On Mon November 9 2009 11:33:03 am Steven Thein wrote: > Hi all, > > Currently we are using CXF2.2.2 for our Web Services. Does > CXF 2.2.4 have more support on UsernameToken profile with encryption than > CXF 2.2.2?
Can you define what you mean by "UsernameToken profile with encryption"? Are you talking about using a X509 cert (or similar secret) to encrypt the UsernameToken element (and other elements) in the message? Or are you talking about deriving a key from the UsernameToken to use in encrypting the body? The first should be completely supported. The second is possibly supported if you use the "raw" WSS4JIn/OutInterceptors. You may need to consult the wss4j code for information on how to actually configure that. Support for it was added in WSS4J 1.5.8 so it may be possible. It's not supported in the WS-SecPolicy based stuff in CXF yet. The SecPolicy based builders would need to be updated to call the added APIs in wss4j to get the derived keys. It's PROBABLY not a huge amount of work. If you would like to help out (at least to get your specific use case working), I can provide pointers of where to start. -- Daniel Kulp [email protected] http://www.dankulp.com/blog
