You may need to write a simple interceptor that would grab the HttpServletRequest object out of the message and checks the security stuff. It shouldn't be too hard to write.
There might be some policy things along with the ws-security stuff that could enforce it with the ws-security module, but that would definitely cause a performance hit due to the security module dropping to saaj mode. I'm not really sure anyway. Fred may need to answer that one. Dan On Tuesday 05 February 2008, [EMAIL PROTECTED] wrote: > I want to make sure any messages not encrypted with SSL are rejected > by the CXF container. What configuration is neccessary for this? > > I've tried setting the location to an https address but this is > unsufficient. The only documentation I've found on the subject refers > to client, not server, configuration. > > ? <wsdl:service name="HelloWorldService"> > ??? <wsdl:port binding="impl:HelloWorldServiceSoapBinding" > name="HelloWorldService"> ????? <wsdlsoap:address > location="https://localhost:8080/HelloWorldService"/> ??? </wsdl:port> > ? </wsdl:service> > > Thanks! > > > > ______________________________________________________________________ >__ More new features than ever. Check out the new AOL Mail ! - > http://webmail.aol.com -- J. Daniel Kulp Principal Engineer, IONA [EMAIL PROTECTED] http://www.dankulp.com/blog
