On Thursday 10 June 2010 3:35:16 pm Dean Andrews wrote: > I would like to expose a service that is optionally encrypted... > Is this an acceptable idea? (Or should I expose the service/port twice)
That's up to you to decide. :-) > > If has signature that is validated, if it is encrypted is decrypted. > The response is always signed. > If the request was encrypted and signed, the response is also > encrypted with alias 'useReqSigCert' > If the request was just encrypted, the response is encrypted with alias my > alias > > I suspect that I will have to create a new in PhaseInterceptor that > may switch between the two WSS4JInInterceptors base on headers and set > X in message. > And a new out PhaseInterceptor that will switch between the three > WSS4JOutInterceptors base on X set in message. > > Does this look like the correct approach? > Or is there something that does this already, are there other > properties WSS4J interceptors? Well, one option could be to just Subclass the WSS4JInInterceptor and override the method: protected void computeAction(SoapMessage message, RequestData data); to compute the actions needed for that message based on headers or whatever. That's what the Policy based things do more or less. They compute an Action based on the policies. That would solve the "in" problem. The out is a bit more problematic due to the split nature and the fact that the configureActions call is private and thus not overrideable. I would definitely be open to a patch that would make it protected or similar to make this easier to achieve. Actually, looking at the code, you MAY be able to just set an "action" property on the message and it might get picked up. Not really sure though. -- Daniel Kulp [email protected] http://dankulp.com/blog
