ws-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gene Bezrukavyy <gene.bezruka...@gmail.com>
Subject BSR security token w/o signature
Date Tue, 26 May 2015 20:29:41 GMT
Team,

I am not finding a way to add a BST token in WSS4j w/o adding a signature
token as well. This restriction is not there for verification - each token
has its own processor. Not sure why this is not an option for securement:
having a BST token w/o signature is still a better authentication token
than a UsernameToken w/o signature. Especially when a direct trust is used
(and let's assume enforced) to authenticate the token...

Please advise on this matter.


Gene

Mime
View raw message