WSS4J provides parameters for encryption only. You may specify encryption and signature parameters separatly in most cases. Please have a look in the javadoc of WSHandlerConstants.java, parameter "ENC_KEY_ID" which maps to "encryptionKeyIdentifier" in the deployment file of the client. Using this parameter you can specify how to send/embedd a certificate into the SOAP request.
Regards, Werner > -----Ursprüngliche Nachricht----- > Von: ext angélique (JIRA) [mailto:[EMAIL PROTECTED] > Gesendet: Freitag, 15. Juni 2007 18:34 > An: [email protected] > Betreff: [jira] Created: (WSS-81) Compatibility between WSS4J > and WebLogic 9 for Encryption > > Compatibility between WSS4J and WebLogic 9 for Encryption > --------------------------------------------------------- > > Key: WSS-81 > URL: https://issues.apache.org/jira/browse/WSS-81 > Project: WSS4J > Issue Type: Bug > Environment: Web service serveur: Web Logic 9 > Web service client : axis+wss4j+bouncy castle on linux > Reporter: angélique > Assignee: Davanum Srinivas > Priority: Blocker > > > Hello, > > There is a problem of compatibility between Web Logic 9 and WSS4J. > > One one hand, when a weblogic server is configured to do > encryption only, the SOAP message generated contain a xml > node like this: > > <wsse:BinarySecurityToken wsu:Id="bst_JFDmu9E2O5K4Opex" > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > -wss-wssecurity-utility-1.0.xsd" > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > -wss-x509-token-profile-1.0#X509v3" > EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200 401-wss-soap-message-security-1.0#Base64Binary"> > XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX > XXXXXXXXXXX > </wsse:BinarySecurityToken> > > On the other hand, it's only possible with WSS4J to add the > token for signature. When using encryption alone, configuring > the client to send a SOAP message with this > BinarySecurityToken is not possible. > > Wath can I do to make a SOAP request whith an Encrypted body > AND a BinarySecurityToken in the <head> part ? > > Regards, > > Angélique > > -- > This message is automatically generated by JIRA. > - > You can reply to this email to add a comment to the issue online. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
