Hi. This is my first post!
I am working with a web service that has employed a "custom" security
solution roughly based on STS. After I receive a "token" from their STS
(using their custom library) I have to embed the opaque token in a
custom header inside the wsse:Security soap header. Roughly like:
<wsse:Security>
<SecurityToken>
<TokenValue>4321fade4321fade</TokenValue>
</SecurityToken>
</wsse:Security>
(along with timestamping).
The SecurityToken element is associated with their namespace.
The session token will be common for _all_ requests using the service,
but it will change over time as a session has a TTL (i.e. once a day the
session token will need to be updated).
I have looked at the WSS4JOutInterceptor but it seems to only be able to
handle "standard" things like UsernameToken.
I have also looked at the "custom actions" but I don't understand what
the statement "integer representing the WSS4J action identifier" means,
nor what indeed a WSS4J action is, or how to make one.
Can someone point me in the right direction?
Thanks,
David Mansfield
Cobite, INC.
