[jboss-user] [JBossWS] - Re: WS-Security: keystores and truststores

[PeterJ]

I'll add my own two cents to this (I was going to do a new post but found this one).

The only way that I can get WS-Security encryption to work is if I place the private key into the keystore in both the client and the server. If either one has a public key, it complains with the error:

org.jboss.ws.extensions.security.WSSecurityException: Problems retrieving private key: Private key (XXX) not in keystore

This appears to be a major flaw if both the client and the server have to have the private key available, I would think that the public key would be sufficient for one side. I cannot imagine a company that provides a Web service willingly giving out the private key for that Web service. Or a second company that wants to use said web service providing its private key to the first company. 

Any thoughts on this or am I just doing it wrong. (I will post the config files on request, but they are pretty much what appears at http://jbws.dyndns.org/mediawiki/index.php/JAX-WS_User_Guide#WS-Security, though substitute 'encrypt' for 'sign'. I think I tried 'sign' also and it had the same problem.)

I am using JBossWS 1.2.0.GA

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4032593#4032593

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4032593