Hi!
I have to communicate with a webservice using SOAP messages and for
that i'm gonna use Axis combined with WSS4J, but i don't really
understand how WSS4J works....
I think it works like this...please let me know if i'm right...
When you send a SOAP message from the client, it uses the deployment
descriptor in order to know wich hander will be use as well as the file
to get the signature properties and the passwordCallback class. Once it
gets the data from the crypto.properties(the keystore file, the alias of
the certificate and the password to access the certificate), it calls
the passwordCallback class in order to get the password for using the
private key. Finally, it gets access to the private key and uses it to
sign the SOAP message, and after that, it includes the public key and
the signature in a SOAP header..
The server would do the opposite. It would get the signed message from
the client, then it would call the handler, read the keystore and get
the public key of the client in order to verify the signature. In this
case, no passwordCallback class would be needed.
Please let me know if I'm right... if not, please let me know wich is
the right way of working...
Thank you very much!
--
Un saludo,
Tomás Tormo Franco
Indenova, S.L.
Tels.: +34 963 81 99 47 ext.519
http://www.indenova.com
mailto:[EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
