OIC

SOAP  Different security concern Authentication Confidentiality    Ensuring only receiver of message sees the message and not any hacker. This can be achieved by Encryption/Decription Integrity Non Repudiation Authentication Username Token Most used ways in SOAP services to authenticate It defines standard to pass username/password inside soap header The root element that wraps <wsse: Security>   <wsse: Security>     <wsse: UsernameToken>         <wsse: Username>         <wsse: Password>     <wsse: UsernameToken> <wsse: Security>  Steps to configure Configure WSS4JInInterceptor in cxf-servlet.xml for the endpoint provide a password callback handler which the interceptor will call Confidentiality Private/symmetric key Expensive as a private key should be generated for every client Public/asymmetric    Java Keytool(Key...