Hi, I would like to encrypt and sign my requests any responses using WSS4J and UserToken but can't figure it out how to make it. I searched the archive and came across http://www.nabble.com/WSS4J-symmetric-encryption-td6097730.html http://www.nabble.com/WSS4J-symmetric-encryption-td6097730.html where is mentioned about symmetric encryption. Unfortunately links to axis2 snippets are dead and I couldn't track current path in svn.
I guess I should play with "encryptionKeyIdentifier", "EmbeddedKeyName", "encryptionPropFile" "encryptionSymAlgorithm" according to other link that works. However i still don't know how to make it. Especially how can i reference UserToken that is generated to be used to signature and encryption? I've tried on my own but http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/handler/WSHandlerConstants.html#keyIdentifier wss4j apidoc is not clear enough to me. I would appreciate any code snippets or links where it is explained in detail. In case it is not supported right now I'm also wondering is there any way to encrypt response from server (using x509 Certificates) without knowing client's public key in advance? I mean in many samples I saw that server's keystore had client's cert. I would like to avoid it since this requires modifing server with each new client. Does "useReqSigCert" has something to do it with? I'm new to WS-S and I hope there is some simple solution for my simple purposes. patrick -- View this message in context: http://www.nabble.com/ws-security%3A-Encryption-using-UserToken-tp14542558p14542558.html Sent from the Axis - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
