Hi All, I'm trying to put together a java first CXF server with WS-Security. I have the WSS4JInInterceptor with password callback handling my requests with clear text pass for now. Could somebody point me into a right direction regarding two issues I'm trying to figure out: 1. WSDL header generation, in particular how to add WS-Security header to a generated WSDL, any examples? 2. Another question I have is how to handle sessions using CXF, can't find a good example on that.. Basic idea is to have a Auth port to authenticate a session/token using WS-Security, have server return that session/token and make client use that for subsequent calls into all other ports.
Thanks, -Vitaly Here is SOAP request with WS-Security which WSS4JInInterceptor is handling. <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:spr="http://spring.demo/";> soap:mustUnderstand="1"> <soapenv:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; soapenv:mustUnderstand="true"> <wsse:UsernameToken wsu:Id="UsernameToken-799830164"> <wsse:Username>username</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>password</wsse:Password> </wsse:UsernameToken> </wsse:Security> </soapenv:Header> <soapenv:Body> <spr:getDude> <!--Optional:--> <arg0>1</arg0> <!--Optional:--> <arg1>2</arg1> </spr:getDude> </soapenv:Body> </soapenv:Envelope> My project is attached. http://www.nabble.com/file/p25977266/CXFHelloServer.jar CXFHelloServer.jar -- View this message in context: http://www.nabble.com/java-first-how-to-add-WS-Security-header-to-WSDL-tp25977266p25977266.html Sent from the cxf-user mailing list archive at Nabble.com.
