I’ve just completed some work on WS-Security interoperability between Microsoft WSE 2.0 SP2 and Sun JWSDP 1.5 (the new version released a couple of weeks back).
Overall, things went really well. The JWSDP implementation has changed quite a bit since 1.4, despite being only a point release.
Noted differences are:
- WS-Security is now FCS (released) as opposed to EA (Early Access) in 1.4.
- JKS stores are now configured through a separate server-security-env.properties file as opposed to an 8443 connector in Tomcat.
- A SecurityEnvironmentHandler is provided to better configure callbacks on certificate requests
- The wscompile tool now appears as an ANT task in the samples (as opposed to a separate batch file).
Good stuff – and WSS interoperability using X509 certs is flawless between the two. I’ve updated my previous MSDN article and sample code, and expect to see it live before the end of the month.
One thing that I have been putting some thought into: Wouldn’t it be neat to have a tool that configures the public / private key portions for both the Windows certificate store and a JKS? For example, a tool that swaps the public portion of the certificates, and configures the WSE policy file and Sun’s JWSDP security config files for you automatically?
I’m not sure how this would work over multiple machines, but it would definitely make my setup a lot easier! <g>