cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dennis Sosnoski <...@sosnoski.com>
Subject Re: Best practice of using external WS-Policy files with CXF?
Date Tue, 19 Nov 2013 11:26:01 GMT
Hi Sam,

This page discusses how policies are defined in CXF: 
http://cxf.apache.org/docs/how-to-define-policies.html It sounds like 
you want to use the "Dynamically via message property" option discussed 
at the bottom of the page. There's example code for this here: 
https://github.com/SaurabhMIttal/SecurityPolicy/tree/master/cxfTestWeb I 
haven't tried it out, but it looks reasonable.

There have also been several discussions of this one the mailing list, 
including 
http://cxf.547215.n5.nabble.com/Dynamicall-y-define-WS-Policy-in-CXF-td5713085.html 
and http://comments.gmane.org/gmane.comp.apache.cxf.user/27569

Regards,

   - Dennis

Dennis M. Sosnoski
Java Web Services Consulting <http://www.sosnoski.com/consult.html>
CXF and Web Services Security Training 
<http://www.sosnoski.com/training.html>
Web Services Jump-Start <http://www.sosnoski.com/jumpstart.html>

On 11/20/2013 12:01 AM, Sam wrote:
> Hi all,
>
> I found many sample policy files within 
> /apache-cxf-2.7.6-src/rt/ws/security/src/test/resources/org/apache/cxf/ws/security/wss4j

> that don't use wsu:Id attribute at all in <wsp:Policy>, i.e. 
> <wsp:Policy wsu:Id="test_policy">.
> This implies the WSDL doesn't even need to use <wsp:PolicyReference> 
> to use them. Instead these policy files use something like the 
> following to refer to parts of WSDL.
>
>       <sp:SignedParts>
>         <sp:Body/>
>         <sp:Header Name="Header" Namespace="http://www.sdj.pl"/>
>       </sp:SignedParts>
>       <sp:SignedParts>
>         <sp:Body/>
>         <sp:Header Namespace="http://www.sdj.pl"/>
>       </sp:SignedParts>
>
>         or use xpath like
>
>     <sp:EncryptedElements>
>         <sp:XPath>//soap:Body</sp:XPath>
>       </sp:EncryptedElements>
>
>        <sp:SignedElements>
>         <sp:XPath>//ser:Header</sp:XPath>
>       </sp:SignedElements>
>
> So just to confirm, is CXF capable of applying these reusable, 
> external WS-Policy files to WSDL at runtime without modifying WSDL to 
> use <wsp:PolicyReference>?
> What is the best practice of applying external WS-Policy files with CXF?
>
> I see no need to use <wsp:PolicyAttachment> at all if the above 
> approach work for CXF. <wsp:PolicyAttachment> seems much less flexisble.
> All the CXF examples and forum discussions I read seem to suggest it's 
> best to embed policy within WSDL but I can't see CONs of useing 
> external WS-Policy files like above.
>
> What am I trying to do? I read the link 
> http://ashakirin.blogspot.co.nz/2013/04/cxf-security-getting-certificates-from.html 
> and try to implement a WS client that can apply WS-Policy dynamically 
> at run time  without touching WSDL.
>
> Thanks in advance,
>
> Sam
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message