I think you are looking for the virtual encryptionUser "useReqSigCert" that takes the public key, that was used to sign the request, to encrypt the reply - see [1]. I'm not sure if it's documented anywhere else. Regards Brian [1] http://cvs.apache.org/viewcvs.cgi/ws-fx/wss4j/src/org/apache/ws/security/han dler/WSHandlerConstants.java?view=markup
________________________________ From: Garzon Maldonado, Jesus Javier [mailto:[EMAIL PROTECTED] Sent: 12. maj 2005 16:43 To: [email protected] Subject: Help needed building secure and scalable web services Hello all, Suppose we have a Client, (called Client01), that invokes a web service, (called Service01), secured with wss4j both request and response. If we want to encrypt request made from Client01 to Service01 we should define in client-config.wsdd a sender handler with the following parameters: <parameter name="user" value="user01"/> <parameter name="encryptionUser" value="server01"/> ... On the other side, in order to encrypt the response, server's sender handler should include the following parameters: <parameter name="user" value="server01"/> <parameter name="encryptionUser" value="user01"/> ... (server01 and user01 are aliases of server and client certificates respectively) So far so good... but, what happens if this service is called from several clients, each one with its own digital certificate?, how can I configure server's handlers to use in the response client's certificate received with service request? Help would be appreciated. Regards.
