Uploaded image for project: 'WSS4J'
  1. WSS4J
  2. WSS-551

Property passwordEncryptorInstance is not honored

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.0.5
    • 2.0.6, 2.1.3
    • None
    • None

    Description

      The configuration documentation says

      Tag name Tag value Tag meaning
      WSS4J 2.0.0 PASSWORD_ENCRYPTOR_INSTANCE passwordEncryptorInstance A PasswordEncryptor instance used to decrypt encrypted passwords in Crypto properties files. The default is the JasyptPasswordEncryptor.

      When configuring a passwordEncryptorInstance for WSS4JOutInterceptor (line 20) the property is not honored.

      <?xml version="1.0" encoding="UTF-8"?>
      <beans xmlns="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws"
        xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
      		http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">
      
        <jaxws:endpoint id="hello" address="/hello"
          implementor="de.wlami.wss4jexample.Service">
          <jaxws:outInterceptors>
            <bean id="TimestampSignEncrypt_Response"
              class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
              <constructor-arg>
                <map>
                  <entry key="action" value="Timestamp Signature" />
                  <entry key="user" value="servicekey" />
                  <entry key="signaturePropFile" value="serviceKeystore.properties" />
                  <entry key="encryptionPropFile" value="serviceKeystore.properties" />
                  <entry key="encryptionUser" value="useReqSigCert" />
                  <entry key="passwordCallbackClass" value="de.wlami.wss4jexample.PasswordCallback" />
                  <entry key="passwordEncryptorInstance" value-ref="customPasswordEncrypter" />
                </map>
              </constructor-arg>
            </bean>
          </jaxws:outInterceptors>
        </jaxws:endpoint>
      
        <bean id="customPasswordEncrypter" class="de.wlami.wss4jexample.CustomPasswordEncrypter"></bean>
      
      </beans>
      

      The only code which seems to use the documented property is located in org.apache.wss4j.stax.ConfigurationConverter.parseCrypto(Map<String, Object>, WSSSecurityProperties). However this method is only called from test classes as far as i could see. Using the given configuration the default JasyptPasswordEncryptor is created instead of the configured class.

      Attachments

        1. wss4j-example.zip
          8 kB
          Wladislaw Mitzel
        2. WSS-551_WSHandler.patch
          2 kB
          Wladislaw Mitzel

        Activity

          People

            coheigea Colm O hEigeartaigh
            wmitzel Wladislaw Mitzel
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: