Hi guys, I have a simple BPEL process with receive, invoke, reply activities, where the Web Service (in axis2) being invoked, is also secured with WS-Security. The request for that BPEL process should be secured as follows:
1.) Timestamp in the wsse:Header 2.) signature of that timestamp with X509v1 certificat 3.) encryption of the element <creditCard/> (which is somewhere in the body) with X509v1 certificate After the signature is verified and <creditCard/> decrypted, the <creditCard/> element is copied into the request for the WebService and that request is secured in the same manner(with a different key of course), which means: 1.) Timestamp in the wsse:Header 2.) signature of that timestamp with X509v1 certificat 3.) encryption of the element <creditCard/> (which is somewhere in the body) with X509v1 certificate The whole security should be configured through WS-SecurityPolicy. Could someone tell me the right configuration? I've been fighting with that for some days and still got no solution. My environment is: apache ode 1.3.2. axis 1.4 rampart 1.4 jdk 1.5 Thank you very much in advance. Filip
