For a particular use case where I need real end-to-end security I am calling an external webservice. I mocked the webservice on my machine on another port (without security requirements). I am able to call the webservice (without any web service security implemented) as I signed my jar.
The problem is that I need to implement WSS to get the request signed in order to call the 'real' webservice. I am wondering how this could be done, bearing in mind that my applet should not get too large as it is an applet - so preferably without using any frameworks. Any body has any resources or experience on this? I'm not really sure what would be the best approach to get this started.
So this is a SOAP web service for which the XML is generated "by hand", meaning, without any framework? If you only want to use username/password authentication, then you can probably generate the appropriate SOAP headers in the same, but if you're talking about signature or encryption, then I can't imagine doing it without the help of the http://ws.apache.org/wss4j/ library.
I actually do need a signature with the corresponding certificate added to the request. I already checked the wss4j lib, but the I also need xalan, log4j, ... and the appletsize would be at least about 10MB - I would like to avoid this if possible. I would need a very lightweight framework with no dependencies