[jboss-user] [JBossWS] - Re: WS-Security: keystores and truststores
cavani
do-not-reply at jboss.com
Tue Oct 9 08:45:53 EDT 2007
Hi,
I am using the follow approach based on JBossWS 2.0.1:
1. I didn't change distribution code
2. Copy to my project (EJB where WS is configured):
org.jboss.ws.extensions.security.jaxws.WSSecurityHandler
org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer
org.jboss.ws.extensions.security.WSSecurityDispatcher
3. Merge WSSecurityHandler and WSSecurityHandlerServer in a single source (WSSecurityHandler no more abstract and delete Server) and change invocation to my WSSecurityDispatcher copy.
4. Create my own SecurityStore extending org.jboss.ws.extensions.security.SecurityStore:
| public class SecurityStore extends org.jboss.ws.extensions.security.SecurityStore
| {
|
| private KeyStore keyStore;
|
| private KeyStore trustStore;
|
| private char[] keyStorePassword;
|
| public SecurityStore() throws WSSecurityException
| {
| loadKeyStore();
|
| SPIProvider spiProvider = SPIProviderResolver.getInstance().getProvider();
| SecurityAdaptorFactory secAdapterfactory = spiProvider.getSPI(SecurityAdaptorFactory.class);
| SecurityAdaptor securityAdaptor = secAdapterfactory.newSecurityAdapter();
|
| String username = securityAdaptor.getPrincipal().toString();
|
| loadSessionKey(username);
| }
|
| public SecurityStore(Element element) throws WSSecurityException
| {
| loadKeyStore();
|
| Element child = Util.getFirstChildElement(element);
|
| String username = null;
|
| while (child != null)
| {
| String tag = child.getLocalName();
|
| if (tag.equals("UsernameToken"))
| {
| UsernameToken token = new UsernameToken(child);
| username = token.getUsername();
| break;
| }
|
| child = Util.getNextSiblingElement(child);
| }
|
| loadSessionKey(username);
| }
|
| // copy of public methods from SecurityStore
|
|
where:
* loadKeyStore() load server key/certificate
* loadSessionKey(String username); load user certificate (all certificate has the same alias)
4. Change WSSecurityDispatcher to instantiate my SecurityStore copy:
* Element parameter Constructor at handleInbound
* Default Constructor at handleOutbound
5. use my WSSecurityHandler at standard-jaxws-endpoint-config.xml
6. configure client with username tag at jboss-wsse-client.xml and:
| BindingProvider bindingProvider = (BindingProvider) port;
| Map<String, Object> reqContext = bindingProvider.getRequestContext();
| reqContext.put(BindingProvider.USERNAME_PROPERTY, (String) USERNAME_HERE);
| reqContext.put(BindingProvider.PASSWORD_PROPERTY, "");
|
just it!
it is working fine to me (user certs are in LDAP acounts accessed with JNDI - InitialDirContext).
Any changes to improve security code to implement something like this out-of-box (like pluggable SecurityStore with username information)? for 2.0.2?
Thanks,
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4092995#4092995
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4092995
More information about the jboss-user
mailing list