[
https://issues.apache.org/jira/browse/WSS-645?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16791538#comment-16791538
]
Frank Henningsen commented on WSS-645:
--------------------------------------
Hi Colm,
sorry for coming back - but im stuck and even google/stackoverflow cant help me
no more :) Ive been looking through all streaming WS-SecurityPolicy tests and
used org.apache.wss4j.policy.stax.test.AsymmetricBindingIntegrationTest as the
starting point for implementing a solution for signing/encrypting SOAP messages
via a WS-SecurityPolicy (skat-b2b-x509-policy.xml).
A lot of my implementation is taken from the WSS4J test code which seems wrong
and i probably am missing some more knowledge about WSS but im confused why its
so difficult to make a simple standalone WSS4J implementation that creates a WS
header from a WS-SecurityPolicy. Due to deadlines i need to abort my idea of
using a WS-SecurityPolicy as the configuration for a WS-Header and create a
hardcoded solution that generates the WS-Header step by step. The backend
solution i need to integrate with use CXF (with WS-SecurityPolicy).
>From a developer point of view it would be beautifull with a simple quickstart
>example on how to use WSS4J, using the WSS4J test code was not intuitive to me
> :)
> using WSS4j to genrate WS-SecurityPolicy without CXF
> ----------------------------------------------------
>
> Key: WSS-645
> URL: https://issues.apache.org/jira/browse/WSS-645
> Project: WSS4J
> Issue Type: Improvement
> Components: WSS4J Core
> Affects Versions: 2.2.2
> Reporter: Frank Henningsen
> Assignee: Colm O hEigeartaigh
> Priority: Minor
> Attachments: skat-b2b-x509-policy.xml
>
>
> Dear Team WSS4J
> i have a task to sign and encrypt webservices that use a WS-SecurityPolicy
> (see attachmant) in a SAP environment where sending/receiving SOAP request is
> not part of the solution, i only need to transform/decorate the SOAP requests
> with WSS for webservices that use a WS-SecurityPolicy. I would have liked to
> create a solution that given a WS-SecurityPolicy could use WSS4J to generate
> the appropriate WSS header and body, but for reasons i dont understand this
> is only possible using CXF.
> CXF use PolicyOutInterceptor (see
> [http://cxf.apache.org/using-ws-policy-in-cxf-projects)] to decorate SOAP
> requests.
> To me it seems strange that WSS4J has implemented the WS-SecurityPolicy
> support in another framework (CXF) so i propose that the WS-SecurityPolicy
> implementation also should be supported by the core WSS4J core :)
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
