[jbossws-dev] [Design of JBoss Web Services] - Unlocking WS-Security in Metro

[alessio.soldano@jboss.com]

Hi Folks,
I've just committed some tests showing how to use ws-security with the jbossws-metro stack (http://fisheye.jboss.com/changelog/JBossWS/?cs=6713). Documentation will come on the wiki.
However the tests requiring keystore/trustore files (i.e. those involving signature and encryption) are currently disabled since the metro sources we're currently using do not scan the client/server application jars for the keystore/trustore files. This means we have to provide absolute paths to the filesystem in the configuration files to tell the stack where those files are. I found out on the wsit fisheye that more recent releases also scan the jar's META-INF folder and that's why I created JIRA-2158.

I've also disabled the UsernameTokenProfile test since it's not possible to enable username token without using a transport security (i.e. https) or -again- message level protection (i.e. sign & encrypt). The problem with https is the same we currently have for the interop usernametoken+http tests which are excluded because they require a proper jboss-web tomcat configuration along with the references to the keystore/trustore to be used for ssl.
Does anybody have an interesting idea about this? 

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4146888#4146888

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4146888