WSS4J & WS Broker Service

[Abdul Ashik <ab...@gmail.com>]

Hi guys,

I've got WSS4J 1.1.0 + Axis 1.2.1 working between two nodes. My question is
what's the best way to use it when a Web Service Broker is used? e.g.
scenario:

1. Web app consumer app --> sends request to WS broker (uses WSS4J to
sign/encrypt)
2. WS Broker (a wrapper SOAP interface to underlying JMS/MOM) --> routes the
message to the real Target web service
3. Target web service processes the request and sends reply back via the WS
Broker.

Given the above scenario, is there a way to avoid the WS Broker to verify
sig/decrypt and then sign/encrypt (again) to route to target web service?

In some scenarios, the WS Broker will need to decrypt the message (e.g. if
it needs to transform/enrich the message) but in a lot of cases, we'll be
using it to simply route the message to the target web service (e.g. it will
do lookup to UDDI). In this case it is simply acting as "middle-man".

Is the above scenario outside the scope of WSS4J? If yes, is there a
workaround and what are the WS-* specification(s) that recommend how to go
about doing the above.

Any help/advice will be much appreciated.

Many thanks,
Ash