Hi, I don't want to give up on this topic.... ;-)
We want to use WS-Security with USERNAME_TOKEN, SIGNATURE and ENCRYPT all on SSL. The positive in the beginning: SSL is working :-) Everything is tested under Geronimo 2.1.1 (Apache CXF 2.02) and on Geronimo 2.1.2 (Apache CXF 2.08) *Activating USERNAME_TOKEN leads to the error described in: http://www.nabble.com/WS-Client-throws-Exception-in-WSS4JInInterceptor-td19327340.html *Activating USERNAME_TOKEN and SIGNATURE under Geronimo 2.1.1 leads to the error: 08:40:25,172 INFO [SAAJFactoryFinder] Default SAAJ universe: SUN 08:40:26,732 ERROR [CoyoteAdapter] An exception or error occurred in the container during the request processing java.lang.NoClassDefFoundError: org/apache/xml/utils/URI$MalformedURIException at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:158) Adding xalan-2.7.0.jar into Application-EAR leads to another error: 10:24:26,451 ERROR [TomcatEJBWebServiceContext] org.apache.xml.serializer.utils.WrappedRuntimeException: org.apache.xml.serializer.ToXMLSAXHandler * Additional activating ENCRYPT leads to WSHandler: Encryption: error during message processingorg.apache.ws.security.WSSecurityException: An unsupported signature or encryption algorithm was used (unsupported key transport encryption algorithm: No such algorithm: http://www.w3.org/2001/04/xmlenc#rsa-1_5) Anyone using this WS-Security functionalty successfully in a JavaEE5 Environment using EJB Annotations? -Josef BGS Beratungsgesellschaft Software Systemplanung AG Niederlassung Rhein/Main Robert-Koch-Straße 41 55129 Mainz Fon: +49 (0) 6131 / 914-0 Fax: +49 (0) 6131 / 914-400 www.bgs-ag.de Geschäftssitz Mainz Registergericht Amtsgericht Mainz HRB 62 50 Aufsichtsratsvorsitzender Klaus Hellwig Vorstand Hanspeter Gau Hermann Kiefer Nils Manegold