Hi David, Ws-Trust and WS-Secure Conversation is being implemented in WSS4J. But right now the implementations are going through some major re-factoring and still incomplete. Therefore at the moment you CANNOT use WSS4J to get the WS - Sec Conv and WS -Trust functionalities :-(.
Best regards Ruchith On 6/20/05, Davide Romanini <[EMAIL PROTECTED]> wrote: > Hi, > > I writing a WebService that should be consumed by a .NET client with > WSE2 and I'm asked to secure the WS using WS-SecureConversation. I know > that the initial authentication (to obtain a SecurityContextToken) > should happen using X.509 certs. I wuold like to use WSS4j for this, but > I don't find so much documentation about this. I builded the source from > CVS and I heard that someone is using WSS4J in such contexts. I looked > around the source but it's a bit hard to understand how to configure it. > > Specifically I don't understand what piece of code actually handles the > RequestSecurityToken for initialization of the Context and how to > configure it to authenticate using X.509. > I know also that the context can be initialized by the requestor sending > an unsolicited RSTR in the header of the SOAP message (correct me if I'm > wrong). WSS4J can handle this? > Moreover the .NET client seems to use the Entropy tag to establish the > Context, WSS4J works with that? > > Please any help to better understand how to configure WSS4J is > appreciated. > > Thanks, > Davide Romanini > > -- Ruchith Fernando www.ruchith.org
