We're doing a sort of proxy, so I need to be able to validate the signature on an incoming request without removing the security header. I also need to be able to retrieve the principal from the accompanying certificate (hence BinarySecurityToken) so that I can determine whether the requester is authorized to have the request proxied.
Unfortunately, I can't even get past signature validation because wss4j doesnt understand the BinarySecurityToken. --Chuck -----Original Message----- From: Fred Dushin [mailto:[EMAIL PROTECTED] Sent: Tue 4/24/2007 7:25 PM To: Chuck Hinson Cc: [email protected] Subject: Re: wsse BinarySecurityToken I believe WSS4J will insert an X.509 certificate into a BinarySecurityToken element in the security header, if you enable the DirectReference key identifier, when signing. Is that what you were after, or did you want to simply propagate a security token through a WS-Security header, without consideration of the security (or lack thereof) of doing so? If you want to do that latter, then no, I don't think WSS4J supports that at present, though I'm close to having a patch that supports it. It's not clear, though, whether WSS4J needs to do this, as it won't over-write a header, if it's already been inserted into a SOAP message. So theoretically, at any rate, you should be able to do the insertion and extraction of the binary token yourself, and WSS4J shouldn't interfere. Hope that helps, and anyone else please chime in with corrections! -Fred On Apr 24, 2007, at 5:17 PM, Chuck Hinson wrote: > > I see on the WSS4J project page, under the WS-Security features, the > statement "WSS4J supports X.509 binary certificates and certificate > paths" > > After some experimentation, however, it would appear that the above > statement does not mean that wsse:BinarySecurityToken is actually > supported. > > Is this correct (wsse:BinarySecurityToken is not supported)? And > if so, > would anyone care to venture what my options might be if I need to be > able to handle wsse:BinarySecurityToken? > > --Chuck > > ------------------------------------ > Chuck Hinson > Gestalt LLC > phone: 610.994.2833 > IM: chucking24 (Yahoo) > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
