I have a partner who has implemented an STS in .NET. They require a
custom-generated UsernameToken tag within the wsse:Security header. The
tag has a unique namespace and its contents are unique.
If I add WSHandlerConstants.USERNAME_TOKEN to the
WSHandlerConstants.ACTION property, it produces a wsse:UsernameToken.
However, they want this custom tag to be a child of the wsse:Security tag:
Map<String, Object> outProps = new HashMap<String, Object>();
outProps.put(WSHandlerConstants.ACTION,
WSHandlerConstants.SAML_TOKEN_UNSIGNED + " " +
WSHandlerConstants.USERNAME_TOKEN);
outProps.put(WSHandlerConstants.SAML_PROP_FILE, "saml.properties");
outProps.put(WSHandlerConstants.USER, "foo_username");
outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
outProps.put(WSHandlerConstants.MUST_UNDERSTAND, "true");
outProps.put(WSHandlerConstants.PW_CALLBACK_REF, new
PasswordHandler("bar_password"));
WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
//request
bus.getOutInterceptors().add(wssOut);
I've tried extending WSS4JOutInterceptor, building my token in the
handleMessage method and adding it to the headers using:
Header header = new Header(qname, elem);
msg.getHeaders().add(header);
But this ends up as its own header.
Is there someway that I can add to the wsse:Security tag, or modify the
wsse:UsernameToken tag?
Thanks,
Dylan McReynolds
