Hi, I'd like to know if WSS4J provides symmetric key signatures.
I need to develop a web service client in java which has to sign messages with a symmetric key, using the algoritm HMAC-SHA1 (http://www.w3.org/2000/09/xmldsig#hmac-sha1). The client also has also to validate signed messages received from server which uses the same symmetric key.<http://www.w3.org/2000/09/xmldsig#hmac-sha1> This is imposed by the service and there is no choice.<http://www.w3.org/2000/09/xmldsig#hmac-sha1> For example, I have seen that Sun's XWS Security framework doesn't provide signing but yes validating de signature with symmetric keys. Does WSS4J provide both signing and validating? If yes, some guide about how to write WSS4J security xml configuration would be very appreciated. How to inform the symmetric key to the framework? I only have seen examples of how to inform keystores and certificates. Thank you very much.
