I would like to expose a service that is optionally encrypted... Is this an acceptable idea? (Or should I expose the service/port twice)
If has signature that is validated, if it is encrypted is decrypted. The response is always signed. If the request was encrypted and signed, the response is also encrypted with alias 'useReqSigCert' If the request was just encrypted, the response is encrypted with alias my alias I suspect that I will have to create a new in PhaseInterceptor that may switch between the two WSS4JInInterceptors base on headers and set X in message. And a new out PhaseInterceptor that will switch between the three WSS4JOutInterceptors base on X set in message. Does this look like the correct approach? Or is there something that does this already, are there other properties WSS4J interceptors?
