Hello, I'm not sure how important a use case this is, but does CXF have the ability to encrypt the soap:header differently from the soap:body? Perhaps a typical example might be accessing bank account information--an intermediary node (with its own private key) could be used to check the SAML or other security token specified in the soap:header while the business service (with a different private key) could decrypt the actual bank account information in the soap:body. In this case, the client would need to encrypt the soap:header and soap:body with different public keys for this system to work.
I would guess a way to implement this would be to configure two WSS4JOutInterceptors[1], specifying different encryptionParts (one for header, one for body)--would that be workable? If necessary, I can add a JIRA enhancement request for this. I think I'll ask the same question on the Metro list for this. Regards, Glen [1] http://www.jroller.com/gmazza/entry/implementing_ws_security_with_the#PKICXF5 (Step 5, substep 1) -- View this message in context: http://www.nabble.com/Can-CXF-encrypt-the-soap%3Aheader-and-soap%3Abody-with-different-keys--tp19382497p19382497.html Sent from the cxf-dev mailing list archive at Nabble.com.
