WS-Security

[junior]

I am making progress...
I had many problems, one was that i wasn't referencing the keystore bean when creating the processor, on the client side:

cprocessor = factory.createProcessorForSecurityConfiguration(xw ssConfig
.getInputStream(),
(KeyStoreCallbackHandler) applicationContext.getBean("keyStoreHandler"));

Another thing was that I had to add the keystore and truststore in order to check for the certificate:

<bean id="keyStoreHandler" class="org.springframework.ws.soap.security.xwss.c allback.KeyStoreCallbackHandler">
<property name="keyStore" ref="trustStore"/>
<property name="privateKeyPassword" value="wspassword"/>
<property name="trustStore" ref="trustStore" />
</bean>

Is this a good way to do it?

Now I want to add authentication using AcegiCertificateValidationCallbackHandler.
How do I pass the keystore and the password to this handler? Or should I just pass the certificate? if so, how?

Thanks,
Junior

[Arjen Poutsma]

The AcegiCertificateValidationCallbackHandler does not need the key store nor the password. Basically, certificate validation consists of two phases:

1. Validate the general validity of the cert (i.e. it hasn't expired, it is trusted, etc). This is done by the keystore handler.
2. Authenticate with the certificate. This is done by the acegi handler.

So generally, you will need both, but both do a different thing.