ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Frank Henningsen (JIRA)" <>
Subject [jira] [Commented] (WSS-645) using WSS4j to genrate WS-SecurityPolicy without CXF
Date Wed, 13 Mar 2019 10:09:00 GMT


Frank Henningsen commented on WSS-645:

Hi Colm,

sorry for coming back - but im stuck and even google/stackoverflow cant help me no more :) Ive
been looking through all streaming WS-SecurityPolicy tests and used org.apache.wss4j.policy.stax.test.AsymmetricBindingIntegrationTest
as the starting point for implementing a solution for signing/encrypting SOAP messages via
a WS-SecurityPolicy (skat-b2b-x509-policy.xml).

A lot of my implementation is taken from the WSS4J test code which seems wrong and i probably
am missing some more knowledge about WSS but im confused why its so difficult to make a simple
standalone WSS4J implementation that creates a WS header from a WS-SecurityPolicy. Due to
deadlines i need to abort my idea of using a WS-SecurityPolicy as the configuration for a
WS-Header and create a hardcoded solution that generates the WS-Header step by step. The backend
solution i need to integrate with use CXF (with WS-SecurityPolicy).

>From a developer point of view it would be beautifull with a simple quickstart example on
how to use WSS4J, using the WSS4J test code was not intuitive to me  :) 

> using WSS4j to genrate WS-SecurityPolicy without CXF
> ----------------------------------------------------
>                 Key: WSS-645
>                 URL:
>             Project: WSS4J
>          Issue Type: Improvement
>          Components: WSS4J Core
>    Affects Versions: 2.2.2
>            Reporter: Frank Henningsen
>            Assignee: Colm O hEigeartaigh
>            Priority: Minor
>         Attachments: skat-b2b-x509-policy.xml
> Dear Team WSS4J
> i have a task to sign and encrypt webservices that use a WS-SecurityPolicy (see attachmant)
in a SAP environment where sending/receiving SOAP request is not part of the solution, i only
need to transform/decorate the SOAP requests with WSS for webservices that use a WS-SecurityPolicy.
I would have liked to create a solution that given a WS-SecurityPolicy could use WSS4J to
generate the appropriate WSS header and body, but for reasons i dont understand this is only
possible using CXF.
> CXF use PolicyOutInterceptor (see [] to decorate
SOAP requests. 
> To me it seems strange that WSS4J has implemented the WS-SecurityPolicy support in another
framework (CXF) so i propose that the WS-SecurityPolicy implementation also should be supported
by the core WSS4J core :)

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message