Ok thanks.
I already found that info on xml.com, but it sounds very, very manually and very, very bad practise ?
The code uses a SignatureToken class which extends token and next a BinarySecurityTokenWithReference class that extends SignatureToken. There are three things that I don't coop with:
- The code is very messy and has 'catch Exception' all over the place
- It uses
String concatentation for appending the signed information (this can't be the way to do it ?)
- Why should we provide this kind of classes ? If we do all this work ourselves, well, then I don't need wss4j, I just append the security XML in the SOAP myself then ?
Maybe its just me, but it seems weird.
Next, I also see that wss4j has a class called "X509Security" which extends BinarySecuroty ... I don't know what it does, but I think thats the class I need.
-----
Now, I still don't see how to glue this together with axis. Even if I use those classes from XML.com I would still need axis configured to use it. But how ? ...