On Thu, 2009-01-08 at 14:40 -0500, Lawrence Johnbosco wrote: > Do any of you have a working sample that implements both the WS-Security > UsernameToken and WS-Security Encryption together? I'm trying with two WSS4J > In and Out Interceptors - one for UsernameToken and the other for > WS-Security Encryption but ran into issues.
Someone may have a better answer, but I managed to cobble something together a few months back. I wrote it up here: https://i-proving.ca/space/Technologies/Apache+CXF/Provider+Services+and +WS-Security The encryption part is near the bottom of the page. My posting on this list: http://www.mail-archive.com/[email protected]/msg03037.html I wasn't especially happy with the result since the changes I made rendered the framework incapable of handling other sorts of encryption. I need to revisit the code in the near future since it turns out that system I'm building is using a non-standard definition of UsernameToken's key generation, so I'll have to include my own implementation of UsernameToken. If anyone has a better example, I'd love to see it as I'm sure that my code can be improved upon. Your idea of use multiple WSS4J interceptors is not something that I considered, and it may prove fruitful. Finally, there have been several notes about this in the past. I'm not sure that anyone has completely solved this problem to their own satisfaction. -Steve
