Why not just use a SOAP stack such as CXF or Axis which will take care of all this for you? If you really insist on implementing your own parsing, you could take a look at the WSS4JInInterceptor in CXF, to see how it sets up the configuration + processing for WSS4J to parse the security header:
https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob_plain;f=rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java;hb=HEAD Colm. On Thu, Aug 7, 2014 at 5:41 PM, Adrian Williamson <[email protected]> wrote: > Hi, > > Using "public class SecurityManager implements > SOAPHandler<SOAPMessageContext>" and wsimport: > > I've now managed to get the remote server to send me back a SOAP message > which has the timetamp and body signed and the body encrypted. > > So I've been looking around the internet and I've got to the point where I > think I need to use: > > results = > > this.secEngine.processSecurityHeader(doc,null,this.callbackHandler,this.cryp > to); > > But this is throwing an exception: > > "The private key for the supplied alias does not exist in the keystore" > > So I've got one keystore with all the certificates in it for the client and > the remote server. > > I think I need to tell secEngine or the callbackhandler which alias and > password to use - but I'm not sure - is it supposed to get this information > from the security header returned in the SOAP message? > > I was looking at this for inspiration: > > > http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/tes > > t/java/org/apache/wss4j/dom/components/crypto/CryptoProviderTest.java?revisi > on=1503186&view=co > > But if anyone has a better source please point it out. > > Or you can tease me by suggesting some classes and method names and I'll > join the dots. > > Thanks > > Adrian > > > > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
