You are viewing a plain text version of this content. The canonical link for it is here.

Posted to fx-dev@ws.apache.org by Hassan Faouaz <hf...@aidatech.com> on 2005/03/31 23:53:09 UTC

BST in the security header

What I have seen in the code (WSSecurityEngine.java), wss4j doesn't
handle BST while processing a response.  It only handles currently
signature, encrypted key, and username token.  Is it true?  
 
So if a server sign a message using a cert and send the public key in
the message, there is no way for wss4j client to verify the message
using the token sent.
 
Is it in the works? Work around?
 
thanks
 
Hassan Faouaz