On Thursday 28 August 2008 11:54:25 am Steve Shaw wrote: > That is generally true. I would much rather sign the messages using a > PKI, but it looks like signing with the UT is a concept that has been > popularized by .NET's WSE and that is the model that is used by the > specification I am implementing. > > As far as I can tell, WSS4J supports this via the WsConstants.UT_SIGN > and WsHandlerConstants.SIGN_WITH_UT_KEY actions. > > I was hoping that CXF was able to support this extension of the > standard. If that is not the case then I'm going to have to roll my own > solution.
Rather than roll your own, it would be a huge help to fix the CXF implementation to support this. (this may also be a bug in WSS4J) One thing to check: WSS4J is VERY strict about the ordering of the Actions when reading/processing the message. For example, in my testcase I was working on this morning, there is a UsernameToken and a Timestamp in the message. If I use action="Timestamp UsernameToken", it barfed. However, action="UsernameToken Timestamp" worked fine. You MIGHT want to put a breakpoint in the WSS4JInInterceptor on the line: checkReceiverResults(wsResult, actions) and step into that method. It could be that the wsResults are in a different order than the actions and that's why it's not working. Dan > > -Steve > > On Wed, 2008-08-27 at 23:34 -0700, Glen Mazza wrote: > > Your premise seems bad. You sign messages with a private key, not a > > username. > > > > http://www.jroller.com/gmazza/entry/implementing_ws_security_with_the > > > > Glen -- Daniel Kulp [EMAIL PROTECTED] http://www.dankulp.com/blog
