We need to send SOAP messages which include a custom security header
designed by our counterparty. The header is declared inside a Policy
element (WS-Policy). (See "CPTYWSHeader", below.)
We did WSDL-first, so our WSDL is static. We understand that we can get
CXF to add these custom headers by configuring WS-Policy in Spring, but
we have not found enough documentation or examples for this.
We have looked at the sample
apache-cxf-2.1.1-SNAPSHOT-src\systests\src\test\java\org\apache\cxf\syst
est\ws\policy\, but it is not clear how we can get to add a custom
element inside soap:header.
How can we add a custom element inside soap:header?
Which interceptor can provide this service, or do we have to write our
own? At what point in the interceptor chain should this interceptor
operate?
WSDL fragment:
<wsdl:input>
<mime:multipartRelated>
<mime:part><soap:body use="literal"
namespace="http://www.cpty.com/submitRawDataSet"; /></mime:part>
<mime:part><mime:content part="rawDataSet_attachment"
type="application/octetstream" /></mime:part>
</mime:multipartRelated>
<soap:header message="tns:submitRawDataSetHeader"
part="standardAttachmentInfor" use="literal"
wsdl:required="true"></soap:header>
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy";>
<wsp:PolicyReference URI="#SecurityTokens" />
<wsp:Policy wsu:Id="SignedPart1"
xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility";>
<wsp:Policy>
<wssp:Integrity wsp:Usage="wsp:Required"
xmlns:wssp="http://schemas.xmlsoap.org/ws/2002/12/secext";>
<wssp:TokenInfo>
<wssp:SecurityToken wsp:Preference="10"
wsp:Usage="wsp:Required">
<wssp:TokenType>wssp:X509v3</wssp:TokenType>
</wssp:SecurityToken>
</wssp:TokenInfo>
<wssp:MessageParts
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:ns1="http://www.cpty.com/CPTYWSHeader.xsd";>
/SOAP-ENV:Envelope/SOAP-ENV:Header/ns1:CPTYWSHeader</wssp:MessageParts>
</wssp:Integrity>
</wsp:Policy>
</wsp:Policy>
</wsp:Policy>
</wsdl:input>
Our messages need to look like this:
<SOAP-ENV:Envelope xmlns:SOAP-ENV=... xmlns:xsd="..." xmlns:xsi="...">
<SOAP-ENV:Header>
<!--CPTY WS HEADER INFORMATION -->
<cwsh:CPTYWSHeader>
<cwsh:CPTYUsernameToken wsu:Id="ID-00000"><!-- more stuff: user ID,
unique ID, timestamp, etc-->
Our out flow currently contains the following interceptors:
pre-logical [HolderOutInterceptor, SwAOutInterceptor,
WrapperClassOutInterceptor, SoapHeaderOutFilterInterceptor]
post-logical [SoapActionOutInterceptor]
prepare-send [MessageSenderInterceptor]
pre-stream [LoggingOutInterceptor, MSXMLStreamOutInterceptor,
SoapPreProtocolOutInterceptor, AttachmentOutInterceptor]
pre-protocol [SAAJOutInterceptor, WSS4JOutInterceptor,
SOAPHandlerInterceptor, SOAPAuthOutInterceptor]
write [SoapOutInterceptor]
pre-marshal [LogicalHandlerOutInterceptor]
marshal [RPCOutInterceptor]
post-protocol [WSS4JOutInterceptorInternal]
write-ending [SoapOutEndingInterceptor]
pre-protocol-ending [SAAJOutEndingInterceptor]
pre-stream-ending [AttachmentOutEndingInterceptor]
prepare-send-ending [MessageFlushInterceptor,
MessageSenderEndingInterceptor]
We have read
http://netzooid.com/blog/2007/04/23/cxf-spring-and-ws-policy-internals/.
Thanks,
Radu Manolescu
Morgan Stanley | Technology
2000 Westchester Ave, 1st Floor | Purchase, NY 10577
Phone: +1 914 225-5871
Mobile: +1 203 648-6964
[EMAIL PROTECTED]
--------------------------------------------------------
NOTICE: If received in error, please destroy and notify sender. Sender does not
intend to waive confidentiality or privilege. Use of this email is prohibited
when received in error.
