I'd say this use-case is probably too complicated to be handled by the WSHandler implementations. You're probably better off using the WSS4J API's directly to construct the security header.
> Is it possible to have an additional element signed? does WSS4J support this? Yes. Just add the QName to WSHandlerConstants.SIGNATURE_PARTS. I'm not sure if this will work for an element in another security header though, I've never tried it. Colm. ________________________________ From: R1ch [mailto:[email protected]] Sent: 11 August 2009 21:04 To: [email protected] Subject: Adding Elements to WS-Security Header CXF 2.2 and WSS4J 1.5.8 Hello all, I have a working webservice configured with WSS4JOutInterceptor to insert a signed SAML token. Now I'm trying to insert a custom Element before the signature occurs so that my Element is also signed. I managed to insert the Element in a CXF intercpetor before the WSS4JOutInterceptor. However my Element appears after the <wsse:Security> element in the <soap:Header>. I sent a similar email to the CXF mailing list and they suggested a different method where I wrap my element in a <wsse:Security>, I tried that and now I have 2 <wsse:Security> elements in the <soap:Header>. Is it possible to have an additional element signed? does WSS4J support this? Also doesn't the spec say that there should only be one <wsse:Security> element per recipient? is that verification the responsibility of CXF or WSS4J? thanks
