Hello, I am testing CXF 2.0.3 incubator. I have a "java first / spring" working example of both the request and response using WSS4J Timestamp and Signature.
I was wondering if anyone has a suggestion on how to prevent a "man in the middle" from replaying the request (if he does this before the Timestamp expires)? **I can't verify his IP address because he will be coming through a firewall. I do plan on encrypting the data and that would probably make this a non-issue, but I am still having issues trying to get encryption to work. Any suggestions would be appreciated.
