[jboss-user] [JBossWS] - WS-Security header encryption?
andycooper
do-not-reply at jboss.com
Wed Jul 25 11:31:56 EDT 2007
After experimenting, reading source code, and much hair-pulling, I still can't find any way to encrypt SOAP headers using JBossWS. In particular, the UsernameToken header remains unencrypted and doesn't seem to support nonce's.
Speaking of this, the documentation for the WS-Security implementation is "somewhat" lacking. Using BindingProvider.USERNAME_PROPERTY (as shown in your tests) doesn't work because its constant is different from Stub.USERNAME_PROPERTY, which is what WSSecurityDispatcher.java uses to determine whether or not to include the header. Similarly for PASSWORD_PROPERTY.
So, the question of the day is: how do you encrypt or secure a username/pasword combination sent via the WS-Security UsernameToken header that is included by means of something like
((BindingProvider)port).getRequestContext().put(Stub.USERNAME_PROPERTY, "foo);
((BindingProvider)port).getRequestContext().put(Stub.PASSWORD_PROPERTY, "foo);
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4067456#4067456
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4067456
More information about the jboss-user
mailing list