On Wednesday 10 December 2008 1:35:06 am Mayank Mishra > > What I did was, I had client and server side SecurityPolicy In and Out > Interceptors which processes the wsdl, transforms SecurityPolicy specified > in wsdl to respective Wss4J config (for Assymetric, Symmetric bindings). > Then I had WS-TrustInterceptor which plugs-in, dispatch-client for RST and > RSTR. I will change it to use endpoint.Client.invoke() (as per your > sugession). Also, I was thinking to have configurable (Entropy, Lifetime, > supported RequestedTokenType etc) STSImpl as ws-provider<Source> to have > Issue, Validate, Renew and Cancel operations being supported. So that CXF > Server to other client Interop can also be done. I can see Issue-RST right > now in the cxf-trunk code. > > It's getting very parallel, I guess I must take Trunk's SecurityPolicy and > Trust and build over it. Then I shall submit a patch to you in regard to > same.
That would be great. I didn't get a chance to touch anything today. :-( Seriously, the best bet is to open a JIRA (assign to me) and just start attaching patches. Small patches each day is perfectly fine and probably preferred so we both don't keep doing the same things. Do it long enough and annoy me enough and we'll make you a committer. :-) The SecurityPolicy stuff is working fairly well on the sending side. The receiving side is kind of a joke right now. We just use the wss4jInInterceptor and turn off all the validation. I need to actually write a new InInterceptor that will really validate with the policies. -- Daniel Kulp [EMAIL PROTECTED] http://dankulp.com/blog
