Re: WSS4J vs. Apache XML security for digital signatures?

[Soactive Inc]

I use the following links to help me understand and implement Web Service security for Axis-based services and they work pretty well. I would advise against using XML security directly if you are not used to dealing with the intricacies of security for XML. The WSS4J abstraction is meant to shield you from doing just that and also to easily comply with the WS-Security standard:

- http://ws.apache.org/wss4j/axis.html

- http://wiki.apache.org/ws/FrontPage/WsFx/wss4jParameters

- http://ws.apache.org/wss4j/package.html

-Arun

On 11/4/05, Allen Cronce <[EMAIL PROTECTED]> wrote:

Hi all,

I'm interested in adding digital signatures to our Axis 1.3 based soap
service. Originally I had assumed that I would use WSS4J (or something
like it) to do implement this. But the Axis example code uses Apache XML
Security directly, via a sample helper class called SignedSOAPEnvelope.
And posts to this list seem to be split in their recommendations.

Can anyone with practical experience adding security to their Axis
service comment on the best overall direction to proceed?

Best regards,
--
Allen Cronce