We are implementing web service client. We need to implement ws security with username token. I was planning to use wss4j but our client said they want to use SAAJ. I know SAAJ can be used for simple web service but how can it be used in implementing ws security? Any ideas?
Joined: Mar 22, 2005
SAAJ does not implement WS-Security; wss4j does. SAAJ is a low-level API for making SOAP calls (and JAX-RPC is a higher-level API built on top of SAAJ). But neither of them deals with security.
If all you require is username/password functionality, you can probably get away with using HTTP authentication instead of WS-Security.
(Just to be clear: the client did mention SAAJ, and not JAAS?) [ October 21, 2005: Message edited by: Ulf Dittmer ]