We are implementing User Name Token Profile for login on each web service call
to our application. Can you please answer the following questions.
1)We use the cxf-servlet.xml file to configure our endpoints. Is there a way to
enable wss4j and username token profile callback functionality at a global(BUS)
level instead of adding the line below to each endpoint.
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
<map>
<entry key="action" value="UsernameToken"/>
<entry key="passwordType" value="PasswordText"/>
<entry key="passwordCallbackRef">
<ref bean="myPasswordCallback"/>
</entry>
</map>
</constructor-arg>
</bean>
2) What is best recommended approach to secure the username and password on
each call? Is it HTTPS or are there other ways to do it which are also
interoperable?
Thanks and regards,
Bharath
