...
- Pass authentication tokens between services
- Encrypt messages or parts of messages
- Sign messages
- Timestamp messages
Currently, CXF implements CXF relies on WSS4J in large part to implement WS-Security by integrating WSS4J. To use the integration, you'll need to configure these interceptors and add them to your service and/or client as detailed in this article. Alternatively. Within your own services, WS-Security can be implemented activated by using WS-SecurityPolicy, which provides a more comprehensive and sophisticated validation of the security properties of a received message. A non-WS-SecurityPolicy approach is usually also possible by way of CXF interceptors added to your service and/or client as detailed in this article.
Overview of encryption and signing
...