Hi Unfortunately, no WS-SecurityPolicy is supported by CXF at this point of time though I believe people are planning to gradually add the support for it. The only workaround I can suggest at this point of time is to translate WS-PolicySecurity settings into corresponding CXF configuration properties, possibly using an XSLT stylesheet. I appreciate it's not what a user would typically expect to do :-) but that is what needs to be done now. WS-Adrressing policy is supported but I believe the reason it's not enforced is that the policy engine does not recognize one of the required policy assertions listed in <All>, which is <sp:SymmetricBinding>. WS-RM is supported too.
Hope this clarifies the issue... Cheers, Sergey ----- Original Message ----- From: "Haselmann, Till" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Friday, September 21, 2007 8:39 AM Subject: Problems with Policy file Hello everybody, I have created a Web Service using Sun's Metro stack (i.e., JAX-WS + WSIT). For this, I also created a policy file that works well with the WSIT implementation of WS-Policy/WS-SecurityPolicy/... Now, I would like to create a CXF-based Web Service + client for the same WSDL/Policy file. The Policy looks more or less like this (I cut some parts to save space): <?xml version="1.0" encoding="UTF-8"?> <definitions targetNamespace="http://computernoma.de/AlgebraService"; xmlns="http://schemas.xmlsoap.org/wsdl/"; ... xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; xmlns:sc="http://schemas.sun.com/2006/03/wss/client"; xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy"; xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"; xmlns:wsaws="http://www.w3.org/2006/05/addressing/wsdl"; xmlns:wsrm="http://schemas.xmlsoap.org/ws/2005/02/rm/policy";> <wsp:UsingPolicy/> <types>...</types> <message ...>...</message> <portType name="AlgebraServicePortType"> <wsdl:operation name="Evaluate"> <wsdl:input name="Request" message="ns:EvaluationRequest" /> <wsdl:output name="Response" message="ns:EvaluationResponse" /> </wsdl:operation> </portType> <binding name="SOAPportBinding" type="ns:AlgebraServicePortType"> <wsp:PolicyReference URI="#SOAPBindingPolicy"/> <soap:binding transport="http://schemas.xmlsoap.org/soap/http"; style="document" /> <wsdl:operation name="Evaluate"> <soap:operation soapAction="urn:Evaluate" style="document" /> <wsdl:input name="Request"><soap:body use="literal" /></wsdl:input> <wsdl:output name="Response"> <soap:body use="literal" /></wsdl:output> </wsdl:operation> </binding> <service ...>...</service> <wsp:Policy wsu:Id="SOAPBindingPolicy"> <wsp:ExactlyOne> <wsp:All> <wsaws:UsingAddressing xmlns:wsaws="http://www.w3.org/2006/05/addressing/wsdl"; /> <!--<wsrm:RMAssertion/>--> <sp:SymmetricBinding> <wsp:Policy> ... </wsp:Policy> </sp:SymmetricBinding> <sp:Wss10> <wsp:Policy> <sp:MustSupportRefKeyIdentifier /> <sp:MustSupportRefIssuerSerial /> </wsp:Policy> </sp:Wss10> <sp:Wss11> <wsp:Policy> <sp:MustSupportRefKeyIdentifier /> <sp:MustSupportRefIssuerSerial /> <sp:MustSupportRefThumbprint /> <sp:MustSupportRefEncryptedKey /> </wsp:Policy> </sp:Wss11> <sp:SignedParts>...</sp:SignedParts> <sp:EncryptedParts...</sp:EncryptedParts> <sc:KeyStore wspp:visibility="private" .../> <sc:TrustStore wspp:visibility="private" ... /> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> </definitions> I assume that it's a valid policy by the standards (looks ok, works with Sun's implementation). I try to load it into CXF by engaging the policy engine in the cxf.xml (taken from CXF samples): <bean id="org.apache.cxf.ws.policy.PolicyEngine" class="org.apache.cxf.ws.policy.spring.InitializingPolicyEngine"> <property name="bus" ref="cxf" /> <property name="enabled" value="true" /> </bean> I then initialize the Web Service stub on the client side by calling the constructor with a path to the above WSDL-file. However, it does not seem to understand the policy. The service works well, but no policy assertions are processed: WS-Addressing is not turned on, no security header is inserted, ... I read through the documentation but did not find any solution. What's my mistake? How can I use WS-Policy with CXF? Could it be that the <wsp:PolicyReference .../> is not respected by CXF? As a next step: How do I specify a keystore for CXF? The <sc:KeyStore .../> seems to be a proprietary Sun extension. Any help is appreciated! Yours, Till. --------------------------------------------------------------------- Till Haselmann Diplomand viadee Unternehmensberatung GmbH Anton-Bruchausen-Str. 8 48147 Münster Telefon: +49 251 7 77 77 303 [EMAIL PROTECTED] www.viadee.de Sitz und Amtsgericht: Münster, HRB 4318 Geschäftsführer: Martina Wegener, Heinrich Riemann ---------------------------- IONA Technologies PLC (registered in Ireland) Registered Number: 171387 Registered Address: The IONA Building, Shelbourne Road, Dublin 4, Ireland
