I believe WSS4J will insert an X.509 certificate into a
BinarySecurityToken element in the security header, if you enable the
DirectReference key identifier, when signing.
Is that what you were after, or did you want to simply propagate a
security token through a WS-Security header, without consideration of
the security (or lack thereof) of doing so?
If you want to do that latter, then no, I don't think WSS4J supports
that at present, though I'm close to having a patch that supports
it. It's not clear, though, whether WSS4J needs to do this, as it
won't over-write a header, if it's already been inserted into a SOAP
message. So theoretically, at any rate, you should be able to do the
insertion and extraction of the binary token yourself, and WSS4J
shouldn't interfere.
Hope that helps, and anyone else please chime in with corrections!
-Fred
On Apr 24, 2007, at 5:17 PM, Chuck Hinson wrote:
I see on the WSS4J project page, under the WS-Security features, the
statement "WSS4J supports X.509 binary certificates and certificate
paths"
After some experimentation, however, it would appear that the above
statement does not mean that wsse:BinarySecurityToken is actually
supported.
Is this correct (wsse:BinarySecurityToken is not supported)? And
if so,
would anyone care to venture what my options might be if I need to be
able to handle wsse:BinarySecurityToken?
--Chuck
------------------------------------
Chuck Hinson
Gestalt LLC
phone: 610.994.2833
IM: chucking24 (Yahoo)
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
