Apr 22nd, 2008, 12:54 PM
We want to work with HMAC-SHA1 in out web service.
I prefer to work with Spring-WS, but i saw in the API docs
"Defines which signature algorithm to use. Currently this parameter is ignored - SHA1RSA is the only supported algorithm, will be enhanced soon."
in the Wss4jSecurityInterceptor.
Does anybody knows how soon 'soon' is? Is there another way
to implement HMAC-SHA1 in Spring-WS?
Apr 22nd, 2008, 05:40 PM
Spring-WS doesn't implement WS-Security directly but rather integrates with 2 open source implementations: Sun's XWSS and Apache's WSS4J.
It means that the availability of a specific feature depends on the underlying framework.
I suggest that you check out the other alternative (if not already done), XwsSecurityInterceptor; you might find what you're looking for.
Some links to help you get started: