I think I've got it. This verbage from WSS4J helped me out: >From package.html
The <code>WSDoAllReceiver</code> WSS4J handler takes this structure and checks if all required actions were performed. If this check fails, the WSS4J handler aborts the SOAP request and throws an Axis SOAP fault. Otherwise it creates its own data structure [EMAIL PROTECTED] org.apache.ws.security.handler.WSHandlerResult}, copies the security results in this structure, and adds the actor name of the security header. Then it stores this new data structure in a vector and stores this vector in a specific [EMAIL PROTECTED] org.apache.ws.security.handler.WSHandlerConstants#RECV_RESULTS property} of the current message context. If WSS4J handlers are chained, then every handler in the chain adds its result to the vector. The vector contains the results in handler-chain order. Thanks for the help. -- View this message in context: http://www.nabble.com/WS-Security-and-UserTokens-t1543793.html#a4240726 Sent from the XFire - User forum at Nabble.com.
