After experimenting, reading source code, and much hair-pulling, I still can't find
any way to encrypt SOAP headers using JBossWS. In particular, the UsernameToken header
remains unencrypted and doesn't seem to support nonce's.
Speaking of this, the documentation for the WS-Security implementation is
"somewhat" lacking. Using BindingProvider.USERNAME_PROPERTY (as shown in your
tests) doesn't work because its constant is different from Stub.USERNAME_PROPERTY,
which is what WSSecurityDispatcher.java uses to determine whether or not to include the
header. Similarly for PASSWORD_PROPERTY.
So, the question of the day is: how do you encrypt or secure a username/pasword
combination sent via the WS-Security UsernameToken header that is included by means of
something like
((BindingProvider)port).getRequestContext().put(Stub.USERNAME_PROPERTY, "foo);
((BindingProvider)port).getRequestContext().put(Stub.PASSWORD_PROPERTY, "foo);
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4067456#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...