After doing some research (i.e., Googling), I am not still not certain as to whether encrypting and signing the WS-Security SOAP Header elements is allowed or not according to standards. If it is allowed, then how can I configure this using Spring Web Service Security, specifically WSS4J? I have no problems encrypting and signing the content of the Body.
Is there a way to encrypt/sign WS-Security elements? Page Title Module
Move Remove Collapse