Return-Path: X-Original-To: apmail-cxf-users-archive@www.apache.org Delivered-To: apmail-cxf-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 4E3B9D6A9 for ; Mon, 4 Feb 2013 00:52:07 +0000 (UTC) Received: (qmail 23427 invoked by uid 500); 4 Feb 2013 00:52:06 -0000 Delivered-To: apmail-cxf-users-archive@cxf.apache.org Received: (qmail 23258 invoked by uid 500); 4 Feb 2013 00:52:06 -0000 Mailing-List: contact users-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@cxf.apache.org Delivered-To: mailing list users@cxf.apache.org Received: (qmail 23244 invoked by uid 99); 4 Feb 2013 00:52:06 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 04 Feb 2013 00:52:06 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of jasonmpell@gmail.com designates 209.85.217.179 as permitted sender) Received: from [209.85.217.179] (HELO mail-lb0-f179.google.com) (209.85.217.179) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 04 Feb 2013 00:52:01 +0000 Received: by mail-lb0-f179.google.com with SMTP id j14so6067719lbo.24 for ; Sun, 03 Feb 2013 16:51:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:sender:date:x-google-sender-auth:message-id :subject:from:to:content-type; bh=GvWJhtsXf+j+ldNE1SamlluVLjSS80reLaB0WOMGqgU=; b=RbjwBw2KgsN/uGFR6gzlO+HJJgcsJ2M6w4i2U73yv+UDrlpbSHxkbcTxLUfAKKqHKV 6TqiE/CNJLoWIEvEbrccgLfxSLm56R6C5YY6J4ZrKyJrd3ECIJzT9JVssfY7XXdQYIw1 iRoK3XqT+UO1nHj1t0lGmm15uJumKrxUZEXFruhPqnvt2cqVUQDT2bIztyKu+VXZI1dh +zagLw8TsjxLhnrCOuL4CvepGnAG3ZKs1O2P1D8ZCi/lJVdErih5/bOkgXpLZvLQBbO5 dEvPYxp4Ki5oBEs9ezNf1zHb6KBD+XK10HJdPuPIAXmHCU+qZTZVFoRe0NuizDQ93J7w k5OQ== MIME-Version: 1.0 X-Received: by 10.152.145.8 with SMTP id sq8mr17511110lab.21.1359939099600; Sun, 03 Feb 2013 16:51:39 -0800 (PST) Sender: jasonmpell@gmail.com Received: by 10.152.128.100 with HTTP; Sun, 3 Feb 2013 16:51:39 -0800 (PST) Date: Mon, 4 Feb 2013 11:51:39 +1100 X-Google-Sender-Auth: 8H2ElsgwNwv-zeIVJoVwulEK4as Message-ID: Subject: Question about ws security policy matching From: Jason Pell To: users@cxf.apache.org Content-Type: text/plain; charset=UTF-8 X-Virus-Checked: Checked by ClamAV on apache.org Hi, I would like to configure a web service which requires one of two security mechanisms: 1) UsernamePassword + SSL (NOT MUTUAL) 2) Username only + SSL with Mutual Authentication. I was hoping to do this via WS-Policy ExactlyOnce matching, but it does not seem to work. What I was wanting to know is if I should expect it to work. I am about to jump in and debug what is actually happening but was hoping someone would help me before I got too far into it. My policy is: