This week's book giveaway is in the Jobs Discussion forum.
We're giving away four copies of Java Interview Guide and have Anthony DePalma on-line!
See this thread for details.
The moose likes Web Services and the fly likes SAAJ and Ws security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java Interview Guide this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "SAAJ and Ws security" Watch "SAAJ and Ws security" New topic

SAAJ and Ws security

D. Rose
Ranch Hand

Joined: Apr 25, 2003
Posts: 215
We are implementing web service client. We need to implement ws security with username token.
I was planning to use wss4j but our client said they want to use SAAJ.
I know SAAJ can be used for simple web service but how can it be used in implementing ws security? Any ideas?
Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42965
SAAJ does not implement WS-Security; wss4j does. SAAJ is a low-level API for making SOAP calls (and JAX-RPC is a higher-level API built on top of SAAJ). But neither of them deals with security.

If all you require is username/password functionality, you can probably get away with using HTTP authentication instead of WS-Security.

(Just to be clear: the client did mention SAAJ, and not JAAS?)
[ October 21, 2005: Message edited by: Ulf Dittmer ]
I agree. Here's the link:
subject: SAAJ and Ws security
It's not a secret anymore!