All, with the next checkin a first step of the SIgnatureConfirmation feature of WSS 1.1 is done.
Because of some open issues with the spec this first implementation assumes: - generate SignatureConfirmation for every Signature of every wsse:Security header of the request - there my be several wsse:Security headers in one request (with different actor/role) - place all SignatureConfirmation elements together in one wsse:Security header of the response. This because it is not necessary that the wsse:Security headers have a one-to-one relationship with the request headers. - do not sign SignatureConfirmation yet - here are IMHO some open issues in the spec - do not encrypt even if the Signature block of the request was encrypted. I doubt if such an encryption makes sense. To enable and test this feature you need to download the source from SVN (trunk head), set the variable "enableSignatureConfirmation" to "true" (for the time being it set to "false" by default). If anybody is going to test this _and_ uses the handler chaining feature of WSS4J pls ask for additional info. In this case one specific modification in the WSDD files may be required. Regards, Werner --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
