Hello,
I wasn't aware that someone was working in this issue.
I have done a slight modification of the Jsr181Endpoint( not http
endpoint)...
only a new attribute to be able of manage a list of security handlers and
then
the descriptor looks like the following code (inside >>> <<<).
Seems that works ok to manage a user token, but I haven't test yet the
encryption
and signature of the envelope.
With this approximation you can sign and encrypt the envelope with your
response,
not only decrypt and verify the request envelope.
In this way you also can write your customized handler for the user token,
say for example writing your own code to validate the user against a ldap
server.
What you think of this way to achieve WSS4J support ?
>>>
<jsr181:endpoint pojoClass="org.codehaus.xfire.demo.BookService"
annotations="none"
service="demo:simple-service"
endpoint="simple-service">
<jsr181:inHandlers>
<secure:handler
handlerClass="org.codehaus.xfire.util.dom.DOMInHandler" />
<bean
class="org.codehaus.xfire.security.wss4j.WSS4JInHandler" xmlns="">
<property name="properties">
<props>
<prop key="action">UsernameToken</prop>
<prop
key="passwordCallbackClass">org.codehaus.xfire.demo.PasswordHandler</prop>
</props>
</property>
</bean>
<secure:handler
handlerClass="org.codehaus.xfire.demo.ValidateUserTokenHandler" />
</jsr181:inHandlers>
</jsr181:endpoint>
</beans>
<<<
--
View this message in context:
http://www.nabble.com/about-security-question-tf2478893.html#a6949535
Sent from the ServiceMix - User mailing list archive at Nabble.com.
