I have to implement oasis ws-security (using username token) for accessing web service. Does anybody have experience with wss4j? Can I use any other open source software? Any guidance would be helpful.
WSS4J is good for implementing the standard WSS, some other tools (or API's) you can use jointly could be Apache SOAP or Axis (Axis is helpful for deploying web services including security assertions).
I hope this will be helpful, so if you have any questions just let us know
Luis Canizares Quito, Ecuador
Joined: Apr 25, 2003
I have installed wss4j and experimenting with it.
It seems wss4j provides default Crypto provider called Merlin.
It worked fine when I copied keys subdirectory of wss4j installation in myclasspath.
It is not clear what keys and certificates this subdirectory holds and how they are used. Is there any good reference for wss4j? I do not want to test a secure web service client which send user name token. [ September 19, 2005: Message edited by: D. Rose ]