Mar 5th, 2007, 01:09 AM
WS-Security with own siging logic
I have a backend service with the following services:
- signing a message
- validating a message signature
I want (have to) to use the backend services to excute the signing and validating of a WS-Security webservice call.
The only hook i could find in the signing mechanism is configuring my own CryptoProvider. However this option is not usable because i will never get the private key. (the private key is safely stored in the dep box)
Does somebody know how to use my own siging services together with WS-Security?
Mar 5th, 2007, 10:56 PM
Are you sure you want WS-Signature? Or do you just want XML-DSIG? In the latter case, it's pretty easy to write an EndpointInterceptor which does that...
Mar 6th, 2007, 12:59 AM
Do I have to write my own soap headers (like ds:signature element in the SOAP-ENV:Header element) with XML-DSIG?
Mar 6th, 2007, 04:10 PM
Not really. There is JSR 105 for XML DSig, see here http://java.sun.com/developer/techni...ig_signatures/ You can use that API, for instance. Or use http://xml.apache.org/security/