Hi, I have raised that issue before [1], but I was wondering if I can ask again. I am dealing with a lot of WS-Trust calls in which I need to be able to specify a security token reference in my message body. A lot of times, this token has not yet been created at the time of payload creation as I am relying on WSS4J/Rampart signing/encryption/UT. So I run into a chicken-and-egg problem - I do not know in advance what the wsu:Id attribute for the wss4j-generated tokens and I cannot adjust post-security by writing my own handler because the message is already signed.
So, in the JIRA I opened awhile back, I suggest that the security engine calls back the client when needs an wsu:Id instead of using its own generator. In the callback, it would somehow refer to the element which needs it (some type of context data?, xpath) so the caller can provide the correct id that is being refered to. Another alternative is to add an option, the caller to specify an wsu:Id along with the policy that generates the element consuming the ID. Thoughts? Best Regards, George Stanchev [1] http://issues.apache.org/jira/browse/RAMPART-15 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ********************************************************************** --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
