Glen, See: http://e-docs.bea.com/wls/docs103/webserv_intro/interop.html
Particularly the section entitled: WS-SecurityPolicy Interoperability Guidelines "As a result, Microsoft .NET 3.0 encrypts the UsernameToken in the <sp:SignedSupportingTokens> policy assertion. If you use the <sp:SignedSupportingTokens> policy assertion without encrypting the UsernameToken, the WebLogic Server and .NET Web Services will not interoperate." Dan On Monday 13 October 2008 9:52:33 pm Glen Mazza wrote: > dkulp wrote: > >> I would > >> next like to test out the WS-SecurityPolicy configuration that Dan has > >> done. Is it supported only on the CXF 2.2 branch or both 2.1.x and > >> 2.2? > > > > Just 2.2. It's very "unstable" right now as I kind of move things > > around to get it working. Right now, there is pretty much no error > > handling (it likely will just printStackTrace and continue with > > unpredicatble results), I'll probably refactory the sending into 3 (or > > more) interceptors, and the incoming messages are currently not > > validated against the policies. Basically, there is still much work to > > do, but it's at a state where the basic usecases are working. The MS > > InteropFest usecases are now working (except the UsernameToken stuff, > > and I'm not sure why yet. Seems MS wants those encrypted, even if the > > policy says not to, but I haven't dug into all that yet. Not having a > > windows box is slightly hindering that progress.) > > By MS wanting messages encrypted, I'm unsure if you mean message-level or > transport-level encryption. Regardless, Jiandong Guo of the Metro team has > written[1] that Metro requires some type of encryption regardless of what > the policy says. I suspect it is to help idiot-proof their web service > stack, i.e., they would rather not support an experienced user who has the > rare requirement for unencrypted username/password tokens in order to keep > the system solid for the tons of newbies who might otherwise forget to > encrypt their SOAP messages. > > Glen > > [1] > http://www.nabble.com/Re%3A-How-to-implement-WS-Security-with-UsernameToken >-on-plain-HTTP-transport-p19445662.html -- Daniel Kulp [EMAIL PROTECTED] http://dankulp.com/blog
