ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WSS-645) using WSS4j to genrate WS-SecurityPolicy without CXF
Date Thu, 07 Mar 2019 14:46:00 GMT

    [ https://issues.apache.org/jira/browse/WSS-645?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16786846#comment-16786846
] 

Colm O hEigeartaigh commented on WSS-645:
-----------------------------------------

The WS-SecurityPolicy implementation was historically developed at the Axis project, and subsequently
ported to CXF. Porting it to a web service stack neutral project like WSS4J is not going to
happen at this stage unless someone volunteers to do the work, as WSS4J is quite mature and
there has been no demand for this to happen up til now. One option you have though, if you
don't want to use CXF, is to use the streaming WS-SecurityPolicy implementation. That is all
done in WSS4J with only a fairly thin layer in CXF to set up the messages etc.

> using WSS4j to genrate WS-SecurityPolicy without CXF
> ----------------------------------------------------
>
>                 Key: WSS-645
>                 URL: https://issues.apache.org/jira/browse/WSS-645
>             Project: WSS4J
>          Issue Type: Improvement
>          Components: WSS4J Core
>    Affects Versions: 2.2.2
>            Reporter: Frank Henningsen
>            Assignee: Colm O hEigeartaigh
>            Priority: Minor
>         Attachments: skat-b2b-x509-policy.xml
>
>
> Dear Team WSS4J
> i have a task to sign and encrypt webservices that use a WS-SecurityPolicy (see attachmant)
in a SAP environment where sending/receiving SOAP request is not part of the solution, i only
need to transform/decorate the SOAP requests with WSS for webservices that use a WS-SecurityPolicy.
I would have liked to create a solution that given a WS-SecurityPolicy could use WSS4J to
generate the appropriate WSS header and body, but for reasons i dont understand this is only
possible using CXF.
> CXF use PolicyOutInterceptor (see [http://cxf.apache.org/using-ws-policy-in-cxf-projects)] to decorate
SOAP requests. 
> To me it seems strange that WSS4J has implemented the WS-SecurityPolicy support in another
framework (CXF) so i propose that the WS-SecurityPolicy implementation also should be supported
by the core WSS4J core :)



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


Mime
View raw message