Hi guys,
I've got WSS4J 1.1.0 + Axis 1.2.1 working between two nodes. My
question is what's the best way to use it when a Web Service Broker is
used? e.g. scenario:
1. Web app consumer app --> sends request to WS broker (uses WSS4J to sign/encrypt)
2. WS Broker (a wrapper SOAP interface to underlying JMS/MOM) --> routes the message to the real Target web service
3. Target web service processes the request and sends reply back via the WS Broker.
Given the above scenario, is there a way to avoid the WS Broker to
verify sig/decrypt and then sign/encrypt (again) to route to target web
service?
In some scenarios, the WS Broker will need to decrypt the message (e.g.
if it needs to transform/enrich the message) but in a lot of cases,
we'll be using it to simply route the message to the target web service
(e.g. it will do lookup to UDDI). In this case it is simply
acting as "middle-man".
Is the above scenario outside the scope of WSS4J? If yes, is there a
workaround and what are the WS-* specification(s) that recommend how to
go about doing the above.
Any help/advice will be much appreciated.
Many thanks,
Ash
