Details
-
Type:
Improvement
-
Status:
Open
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: 2.2.4 (EE only), 3.0.0-M1
-
Fix Version/s: Product Backlog
-
Labels:None
-
User impact:High
-
Similar Issues:None
Description
DO:
"As Travis was showing the wss4j config I was reminded of the old Mule
1.x days: lots of magic strings and class names in the config,
everything configured as <spring:bean> elements. Since the config
happens all inside the <cxf:endpoint> element, can't we just simplify
configuration a bit by adding namespace handlers for the more common
cases? The uncommon/complex cases can still be configured using the
spring notation, though."
DD:
"I would definitely be behind adding simpler WSS4J configuration. CXF has a mechanism to make these types of configuration easier called Features which allow you to wrap up a bunch of configuration work in one class. The thing that makes this a difficult is the mind bending array of configuration possibilities 
CXF as a whole I believe is moving toward configuring security with WS-SecurityPolicy and then a few auxillary properties. See for instance here:
http://cwiki.apache.org/CXF20DOC/ws-securitypolicy.html
I haven't delved into this too much yet though.
I would probably support a hybrid approach. Supporting some simple use cases via a WSSecurityFeature and then recommending WS-SP for the others. Might earn us some good credit with the Apache guys if we contribute something like this back too - not sure how critical it is to our offering."
Issue Links
- relates to
-
MULE-4682
WSS4J (WS-Security) support for Mule independent of CXF
-
This task might be mutually exclusive with MULE-4682