2 Replies Latest reply on Apr 21, 2006 11:09 AM by tet tet

    WSSecurity

    nuno oliveira Newbie

      In the link http://wiki.jboss.org/wiki/Wiki.jsp?page=WSSecurity, under "Core features" there's a mention to
      "Username tokens with JBossSX/JAAS integration"

      but no corresponding statement about X.509 tokens, which are also supported. So I would just ask someone to confirm that this isn't a typo and that there is indeed no integration with JBossSX/JAAS for digital signatures authentication via X.509 tokens as there is for the username token (and HTTPS client auth).

      I already posted this question in the security forum but was redirected here by JBoss CTO so just hope he is right and any other of you guys can help me.

      Thanks

        • 1. Re: WSSecurity
          Jason Greene Master

          Currently X.509 tokens are validated against a truststore that is local to the ws-security deployment. There is full support for digital signatures and encryption using them. There is not yet support for mapping this to a principal, though it could be done. There is one problem with adding support for this, which is that a WS-Security message may contain many X.509 tokens (perhaps one for signature, and one for encryption), so we would have to somehow decide to pick one.

          I have assigned this feature here (in case you choose to monitor it)

          http://jira.jboss.com/jira/browse/JBWS-652

          -Jason

          • 2. Re: WSSecurity
            tet tet Newbie

            I am trying to run the Jbossws examples with a axis wss4j based client. All my server side stuff seems working fine as the webservice is expecting a soap headers with the security. I am looking for the client side key store with the public key based certificate. In the examples, i am not finding the client related security information. Could you please tell me how to create the client side key store with the public key.