Hello,
I have a use case where a client (SOAP Client) have to send secure SOAP
messages to web services using "UsernameToken Signature" profile. The
Signature is used for signing UsernameToken as well as certain parts of
the body. Client have a different set of username and password for each
web services it is sending request to.
I have learnt from the WSS4J code that the performSIGAction and
performUTAction both look into reqData.username to get the password. For a
given SOAP request WSS4J uses same username to attach UsernameToken and to
get password for the Privatekey for the Signature. Given the fact that the
client is going to contact multiple web services and have different set of
username password, it is difficult to have client's private key under the
same alias as the username for each request. I was wondering if I could
configure WSS4J properties to change this behaviour so that WSS4J could
use different usernames to attach the UsernameToken and retrive privatekey.
Appereciate any help.
Thanks,
Ashok.
