[
https://issues.apache.org/jira/browse/WSS-645?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16791646#comment-16791646
]
Frank Henningsen commented on WSS-645:
--------------------------------------
btw for reference here is the source code i used but now finished or working,
the policy is NOT used in implementation, for reasons unknown is the policy
only used as input :)
{code:java}
private String signXML(InputStream inputXML) throws Exception {
final WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
final CallbackHandler callbackHandler = new CallbackHandlerImpl();
outSecurityProperties.setCallbackHandler(callbackHandler);
outSecurityProperties.setEncryptionUser(KEY_ALIAS);
final URL clientKeystore =
this.getClass().getClassLoader().getResource("clientKeystore.jks");
outSecurityProperties.loadEncryptionKeystore(clientKeystore,
KEY_PASSWORD.toCharArray());
outSecurityProperties.setSignatureUser(KEY_ALIAS);
outSecurityProperties.loadSignatureKeyStore(clientKeystore,
KEY_PASSWORD.toCharArray());
outSecurityProperties.addSignaturePart(new
SecurePart(WSSConstants.TAG_WSU_TIMESTAMP, SecurePart.Modifier.Element));
outSecurityProperties.addSignaturePart(new
SecurePart(WSSConstants.TAG_SOAP11_BODY, SecurePart.Modifier.Element));
outSecurityProperties.addEncryptionPart(new
SecurePart(WSSConstants.TAG_WSU_CREATED, SecurePart.Modifier.Element));
outSecurityProperties.addEncryptionPart(new
SecurePart(WSSConstants.TAG_WSU_EXPIRES, SecurePart.Modifier.Content));
outSecurityProperties.addEncryptionPart(new
SecurePart(WSSConstants.TAG_SOAP11_BODY, SecurePart.Modifier.Content));
List<WSSConstants.Action> actions = new ArrayList<>();
actions.add(WSSConstants.TIMESTAMP);
actions.add(WSSConstants.SIGNATURE);
actions.add(WSSConstants.ENCRYPT);
outSecurityProperties.setActions(actions);
ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties,
inputXML);
String outputXML = new String(baos.toString("UTF-8"));
return outputXML;
}{code}
> using WSS4j to genrate WS-SecurityPolicy without CXF
> ----------------------------------------------------
>
> Key: WSS-645
> URL: https://issues.apache.org/jira/browse/WSS-645
> Project: WSS4J
> Issue Type: Improvement
> Components: WSS4J Core
> Affects Versions: 2.2.2
> Reporter: Frank Henningsen
> Assignee: Colm O hEigeartaigh
> Priority: Minor
> Attachments: skat-b2b-x509-policy.xml
>
>
> Dear Team WSS4J
> i have a task to sign and encrypt webservices that use a WS-SecurityPolicy
> (see attachmant) in a SAP environment where sending/receiving SOAP request is
> not part of the solution, i only need to transform/decorate the SOAP requests
> with WSS for webservices that use a WS-SecurityPolicy. I would have liked to
> create a solution that given a WS-SecurityPolicy could use WSS4J to generate
> the appropriate WSS header and body, but for reasons i dont understand this
> is only possible using CXF.
> CXF use PolicyOutInterceptor (see
> [http://cxf.apache.org/using-ws-policy-in-cxf-projects)] to decorate SOAP
> requests.
> To me it seems strange that WSS4J has implemented the WS-SecurityPolicy
> support in another framework (CXF) so i propose that the WS-SecurityPolicy
> implementation also should be supported by the core WSS4J core :)
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
