+1
Ideally, we also need some custom spring beans and/or an API to hide
all the WSS4J-isms in client code, because (IMO) it's really
inappropriate to expose WSS4J, as a WS-Security provider at this
level. (And I say this as a WSS4J committer). WS-SecurityPolicy
would be an appropriate choice for an API, as we've discussed before.
-Fred
On May 7, 2008, at 2:57 AM, Glen Mazza wrote:
Anyone know why WSSJOutInterceptor doesn't have the SAAJOutInterceptor
automatically added in 2.0.6 like it is already in 2.1? I would
like to
remove the instruction in our WS-Security guide which says it must
manually be added[1], since that is no longer the case at least with
2.1.
Thanks,
Glen
[1]
http://cwiki.apache.org/confluence/display/CXF20DOC/WS-Security#WS-Security-ConfiguringtheWSS4JInterceptors
WSS4J Out Interceptor (2.0.6):
http://tinyurl.com/557una
--line 54 nothing.
WSS4J In Interceptor (2.0.6):
http://tinyurl.com/6msczq
--line 75 SAAJInInterceptor is added
WSS4J Out Interceptor (2.1):
http://tinyurl.com/6borcw
--line 61 SAAJOutInterceptor added
WSS4JInInterceptor (2.1):
http://tinyurl.com/5klnud
--line 76 SAAJInInterceptor added.
