Alternative to CXF WSPasswordCallback

Question

For the SOAP client I'm implementing the signing of the certificate by using CXF security.

In all provided samples the reference to the passwordCallback class is set in WSS4JOutInterceptor properties.

 securityProperties.put(WSHandlerConstants.PW_CALLBACK_CLASS, UTPasswordCallback.class.getName());
client.getOutInterceptors().add(new WSS4JOutInterceptor(securityProperties));

Is there an alternative approach to the WSPasswordCallback? Can I set the password directly?

score 0 · Answer 1 · answered Mar 20 '17 at 11:38

0

You can specify the private key password for the keystore in the Crypto properties file as well you are using for signature: http://ws.apache.org/wss4j/config.html

answered Mar 20 '17 at 11:38

Colm O hEigeartaigh

1,882
1
12
7

1

if you mean org.apache.ws.security.crypto.merlin.keystore.password, then I have it already but it's not enough. Without passwordCallback I get "WSHandler: application provided null or empty password" – Misha Mar 22 '17 at 08:46
No, I meant org.apache.ws.security.crypto.merlin.keystore.private.password – Colm O hEigeartaigh Mar 22 '17 at 16:17
1

This property doesn't solve the problem. Still have the same exception – Misha Mar 23 '17 at 13:52

score 0 · Accepted Answer · answered Mar 23 '17 at 13:54

0

Found out the solution by setting the password in requestContext:

client.getRequestContext().put("password", "PASSWORD");

answered Mar 23 '17 at 13:54

Misha

828
10
23

Alternative to CXF WSPasswordCallback

2 Answers2