Hello WSS4J-gurus! I've got a principle question about the parameters I have to give for the "WSDoAllSender":
I want to allow only signed (and later on: encrypted) requests for a given webservice. So I created two keystores like described under http://www.devx.com/Java/Article/28816/1954 - a "server.keystore.jks" and a "client.keystore.jks". And I imported the "clientkey" (included in "client.keystore.jks") into the "server.keystore.jks". Then I created two "crypto.properties", a "client_deploy.wsdd" and a "server-config.wsdd". Everything works out fine, but: Why do I have to define a "passwordCallbackClass" and a "user" for this configuration? I think that everything I need for the keystore is defined in the "crypto.properties"-file - isn't it? I don't want any specific user or a password-authentication, I just want the request to come from a trusted client (verified via signature). In the deployment-descriptors I tried to omit the user and got a "Empty username for specified action". If I omit the passwordCallbackClass I get "application provided null or empty password". Why does WSS4J force me to set username and a password if I don't want to have them? Or did I read over something (in all the tons of howtos I read)? Thanks a lot in advance for any hint! Stephan --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
