Uploaded image for project: 'Spring Web Services'
  1. Spring Web Services
  2. SWS-426

Allow Wss4jSecurityInterceptor to accept arbitrary client certificate in validation phase


    • Type: New Feature
    • Status: Closed
    • Priority: Trivial
    • Resolution: Won't Fix
    • Affects Version/s: 1.5.4
    • Fix Version/s: 1.5.5
    • Component/s: Security
    • Labels:
    • Environment:
      Wss4j 1.5.4


      Imagine a webservice which uses encrypted request and response message. Client can sign the message by its private key and attach its certificate which will be used on the server side to encrypt a response message. (This correspons to the Binary Security tokens or DirectReference option and can be achieved by setting "useReqSigCert" for securementEncryption user). However, Wss4j interceptor tries to validate the incoming client certificate against the Crypto specified in validationSignatureCrypto. Consequently, this requires a keystore which contains the client certificate, thus complicating client certificate management.

      Wss4j could introduce an option which would accept arbitrary client certificate on validation.


        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Open Open Resolved Resolved
        16d 22h 45m 1 Arjen Poutsma 22/Sep/08 12:40 AM
        Resolved Resolved Closed Closed
        1320d 6h 23m 1 Arjen Poutsma 04/May/12 7:03 AM


          • Assignee:
            tareq Tareq Abedrabbo
            novotnyr Robert Novotny
          • Votes:
            0 Vote for this issue
            1 Start watching this issue


            • Created: