The best way to configure WS-Security in CXF is via WS-SecurityPolicy.
However, you can sign the timestamp instead using spring by adding a
property like this:
<property name="signatureParts"
value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp"/>
Colm.
On Thu, Mar 3, 2011 at 4:51 PM, Morris Jr, David P
<[email protected]> wrote:
> I noticed that the digital signature signs the soap body by default. Using
> SOAPUI and changing the request message in the soap body.
>
> Question: How do I specify in CXF to sign the digital timestamp instead? This
> is to prevent replay attacks. I assume there is a property setting in
> CXF+Spring that I need to set.
>
> I'm still researching...
>
> Thanks!
>
> Dave
>
