Hello DKulp, Thank you very much for response.
So CXF 2.2.8 onwards I should be able to use 128 bit key for WS-SecureConverstationToken. That's great. In your reply, You mentioned "Tomorrow's snapshots should be all set." But I downloaded the 2.2.8 snapshot I got below error: May 6, 2010 1:34:29 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage WARNING: Request does not contain required Security header, but it's a fault. javax.xml.ws.soap.SOAPFaultException: An error occurred when verifying security for the message. Please confirm me, Is that problem solved or you are still working on that?? Thank you very much for your response. dkulp wrote: > > > This seems to be a "defect". Ideally, you would just need to change the > algorithmSuite in the SymetricBinding (not the bootstrap policy) of the > policy > from Basic256 to Basic128 and the runtime would pick that up and request a > 128bit key instead of a 256bit one. That isn't there right now though. > > I'm testing a fix now so it should get into 2.2.8. Tomorrow's snapshots > should be all set. > > > Dan > > > On Wednesday 05 May 2010 7:33:40 am Ashishz wrote: >> Hello Guys, >> I am using apache cxf for web service and using >> WS-SecureConverstationToken >> for security. But when I try to use it with normal jce which comes by >> default with jdk, I get the exception. >> >> Caused by: org.apache.xml.security.encryption.XMLEncryptionException: >> Illegal key size or default parameters >> Original Exception was java.security.InvalidKeyException: Illegal key >> size >> or default parameters >> >> Then I used the JCE with unlimited strength and it worked. >> >> But there are some legal obligations with JCE with unlimited strength. >> Some >> countries don't allow such encryption. In that perspective, I cant use >> this >> security module for my project. >> >> My question is: Is it mandatory to use JCE unlimited strength with >> WS-SecureConverstationToken + CXF? If not how can I leverage default JCE >> which shipped with JRE 6. >> >> Thank you very much in advance > > -- > Daniel Kulp > [email protected] > http://dankulp.com/blog > > -- View this message in context: http://old.nabble.com/Encryption-issue-tp28459661p28470467.html Sent from the cxf-user mailing list archive at Nabble.com.
