cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wservarch <>
Subject Passing session key through soap header
Date Thu, 26 Aug 2010 04:13:19 GMT

Instead of password digest in username token, 'am taking slightly different
approach in sending username token to receiver end through soap header.

Using a session key I am encrypting my password_text, then encrypting the
session key with public key of the receiver (or endpoint).
Receiver receives both my encrypted session key and encrypted password_text.
Receiver uses it's private key to decrypt the session key, which in turn can
be used to decrypt the actual password_text.

Now the question is how to send the encrypted session key through SOAP
Header along with encrypted password_text?

If i go with username token policy, i can send encrypted password, there is
no field in it through which I can send my encrypted key.

Can some body help me know how the policy xml in wsdl going to look like?
View this message in context:
Sent from the cxf-user mailing list archive at

View raw message