On Tue June 2 2009 3:06:52 pm bharath thippireddy wrote: > We are implementing User Name Token Profile for login on each web service > call to our application. Can you please answer the following questions. > > > > 1)We use the cxf-servlet.xml file to configure our endpoints. Is there a > way to enable wss4j and username token profile callback functionality at a > global(BUS) level instead of adding the line below to each endpoint.
Yea. The "<cxf:bus>" element can be used to add the interceptors to the Bus itself. That will apply to all the endpoint on the bus. > 2) What is best recommended approach to secure the username and password on > each call? Is it HTTPS or are there other ways to do it which are also > interoperable? HTTPs would be the best performing. The other option is to fully use WS- Security and use an X509 cert to encrypt the UsernameToken header in the message. -- Daniel Kulp [email protected] http://www.dankulp.com/blog
