Hi Patrick, However what is still not clear to me is why in that sample there are using > passwordCallbackClass to set key along with > encryptionPropFile/decryptionPropFile > (which eventually points to keystore). Shouldn't keystores be redundant > in symmetric encryption?
Yes, in this scenario we don't need encryptionPropFile/decryptionPropFile as they are only needed when using a key store. This means that sample should work if just remove the redundant encryptionPropFile/decryptionPropFile attributes from the configuration. But there is a check in WSS4J which checks whether there is a property file when ever there is encryption. This check should be done only if a key store is involved. But this is bit tricky when it comes to decryption as this information ( whether an embedded key was used ) is only available while processing the encrypted elements but the key store is loaded in an earlier stage. But if we just remove that check this sample works fine with encryptionPropFile/decryptionPropFile attributes removed from the security configuration parameters. Thanks, Nandana
