[
https://issues.apache.org/jira/browse/CXF-4049?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh updated CXF-4049:
-------------------------------------
Fix Version/s: 2.5.3
2.4.7
> Check external CryptoProvider from message context properties in
> Wss4jInInterceptor
> -----------------------------------------------------------------------------------
>
> Key: CXF-4049
> URL: https://issues.apache.org/jira/browse/CXF-4049
> Project: CXF
> Issue Type: Improvement
> Components: Core
> Affects Versions: 2.5.1
> Environment: Windows
> Reporter: Andrei Shakirin
> Assignee: Colm O hEigeartaigh
> Fix For: 2.4.7, 2.5.3
>
> Attachments: WSS4JInInterceptor.patch
>
>
> Hi,
> Just a small improvements in Wss4jInInterceptor.
> Normally CryptoProvider doesn't instantiated directly via CryptoFactory, but
> firstly tried to obtained from message context properties
> (SecurityConstants.ENCRYPT_CRYPTO, SecurityConstants.SIGNATURE_CRYPTO). And
> only if the properties are not set, CryptoProvider is instantiated via
> CryptoFactory. This gives the possibility to replace Merlin CryptoProvider to
> custom one (probably non keystore based).
> AbstractBindingBuilder, XmlSignHandler, SAMLUtils are working in this way.
> Unfortunatelly it is not the case for Wss4jInInterceptor. It doesn't
> initializes crypto provider in RequestData and crypto provider is always
> created via CryptoFactory. It makes impossible to use custom implementation
> of CryptoProvider in incoming chain.
> Patch is attached.
> Regards,
> Andrei.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
