WS-Security support [SWS-14]

[gregturn]

Arjen Poutsma opened SWS-14 and commented

WS-Security support is one the most requested features for Spring-WS. While implementing this new feature, we should focus on the features included in WS-I's Basic Security profile.

Since Spring already has an excellent security framework in the form of Acegi, it seems best to leverage it. Furthermore, we can probably use Apache's WSS4J framework to handle the message.

Some links:
SOAP Message Security 1.0 Specification: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf
Username Token profile V1.0: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf
X.509 Token Profile V1.0: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0.pdf
WS-I Basic Security Profile: http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html
Apache's WSS4J: http://ws.apache.org/wss4j/

---

No further details from SWS-14

[gregturn]

Arjen Poutsma commented

This is in subversion now. The implementation is based on XML Web Service Security (https://xwss.dev.java.net/). The airline sample has an secure operation as well.