cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lawrence Johnbosco" <lawrence.johnbo...@gmail.com>
Subject Re: WS-Security UsernameToken and WS-Security Encryption together
Date Thu, 08 Jan 2009 21:11:04 GMT
Thanks Steve, I'll give a try.
Lawrence.

On Thu, Jan 8, 2009 at 4:03 PM, Steve Shaw <steve@intelliware.ca> wrote:

>  On Thu, 2009-01-08 at 14:40 -0500, Lawrence Johnbosco wrote:
>
> > Do any of you have a working sample that implements both the WS-Security
> > UsernameToken and WS-Security Encryption together? I'm trying with two
> WSS4J
> > In and Out Interceptors - one for UsernameToken and the other for
> > WS-Security Encryption but ran into issues.
>
> Someone may have a better answer, but I managed to cobble something
> together a few months back. I wrote it up here:
>
> https://i-proving.ca/space/Technologies/Apache+CXF/Provider+Services+and
> +WS-Security
>
> The encryption part is near the bottom of the page.
>
> My posting on this list:
>
> http://www.mail-archive.com/users@cxf.apache.org/msg03037.html
>
> I wasn't especially happy with the result since the changes I made
> rendered the framework incapable of handling other sorts of encryption.
> I need to revisit the code in the near future since it turns out that
> system I'm building is using a non-standard definition of
> UsernameToken's key generation, so I'll have to include my own
> implementation of UsernameToken.
>
> If anyone has a better example, I'd love to see it as I'm sure that my
> code can be improved upon. Your idea of use multiple WSS4J interceptors
> is not something that I considered, and it may prove fruitful.
>
> Finally, there have been several notes about this in the past. I'm not
> sure that anyone has completely solved this problem to their own
> satisfaction.
>
> -Steve
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message