebRoot \ WEB-INF \ lib ...

  • Hibernate connection pool configuration

    Hibernate connection pool configuration <! - Jdbc -> <property name="connection.driver_class"> oracle.jdbc.driver.OracleDriver </ property> <property name="connection.url"> jdbc: oracle: thin: @ 10.203.14.132:15

  • hibernate generic generic DAO

    package org.lzpeng.dao; import java.io.Serializable; import java.util.List; import org.hibernate.Criteria; import org.hibernate.Query; import org.hibernate.criterion.Criterion; import org.springside.modules.orm.hibernate.Page; /** * * @version 2009-1-10 *

  • Servlet brief introduction

    Servlet brief introduction: Servlet is a small application server Are used to complete the B / S architecture, the client requests the response to treatment Platform independence, performance, able to run thread Servlet API for Servlet provides the s ...

  • Spring2.0 + hibernate3.1 + log4j + mysql demo

    applicationContext.xml Non-attachment jar package, necessary friends can send an email to todd.liangt @ gmail.com

  • Struts2 + hibernate + spring problem user log in

    dao layer services layer action jsp <tr> <td align="center"> <b> user name: </ b> </ td> <td> <s: textfield name = "czyNumber" cssClass = "textstyle" theme = "simple" size = &q

  • Hibernate secondary cache

    Hibernate cache: 2-bit cache, also known as process-level cache or SessionFactory level cache, secondary cache can be shared by all of the session Cache configuration and the use of: Will echcache.xml (the document code in hibernate package directory ...

  • Hibernate's lazy strategy

    hibernate Lazy strategy can be used in: <class> tag, it can be true / false Tags can <PROPERTY> values true / false type of necessary tools to enhance <set> <list> can tag values true / false / extra <many-to-one> <on ...

blog comments powered by Disqus
Recent
Recent Entries
Tag Cloud
Random Entries