I'm looking for any way to sign/verify SOAP messages using XMLSec. Is there
any redy-to-use handler or tutorial how to write it? im new to XMLSec lib so
any good starting point will help
Very useful tutorial on JWSDP already mentioned here http://java.sun.com/webservices/downloads/webservicestutorial.html
Chapter 12. Building Web Services With JAX-RPC Section 13. SOAP with Attachments API for Java
for signing/verifying SOAP messages look chapter 24 Security.
They have quite good examples for both Handlers for server and for client.
Some other useful information if you are going to work with XML Sig/Enc is below:
1) Key management tools to generate, export or import server and client keys and certificates; there are available:
* native Java key and certificate management tool keytool included as a standard tool in J2SE distribution that support X.509 public key certificates;
* OpenPGP key tool - provides support for OpenPGP key encryption and signature; should be also installed with OpenPGP JCE Provider; both packages are available from The Cryptix Foundation Ltd. - http://www.cryptix.org/;
* IBM KeyMan needed for creating mutual trust between two entities using a certificate chains (mutual certificates with attached lineage of public certificates with common trusted root) - http://www.alphaworks.ibm.com/tech/keyman/;
2) XML Security packages available from Apache Jakarta and IBM:
* Apache XML Security library supporting XML Signature (XML Encryption is under development) - http://xml.apache.org/security/
* IBM xss4j Security suite that supports XML Encryption and Decryption Transform and aims to support XACML - http://www.alphaworks.ibm.com/tech/xmlsecuritysuite
3) don't forget tools and libraries for working with XML documents as you will need a lot of experiments with XML Sig/Enc components:
* Xerces 2.5+ XML parsers and Schema Processor (http://xml.apache.org/xerces2-j/)
* Xalan 2.1+ XSLT processor that implements XSL Transformations (XSLT) and XML Path Language (XPath).
