2 Replies Latest reply on Apr 28, 2008 3:00 AM by Alessio Soldano

    Unlocking WS-Security in Metro

    Alessio Soldano Master

      Hi Folks,
      I've just committed some tests showing how to use ws-security with the jbossws-metro stack (http://fisheye.jboss.com/changelog/JBossWS/?cs=6713). Documentation will come on the wiki.
      However the tests requiring keystore/trustore files (i.e. those involving signature and encryption) are currently disabled since the metro sources we're currently using do not scan the client/server application jars for the keystore/trustore files. This means we have to provide absolute paths to the filesystem in the configuration files to tell the stack where those files are. I found out on the wsit fisheye that more recent releases also scan the jar's META-INF folder and that's why I created JIRA-2158.

      I've also disabled the UsernameTokenProfile test since it's not possible to enable username token without using a transport security (i.e. https) or -again- message level protection (i.e. sign & encrypt). The problem with https is the same we currently have for the interop usernametoken+http tests which are excluded because they require a proper jboss-web tomcat configuration along with the references to the keystore/trustore to be used for ssl.
      Does anybody have an interesting idea about this?