Extract only ws-sec portion that works with acegi?
I write applications in an ESB-like framework that uses Spring and Maven1, running in WebLogic 8.1.4. We don't use Axis on the server side, we just have a custom HTTP listener that dispatches to a bean based on a SOAP address header.
I apologize if I'm asking trivial questions about Spring-WS and Acegi, I'm just today starting to examine these two packages.
Up to this point, we haven't had to implement security for any services. However, I'm going to have to do this soon for some specific services. I can see that using Acegi to implement Basic auth against our LDAP will be pretty straightforward. However, I'd like to consider the possibility of using WS-Security, UserNameToken at least. Acegi doesn't provide this, but I imagine that Spring-WS does. However, I can't use all of Spring-WS, as I can't replace our listeners our dispatching system.
Is it possible to just use the WS-Security portion of Spring-WS, which plugs into Acegi, to authenticate and authorize web services?
If that's the case, is the WS-Security implementation in M1 and the upcoming M2 solid enough to consider using for this?
Using WS-Security under Weblogic 10 (signature)
I've read this post and also the one from BEA. I think my problem is related to SAAJ, but no suggested configuration (here or there) works. I receive this exception:
Weblogic 10 signature solved
I have SAAJ 1.3 libraries on my APP-INF/lib directory and I've included these lines on my context:
It works, but I don't understand why. It seems like declaring SAAJ 1.1. usage?
<bean id="messageFactory" class="org.springframework.ws.soap.saaj.SaajSoapMessageFactory">
I'm also using XWSS 3.0 (xws-security-3.0.jar, xmlsec-1.3.jar and xmldsig-1.0.2.jar). Anyway it was a BEA configuration problem, no related to Spring WS.