[jira] [Commented] (WSS-645) using WSS4j to genrate WS-SecurityPolicy without CXF

Thu, 07 Mar 2019 06:46:08 -0800 


    [ 
https://issues.apache.org/jira/browse/WSS-645?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16786846#comment-16786846
 ] 

Colm O hEigeartaigh commented on WSS-645:
-----------------------------------------

The WS-SecurityPolicy implementation was historically developed at the Axis 
project, and subsequently ported to CXF. Porting it to a web service stack 
neutral project like WSS4J is not going to happen at this stage unless someone 
volunteers to do the work, as WSS4J is quite mature and there has been no 
demand for this to happen up til now. One option you have though, if you don't 
want to use CXF, is to use the streaming WS-SecurityPolicy implementation. That 
is all done in WSS4J with only a fairly thin layer in CXF to set up the 
messages etc.

> using WSS4j to genrate WS-SecurityPolicy without CXF
> ----------------------------------------------------
>
>                 Key: WSS-645
>                 URL: https://issues.apache.org/jira/browse/WSS-645
>             Project: WSS4J
>          Issue Type: Improvement
>          Components: WSS4J Core
>    Affects Versions: 2.2.2
>            Reporter: Frank Henningsen
>            Assignee: Colm O hEigeartaigh
>            Priority: Minor
>         Attachments: skat-b2b-x509-policy.xml
>
>
> Dear Team WSS4J
> i have a task to sign and encrypt webservices that use a WS-SecurityPolicy 
> (see attachmant) in a SAP environment where sending/receiving SOAP request is 
> not part of the solution, i only need to transform/decorate the SOAP requests 
> with WSS for webservices that use a WS-SecurityPolicy. I would have liked to 
> create a solution that given a WS-SecurityPolicy could use WSS4J to generate 
> the appropriate WSS header and body, but for reasons i dont understand this 
> is only possible using CXF.
> CXF use PolicyOutInterceptor (see 
> [http://cxf.apache.org/using-ws-policy-in-cxf-projects)] to decorate SOAP 
> requests. 
> To me it seems strange that WSS4J has implemented the WS-SecurityPolicy 
> support in another framework (CXF) so i propose that the WS-SecurityPolicy 
> implementation also should be supported by the core WSS4J core :)



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to