cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrei Shakirin <ashaki...@talend.com>
Subject RE: WS-SecurityPolicy seems to be ignored on client side
Date Fri, 25 Oct 2013 07:31:18 GMT
Hi,

I see that the wsdl wasn't referenced in your jaxws:client configuration.
In this case client will started, but doesn't apply the policy. 
Do you bind you policy in other way (annotations, etc)? 
If not, I would try the following:

<jaxws:client id="client" 
  xmlns:serviceNamespace="wsdl namespace"
  serviceName=" serviceNamespace:wsdl service name"
  endpointName="serviceNamespace:wsdl port name"
  wsdlLocation="location of your wsdl containing the policy"
  serviceClass="org.apache.camel.example.reportincident.ReportIncidentEndpoint"
  address="http://fnd2012:9087/report">
        <jaxws:properties>
            <entry key="ws-security.username" value="User" />
            <entry key="ws-security.password" value="Pass" />
        </jaxws:properties>
    </jaxws:client>

Regards,
Andrei.

> -----Original Message-----
> From: markh [mailto:mw_hodges@hotmail.com]
> Sent: Donnerstag, 24. Oktober 2013 12:31
> To: users@cxf.apache.org
> Subject: WS-SecurityPolicy seems to be ignored on client side
> 
> Hi,
> 
> I have a CXF web service with a security policy defined in the WSDL (based on
> one of the examples I think), it works almost fine when called from SoapUI. I
> say almost because it returns security info in the response which I believe it
> shouldn't do, based on what the spec says about AlwaysToRecipient, but
> that's a different problem.
> 
> 	<wsp:Policy wsu:Id="UsernameTokenPolicy">
> 				<sp:UsernameToken
> 
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-
> securitypolicy/200702/IncludeToken/AlwaysToRecipient">
> 					<wsp:Policy>
>         				<sp:WssUsernameToken11/>
> 					</wsp:Policy>
> 
> 				</sp:UsernameToken>
> 	</wsp:Policy>
> 
> The problem I am seeing is security headers are not added by the client
> when relying on the policy in the WSDL. Neither of the following
> configurations
> work:
> 
>      <jaxws:client id="client"
> 
> serviceClass="org.apache.camel.example.reportincident.ReportIncidentEnd
> point"
>         address="http://fnd2012:9087/report">
>         <jaxws:properties>
>             <entry key="ws-security.username" value="User" />
>             <entry key="ws-security.password" value="Pass" />
>         </jaxws:properties>
>     </jaxws:client>
> 
> 	<jaxws:client id="client"
> 
> serviceClass="org.apache.camel.example.reportincident.ReportIncidentEnd
> point"
> 		address="http://fnd2012:9087/report">
> 		<jaxws:properties>
> 			<entry key="ws-security.username" value="User" />
> 			<entry key="ws-security.callback-handler"
> value-ref="myPasswordCallback"/>
> 		</jaxws:properties>
> 	</jaxws:client>
> 
> However it works if I configure a WSS4JOutInterceptor as follows:
> 
>     <jaxws:client id="client"
> 
> serviceClass="org.apache.camel.example.reportincident.ReportIncidentEnd
> point"
>         address="http://fnd2012:9087/report">
>         <jaxws:outInterceptors>
>             <bean
> class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
>                 <constructor-arg>
>                     <map>
>                         <entry key="action" value="UsernameToken"/>
>                         <entry key="user" value="User"/>
>                         <entry key="passwordType" value="PasswordText"/>
>                         <entry key="passwordCallbackRef"
> value-ref="myPasswordCallback"/>
>                     </map>
>                 </constructor-arg>
>             </bean>
>         </jaxws:outInterceptors>
>     </jaxws:client>
> 
> Any ideas where I am going wrong?
> 
> TIA
> 
> Mark
> 
> 
> 
> 
> 
> --
> View this message in context: http://cxf.547215.n5.nabble.com/WS-
> SecurityPolicy-seems-to-be-ignored-on-client-side-tp5735502.html
> Sent from the cxf-user mailing list archive at Nabble.com.

Mime
View raw message