Thanks Steve, I'll give a try. Lawrence. On Thu, Jan 8, 2009 at 4:03 PM, Steve Shaw <[email protected]> wrote:
> On Thu, 2009-01-08 at 14:40 -0500, Lawrence Johnbosco wrote: > > > Do any of you have a working sample that implements both the WS-Security > > UsernameToken and WS-Security Encryption together? I'm trying with two > WSS4J > > In and Out Interceptors - one for UsernameToken and the other for > > WS-Security Encryption but ran into issues. > > Someone may have a better answer, but I managed to cobble something > together a few months back. I wrote it up here: > > https://i-proving.ca/space/Technologies/Apache+CXF/Provider+Services+and > +WS-Security > > The encryption part is near the bottom of the page. > > My posting on this list: > > http://www.mail-archive.com/[email protected]/msg03037.html > > I wasn't especially happy with the result since the changes I made > rendered the framework incapable of handling other sorts of encryption. > I need to revisit the code in the near future since it turns out that > system I'm building is using a non-standard definition of > UsernameToken's key generation, so I'll have to include my own > implementation of UsernameToken. > > If anyone has a better example, I'd love to see it as I'm sure that my > code can be improved upon. Your idea of use multiple WSS4J interceptors > is not something that I considered, and it may prove fruitful. > > Finally, there have been several notes about this in the past. I'm not > sure that anyone has completely solved this problem to their own > satisfaction. > > -Steve >
