WSS4J-based WS-Security implementation [SWS-207]

[gregturn]

Arjen Poutsma opened SWS-207 and commented

The current implementation of WS-Security is based on SUN's XWSS, which requires SUN's JDK 1.5. This means that it cannot be used on WebSphere, for instance.

There is an alternative WS-Security implementation called WSS4J (http://ws.apache.org/wss4j/). We can use this library to build an alternative WS-Security implementation, which does not require SUN's Java 5.

---

Attachments:

• SWS-207.jar (104.46 kB)
• SWS-207.jar (104.03 kB)
• SWS-207.jar (88.70 kB)
• SWS-207.jar (78.67 kB)
• SWS-207.jar (66.04 kB)
• SWS-207.jar (55.53 kB)
• SWS-207.jar (44.64 kB)
• SWS-207.jar (27.93 kB)
• SWS-207.jar (17.24 kB)
• SWS-207.jar (13.77 kB)
• SWS-207.jar (10.35 kB)
• SWS-207.jar (9.07 kB)
• SWS-207.jar (9.07 kB)
• SWS-207.zip (49.90 kB)

Issue Links:

• 429 Add removeHeaderElement(QName) to SoapHeader

  ("depends on")

• 439 Document Wss4jInterceptor

  ("is depended on by")

Referenced from: commits https://github.com/spring-projects/spring-ws/commit/8efae9f36cd08f64d077200f97566d7a77d4d973, https://github.com/spring-projects/spring-ws/commit/a0c18b6834e2e183982072dafb7546acf930c238, https://github.com/spring-projects/spring-ws/commit/dc6b14905c6ebd672bffe123ee3b9acee84d7786, https://github.com/spring-projects/spring-ws/commit/671683bddd336791396fe79f880f96e500f2cbce, https://github.com/spring-projects/spring-ws/commit/915cd9462f902e5d0ed2bc61a9dba84ececc3932, https://github.com/spring-projects/spring-ws/commit/53fea29311552c444b3e3d5bb4b044613895a505

16 votes, 7 watchers

[gregturn]

Arjen Poutsma commented

Fixed. Many thanks to Tareq Abed Rabbo, for doing the hard work!

Note that the WSS4J still needs full reference documentation (SWS-282), coming in 1.5 RC1. In the mean time, the airline spring-ws client uses WSS4J for UsernameToken authentication, so you look there.

[gregturn]

Arjen Poutsma commented

Closing 1.5 M2 issues.