Return-Path: 
 <users-return-12936-apmail-cxf-users-archive=cxf.apache.org@cxf.apache.org>
Delivered-To: apmail-cxf-users-archive@www.apache.org
Received: (qmail 58777 invoked from network); 8 Jan 2009 21:11:43 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 8 Jan 2009 21:11:43 -0000
Received: (qmail 38466 invoked by uid 500); 8 Jan 2009 21:11:37 -0000
Delivered-To: apmail-cxf-users-archive@cxf.apache.org
Received: (qmail 38427 invoked by uid 500); 8 Jan 2009 21:11:37 -0000
Mailing-List: contact users-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@cxf.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@cxf.apache.org>
List-Post: <mailto:users@cxf.apache.org>
List-Id: <users.cxf.apache.org>
Reply-To: users@cxf.apache.org
Delivered-To: mailing list users@cxf.apache.org
Received: (qmail 38416 invoked by uid 99); 8 Jan 2009 21:11:37 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 08 Jan 2009 13:11:37 -0800
X-ASF-Spam-Status: No, hits=2.2 required=10.0
	tests=HTML_MESSAGE,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of lawrence.johnbosco@gmail.com
 designates 74.125.46.157 as permitted sender)
Received: from [74.125.46.157] (HELO yw-out-1718.google.com) (74.125.46.157)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 08 Jan 2009 21:11:26 +0000
Received: by yw-out-1718.google.com with SMTP id 5so2985544ywr.6
        for <users@cxf.apache.org>; Thu, 08 Jan 2009 13:11:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from:to
         :subject:in-reply-to:mime-version:content-type:references;
        bh=RNaZo0Lj8T+dfcnPhlFIWH+gRy0wTT8rgaonQWfi3PU=;
        b=W1ezMr6lIeOzi/hIPE4Eqs+334INvANrKBRs0Al5o45fx36IN+p+b63k2pze37uy2s
         K47rPhheRfRG3pTPNU8fZ/ZPmHIP5D8KTMmGA/alYaIPgODVIp0saAGxJXVBWsGvZzuM
         VFyfJ9QbtgT57PqzVp3IoOdbCxLEmPR5LB1bo=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:to:subject:in-reply-to:mime-version
         :content-type:references;
        b=cMh7Ib+axk7Pvr/U70sScPEbsW1lC1Icv87M7FfmN1W2pMqOL+e5iUsjxtwpi2Jsn1
         IYHtbn40nFwHzOSOaYqof+AXkWy0avGhrZ9MRsxA0pEd4CYHE/sQcQ867z6ON5Yu7u+p
         AvSl1rAEKTMzvq8ATcUbZUG0FIktIHT6vyTUg=
Received: by 10.100.109.16 with SMTP id h16mr1851811anc.115.1231449064959;
        Thu, 08 Jan 2009 13:11:04 -0800 (PST)
Received: by 10.100.254.6 with HTTP; Thu, 8 Jan 2009 13:11:04 -0800 (PST)
Message-ID: <c6155b250901081311s4ab28cf8w3d7fadb53d46f044@mail.gmail.com>
Date: Thu, 8 Jan 2009 16:11:04 -0500
From: "Lawrence Johnbosco" <lawrence.johnbosco@gmail.com>
To: users@cxf.apache.org
Subject: Re: WS-Security UsernameToken and WS-Security Encryption together
In-Reply-To: <1231448605.7821.64.camel@pod2132.intware.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_Part_138647_14790843.1231449064969"
References: <c6155b250901081140vdac2cc7wd8957b35dc624cbd@mail.gmail.com>
	 <1231448605.7821.64.camel@pod2132.intware.com>
X-Virus-Checked: Checked by ClamAV on apache.org

------=_Part_138647_14790843.1231449064969
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Thanks Steve, I'll give a try.
Lawrence.

On Thu, Jan 8, 2009 at 4:03 PM, Steve Shaw <steve@intelliware.ca> wrote:

>  On Thu, 2009-01-08 at 14:40 -0500, Lawrence Johnbosco wrote:
>
> > Do any of you have a working sample that implements both the WS-Security
> > UsernameToken and WS-Security Encryption together? I'm trying with two
> WSS4J
> > In and Out Interceptors - one for UsernameToken and the other for
> > WS-Security Encryption but ran into issues.
>
> Someone may have a better answer, but I managed to cobble something
> together a few months back. I wrote it up here:
>
> https://i-proving.ca/space/Technologies/Apache+CXF/Provider+Services+and
> +WS-Security
>
> The encryption part is near the bottom of the page.
>
> My posting on this list:
>
> http://www.mail-archive.com/users@cxf.apache.org/msg03037.html
>
> I wasn't especially happy with the result since the changes I made
> rendered the framework incapable of handling other sorts of encryption.
> I need to revisit the code in the near future since it turns out that
> system I'm building is using a non-standard definition of
> UsernameToken's key generation, so I'll have to include my own
> implementation of UsernameToken.
>
> If anyone has a better example, I'd love to see it as I'm sure that my
> code can be improved upon. Your idea of use multiple WSS4J interceptors
> is not something that I considered, and it may prove fruitful.
>
> Finally, there have been several notes about this in the past. I'm not
> sure that anyone has completely solved this problem to their own
> satisfaction.
>
> -Steve
>

------=_Part_138647_14790843.1231449064969--