[英]Apache CXF / WSS4J Certificate Validation
Is seem that the only way the certificate (X509) validation performs is: if a request to the server contains a certificate, that is already in the server's keystore, process the request (and the same with the server's response). 似乎证书(X509)验证执行的唯一方法是:如果对服务器的请求包含服务器的密钥库中已存在的证书,则处理该请求(与服务器的响应相同)。
Could you, please, suggest a way to validate a certificate by the CRL and the root certificate? 您能否提出一种通过CRL和根证书验证证书的方法?
What about using spring security and cxf's <jaxws:inInterceptors>
? 使用spring security和cxf的
<jaxws:inInterceptors>
怎么样? Can't find a tutorial yet 找不到教程
PROGRESS Trying to write my own interceptor: PROGRESS试图写我自己的拦截:
public class MyInInterceptor extends AbstractPhaseInterceptor<Message> {
Logger logger = Logger.getLogger(MyInInterceptor.class);
public MyInInterceptor() {
super(Phase.PRE_PROTOCOL);
addAfter(WSS4JInInterceptor.class.getName());
}
private SOAPMessage getSOAPMessage(SoapMessage msg) {
SAAJInInterceptor.INSTANCE.handleMessage(msg);
return msg.getContent(SOAPMessage.class);
}
@Override
public void handleMessage(Message message) throws Fault {
logger.info("custom handleMessage method");
logger.info("getting a certificate");
HashMap engine = (HashMap) message.get("wss4j.signature.result");
X509Certificate certificate = (X509Certificate) engine.get("x509-certificate");
logger.info("parsing certificate");
}
For now the issue is to validate the certificate with any possible way, say the pure java.. 目前,问题在于以任何可能的方式来验证证书,例如纯Java。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.