[
https://issues.apache.org/jira/browse/WSS-131?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12610011#action_12610011
]
Fred Dushin commented on WSS-131:
---------------------------------
There could be -- it depends on how much work you want to do.
First, let me reiterate that while some work has been made to make actions
replaceable in WSS4J, that work was not completed for 1.5.4 -- the work for
processor replaceability is in place, but action replaceability had lower
priority (for the work I'm doing). So we could potentially raise the priority
of this, but it needs to be weighed against other work for 1.5.5.
Second, note that WSS4J has effectively a 2-layered API -- the "core" API is
used to interface at the DOM level with messages (typically SAAJ-based
interfaces). This is a lower-level API than what I've called the "handler"
API, which is a really a set of base classes that can be extended for various
middleware stacks. I believe Axis uses these interfaces, as does XFire and
CXF, in order to plug in to the various middleware interceptor APIs. (There is
no standard interface API, unlike in the world of CORBA, for example).
So an approach you could take, in the absence of a fix to WSS4J on action
replaceability, is to write a CXF interceptor which manually inserts your
WS-Security extension to the SAAJ message. You can do this before or after the
WSS4JOutInterceptor fires, as WSS4J should be smart enough to add data to an
existing security header, and not overwrite any existing contents.
I hope that helps.
> no support for extension of SecurityHeader
> ------------------------------------------
>
> Key: WSS-131
> URL: https://issues.apache.org/jira/browse/WSS-131
> Project: WSS4J
> Issue Type: Improvement
> Components: WSS4J Handlers
> Affects Versions: 1.5.4
> Reporter: Lisa Penninger
> Assignee: Ruchith Udayanga Fernando
>
> The WSS SecurityHeader schema definition is extensible to allow different
> types of security information to be included, i.e., I could define a FooToken
> in my schema and include it in the SecurityHeader in addition to my
> UsernameToken. However, wss4j seems to actively prevent this, throwing an
> exception if an unrecognized token is found.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
