May 14

A couple of years ago I worked out how to supplement WS-Security infrastructure in Java CAPS 5.1.1 with additional services that WS-Security 1.0 (2004) supports, namely SOAP Message Security, X.509 Certificate Token Profile and Timestamp Token Profile. Together these provide Java CAPS solutions with XML Digital Signatures, XML Encryption, Sun Access Manager-mediated Username-based authentication and Timestamp support.

The attached document is 1 and a half years old. It makes statements about Username Token support in Java CAPS 5.1.1 being broken. Java CAPS 5.1.3 supports Username Token just fine so these statements are no longer true. Java CAPS 5.1.3 U2 adds a mechanism for hooking SOAP envelope handlers into the Java CAPS Web Services framework so what I did and described in the document can now be done differently – perhaps better and more transparently. I have not tried.

This material is provided on request on “all care but no responsibility” basis. Sun Java CAPS Support will not support this and neither will I. JAC-RPC from WSDP 2.0, which is at the heart of the implementation, is deprecated and has long since been replaced by WSIT/JAC-WS/Tango. Still, here it is if anyone is interested.

JCAPS with JWSDP 2.0, Implementing WS-Security_1.1_JCAPS5.1.1.pdf” – discussion paper

Supporting materials are over 40Mb so I can’t post them to the blog. If anyone is interested says so.

Well, someone said so. The archive,, is posted. Please understand that this is “all care and no responsibility” material. I don’t have the time to spend working through issues with individual people. It all worked at the time I put it together and on occasions since. It ought to work for you as well 🙂

2 Responses to “Java CAPS 5.1, Implementing WS-Security 1.0 (2004) with JAX-RPC”

  1. Christian Brennsteiner says:

    hi michael,

    thanks for sharing.
    i always appreciate such inputs.

    regards chris

  2. […] Message Handlers. This is an update to my 3 year old Java CAPS 5.1 document on this topic, “Java CAPS 5.1, Implementing WS-Security 1.0 (2004) with JAX-RPC“. In this “release” Access Manager support for Username Token Profile has been […]

Leave a Reply

preload preload preload