Marc Giger created WSS-430:
------------------------------
Summary: Support for secured SOAP attachments
Key: WSS-430
URL: https://issues.apache.org/jira/browse/WSS-430
Project: WSS4J
Issue Type: New Feature
Components: WSS4J Core
Reporter: Marc Giger
Assignee: Marc Giger
Priority: Minor
Attachments: santuario-swa.diff, wss4j-swa.diff
The attached patches should serve as a basis for discussions how
the support for SwA in WSS4j and the integration in
a SOAP-Stack should look like.
Some notes to the patch:
- Applies to the current trunk of santuario and wss4j.
- The client side demonstrates the DOM approach whereas the server side uses
the StAX implementation.
- I've implemented the very basic just to have a working proof-of-concept.
- Attachments are requested via callback from the soap-stack because
- of decoupling from soap-stack
- to support full streaming from network to SIB as far as possible
- CXF dependencies are just a leftover from V1 and because the
SecurityInInterceptor is not ported to V2
- Encryption / Decryption of an attachment is streaming oriented, no buffering
is done in WSS4J.
- Signature creation and verification is at the moment buffered in WSS4j but
the signature-verification can, under some conditions, be streamed as well.
- To prevent patching of CXF for the prototype the WSS4J Interceptors and some
dependencies are copied and modified and also included in the patch. The
santuatio changes are necessary for the StAX impl.
For DOM all necessary santuario changes are done via reflection or other
hacks for now.
Feedback is very welcome and also necessary!
Thanks,
Marc
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
