Announcement Announcement Module
Collapse
No announcement yet.
XwsSecurityInterceptor vs Wss4jSecurityInterceptor Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • XwsSecurityInterceptor vs Wss4jSecurityInterceptor

    I am starting off a new project and I was wondering if people had opinions on which security provider (XwsSecurityInterceptor or Wss4jSecurityInterceptor) is the right way to go. Specifically does the Sun XWS or WSS4J project have more momentum? Or it is something not worth worrying about?

    Thanks,

    Ian.

  • #2
    Hi Ian,

    I'd say the first thing to take into consideration is the environment your web services are going to run in. From the manual:
    Note that the XWSS requires both a SUN 1.5 JDK and the SUN SAAJ reference implementation.
    The WSS4J interceptor does not have these requirements (see Section 7.3,
    “Wss4jSecurityInterceptor”).
    It means that if you are planning to use Axiom message factory or JDK 1.4 for instance, you will have to go for WSS4.
    As for the configuration, XWSS uses its own xml file whereas WSS4J's configuration is property-based. Aside from that, I think that both choices offer (more or less) the same functionalities and they both integrate with Acegi/Spring Security. I recommend that you consult the reference manual to get the feel of both alternatives.
    Anyhow, both solutions are implemented as edpoint interceptors so you could switch from one to another at a later point without impacting the design of your services.

    Comment

    Working...
    X