Hi, I have a server with WS-Security enabled on WSS4J, in order to handle signature and encryption of the soap message.
The client encrypt the soap message with server public key, and sign it with its private key. The server validate signature with public client key and decrypt it with its private key. Then the response is sent to the client - signed by the private server key and encrypted with the client public key. It works well, but the only thing that bother me, is that the server encryption has to be done by setting up the "encryption user" property with the client name. Since this name is changing for each request, I don't know where to put this information. I would like to have the public key of the client that signed the request directly used to encrypt the response, is there a simple way to achieve this behavior ? Thanks
