Hi David, > I have also looked at the "custom actions" but I don't understand what the > statement "integer representing the WSS4J action identifier" means, nor what > indeed a WSS4J action is, or how to make one.
You could take a look at the following unit test "testCustomAction": http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptorTest.java?view=markup You need to implement your own Action implementation to insert the token in the security header: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/action/Action.java?view=markup Then you need to tell WSS4J to use this Action implementation corresponding to a given integer. From the test: CountingUsernameTokenAction action = new CountingUsernameTokenAction(); Map<Object, Object> customActions = new HashMap<Object, Object>(1); customActions.put(WSConstants.UT, action); ... msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN); msg.put(WSS4JOutInterceptor.WSS4J_ACTION_MAP, customActions); The integer you associate with the action needs to be added via WSHandlerConstants.ACTION. The example above is a tad confusing, as it overrides the UsernameTokenAction rather than specifying a new action. Colm. On Thu, Mar 15, 2012 at 2:43 PM, David Mansfield <[email protected]> wrote: > Hi. This is my first post! > > I am working with a web service that has employed a "custom" security > solution roughly based on STS. After I receive a "token" from their STS > (using their custom library) I have to embed the opaque token in a custom > header inside the wsse:Security soap header. Roughly like: > > <wsse:Security> > <SecurityToken> > <TokenValue>4321fade4321fade</TokenValue> > </SecurityToken> > </wsse:Security> > > (along with timestamping). > > The SecurityToken element is associated with their namespace. > > The session token will be common for _all_ requests using the service, but > it will change over time as a session has a TTL (i.e. once a day the session > token will need to be updated). > > I have looked at the WSS4JOutInterceptor but it seems to only be able to > handle "standard" things like UsernameToken. > > I have also looked at the "custom actions" but I don't understand what the > statement "integer representing the WSS4J action identifier" means, nor what > indeed a WSS4J action is, or how to make one. > > Can someone point me in the right direction? > > Thanks, > David Mansfield > Cobite, INC. > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
