CXF WSS4J Interceptor documentation/manual
https://stackoverflow.com/questions/12314699
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have spent a fair amount of time finding tutorials and implementing signatures and encryption on a catalog of Web Services. Now i need to extend that functionality to allow each user to have their own signature and encryption keys.
For that reason i started to look around for some actual documentation of how to use the WSS4J Interceptors, but i can't for the life of me find anything. The best i have been able to find is the SecurityConstants class description in http://cxf.apache.org/javadoc/latest/ API.
So my question is: Does anyone know where i can find some actual documentation type writings about the interceptor classes. Specifically: What can go into the object map in the interceptor constructors? How should these objects be configured?
I don't mind a lot of reading, in fact i prefer it at this point. There are a million blogs and tutorials that give basic implementation advice, but what i need is a little bit of actual documentation. Anyone?
If nothing else, i will even be satisfied with half-baked javadoc.
Solution
Please check this URL that explains about Interceptors mechanism. Its good one.
https://sites.google.com/site/ddmwsst/ws-security-impl
Best of luck.
OTHER TIPS
Honestly, I would recommend NOT using the WSS4J interceptors directly in CXF at this point. Instead, define a WS-Security policy fragment that will accurately describe the security requirements and attach that in the WSDL. Then add the appropriate properties (described http://cxf.apache.org/docs/ws-securitypolicy.html ) for the additional information the policy runtime will need.
The WS-Security Policy stuff is completely standards based and would be supported by all the various runtimes. The security requirement become part of the contract (WSDL) which is also important.
