I responded to your question on StackOverflow, but I'll repeat it here: Honestly, I would recommend NOT using the WSS4J interceptors directly in CXF at this point. Instead, define a WS-Security policy fragment that will accurately describe the security requirements and attach that in the WSDL. Then add the appropriate properties (described http://cxf.apache.org/docs/ws-securitypolicy.html ) for the additional information the policy runtime will need.
The WS-Security Policy stuff is completely standards based and would be supported by all the various runtimes. The security requirement become part of the contract (WSDL) which is also important. Dan On Sep 7, 2012, at 8:58 AM, martin <[email protected]> wrote: > I walked through a number of tutorials and got a fairly simple timestamp > signature encryption scheme going. > But now i have to implement a more advanced solution, where each user has > their own keys and those keys can be found in multiple locations. Needless > to say i would have to post a lot of questions to get it to work. Instead i > have been looking for some documentation for the WS.Security In and Out > interceptors, more specifically what can go in the constructor map and how > those objects should be structured, but i can't find anything apart from a > very non-helpful CXF api. > > Does anyone know where i can find some actual documentation/manual type > documents for the security interceptors and callback classes? Or does no > such thing exist? > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/Documentation-for-wss4j-interceptors-tp5713696.html > Sent from the cxf-user mailing list archive at Nabble.com. -- Daniel Kulp [email protected] - http://dankulp.com/blog Talend Community Coder - http://coders.talend.com
