Chuck Hinson <chinson <at> gestalt-llc.com> writes: > > FWIW, we needed some WSSE processing for something we were doing a few > months ago. We started out with Wss4j, but it didn't handle > certificate-based signing, so we switched to XWss (part of glassfish). > > Both of these require valid SOAP envelopes (don't know how that fits in > with your Restlet plans) and XWss definitely had some (painful) quirks > (as of 6 months ago). Neither required a SOAP stack (which is why we > selected them), and we did use them as part of a Restlet-base app, but > not as guards. > > --Chuck > > -----Original Message----- > From: news [mailto:news <at> sea.gmane.org] On Behalf Of Sebastien PLISSON > Sent: Friday, August 31, 2007 3:30 PM > To: discuss <at> restlet.tigris.org > Subject: WSSE lib, Guard and restlet > > Hi, > > I m looking for a good WSSE java library that I could use to implement a > Guard that woul manage WSSE security in the Restlet API. > > Any idea ? comment ? > > Thanks > > Sebastien > >
Hello, For now, Im using wss4j but I ll try XWss. I ve made a customized Guard where i override the authenticate method to check that X-WSSE header received is correct and to allow/deny access to resource. See you -seb
