这个值是WSS4J能够识别的特殊名称,这表示应该使用请求签名所用的客户机证书对响应进行加密。
This value is a special name recognized by WSS4J to mean that the client certificate used to sign the request should be used to encrypt the response.
从实践的角度来看,这就使得证书身份验证不可行,使用自签署证书和服务器来进行服务器通信的特殊情况除外。
As a practical matter, except for special case situations using self-signed certificates and server to server communication, this makes certificate authentication infeasible.
证书身份验证可能导致两种非常特殊的风险。
应用推荐