how to load the cxf wss4j crypto property file from external location other than the classpath

Question

i am trying to externalize the crypto.properties files which is needed to sign the SOAP CXF request messages. According to the framework it should have the property file in the classpath. I am not able to load it from external. Please help me , i have tried a lot of techniques.

i am getting the below exception

org.apache.ws.security.WSSecurityException: General security error (Cannot load the resource file:

it is very necessary to externalize the file as we have synced up our development and production environment code base

The CXF framework used is 2.6.10

Answer 1

As noted in Colm O hEigeartaigh's answer it is possible to load the configuration settings from an external file using recent versions of CXF and WSS4J. However, this still means needing to write the properties to a file and loading them again.

You can also construct a Properties object in-memory, and have CXF use that instead. This also works for older CXF versions. This is done by extending WSS4JInInterceptor and WSS4JOutInterceptor, and then overriding the Crypto loadCryptoFromPropertiesFile(String propFilename, RequestData reqData) method and just returning your own Crypto object, which you can create using CryptoFactory.getInstance(properties).

So something like:

Properties cxfProps = new Properties();
cxfProps.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
cxfProps.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
cxfProps.setProperty("org.apache.ws.security.crypto.merlin.keystore.alias", "client");
cxfProps.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", PASSWORD);
cxfProps.setProperty("org.apache.ws.security.crypto.merlin.keystore.file", "keystore.j2");

Crypto crypto = CryptoFactory.getInstance(cxfProps);

Map<String, Object> inProps = new HashMap<String, Object>();
Map<String, Object> outProps = new HashMap<String, Object>();

inProps.put(WSHandlerConstants.ACTION, "Signature");
inProps.put(WSHandlerConstants.SIG_PROP_FILE, "dummy_value"); // Only necessary to avoid NPE

outProps.put(WSHandlerConstants.ACTION, "Signature");
outProps.put(WSHandlerConstants.USER, "client");
outProps.put(WSHandlerConstants.SIG_PROP_FILE, "dummy_value"); // Only necessary to avoid NPE

WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps) {
  @Override
  protected Crypto loadCryptoFromPropertiesFile(String propFilename, RequestData reqData)
      throws WSSecurityException {
    return crypto;
  }
};
WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps) {
  @Override
  protected Crypto loadCryptoFromPropertiesFile(String propFilename, RequestData reqData)
      throws WSSecurityException {
    return crypto;
  }
};

Answer 2

It is supported, see my comment here: https://issues.apache.org/jira/browse/WSS-540