Oliver, It looks like nabble removed your attachment.
Oliver Wulff-2 wrote: > > Hi Vitaly > > I've attached the sample I put together to test this. I've used one of the > demos from CXF. I made an update in pom (attached) to used the most recent > snapshot version (2.2.5-SNAPSHOT). > > Some fixes were required: > https://issues.apache.org/jira/browse/CXF-2479 > <https://webmail.progress.com/exchweb/bin/redir.asp?URL=https://issues.apache.org/jira/browse/CXF-2479> > > https://issues.apache.org/jira/browse/CXF-2480 > <https://issues.apache.org/jira/browse/CXF-2480> > > HTH > > Thanks > Oliver > > ________________________________ > > Von: vickatvuuch [mailto:[email protected]] > Gesendet: Di 20.10.2009 19:06 > An: [email protected] > Betreff: Re: java first how-to add WS-Security header to WSDL > > > > > Hi Dan, > > Thanks for your reply. > > Forgot to mention that I'm building and running on CXF 2.2.4. > > Are you saying, that I can not have generated WSDL to include WSPolicy or > you are saying that if I configure it CXF will do it automagically? What > about this note on WS-SecurityPolicy? > > Note: at this point, WS-SecurityPolicy support is ONLY available for "WSDL > first" scenarios. The WS-SecurityPolicy fragments can only be pulled from > WSDL. In the future, we plan to enable various code first scenarios as > well, > but at this time, only WSDL first is available. > > http://cxf.apache.org/docs/ws-securitypolicy.html > > I already tried to specify policy as follows: > > <wsp:Policy wsu:Id="UsernameToken" > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> > <wsp:ExactlyOne> > <wsp:All> > <sp:SupportingTokens > xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> > <wsp:Policy> > <sp:UsernameToken > sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"; > /> > </wsp:Policy> > </sp:SupportingTokens> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > > <jaxws:endpoint implementor="#helloWorldServiceBean" > address="/v1/soap/HelloWorld"> > <jaxws:features> > <p:policies> > <wsp:PolicyReference URI="#UsernameToken" > xmlns:wsp="http://www.w3.org/2006/07/ws-policy"; /> > </p:policies> > > </jaxws:features> > > </jaxws:endpoint> > > java2ws produced the same WSDL as before - no traces of policy. > > > dkulp wrote: >> >> On Tue October 20 2009 11:28:59 am vickatvuuch wrote: >>> Hi All, >>> >>> I'm trying to put together a java first CXF server with WS-Security. >>> I have the WSS4JInInterceptor with password callback handling my >>> requests >>> with clear text pass for now. >>> Could somebody point me into a right direction regarding two issues I'm >>> trying to figure out: >>> 1. WSDL header generation, in particular how to add WS-Security header >>> to >>> a >>> generated WSDL, any examples? >> >> Well, in general, you don't. I've never actually seen that done. >> >> For the most part, what you would do it define a WS-SecurityPolicy policy >> that >> defined the security constraints and then the various security policy >> runtimes >> would interpret that into the required security header. In your case, >> the >> summary would be a TransportBinding/HttpsToken with a UsernameToken >> SupportingToken. >> >> In XML that would be added to the wsdl, it would look like: >> >> >> <wsp:Policy wsu:Id="ut_policy" >> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; >> >> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401- >> wss-wssecurity-utility-1.0.xsd"> >> <sp:TransportBinding >> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> >> <wsp:Policy> >> <sp:TransportToken> >> <wsp:Policy> >> <sp:HttpsToken/> >> </wsp:Policy> >> </sp:TransportToken> >> <sp:Layout> >> <wsp:Policy> >> <sp:Strict/> >> </wsp:Policy> >> </sp:Layout> >> <sp:AlgorithmSuite> >> <wsp:Policy> >> <sp:Basic128/> >> </wsp:Policy> >> </sp:AlgorithmSuite> >> </wsp:Policy> >> </sp:TransportBinding> >> <sp:SupportingTokens >> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> >> <wsp:Policy> >> <sp:UsernameToken >> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"; >> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always";> >> <wsp:Policy> >> <sp:WssUsernameToken11/> >> </wsp:Policy> >> </sp:UsernameToken> >> </wsp:Policy> >> </sp:SupportingTokens> >> </wsp:Policy> >> >> and then add >> <wsp:PolicyReference >> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; >> URI="#ut_policy"/> >> >> to the wsdl:service/wsdl:port for your service. >> >> Of course, once you do that with CXF, the SecurityPolicy implementation >> will >> probably kick in and process it and you would need on unconfigure the >> WSS4J >> interceptors and reconfigure things using the SecurityPolicy constants. >> See: >> >> http://cxf.apache.org/docs/ws-securitypolicy.html >> >> for information. Oliver Wulff is kind of working on a SecurityPolicy >> based >> UsernameToken example: >> http://www.nabble.com/WS-SecurityPolicy,-UsernamePassword-example- >> to25958182.html >> >>> 2. Another question I have is how to handle sessions using CXF, can't >>> find >>> a good example on that.. Basic idea is to have a Auth port to >>> authenticate >>> a session/token using WS-Security, have server return that >>> session/token >>> and make client use that for subsequent calls into all other ports. >> >> Yea. That's definitely one way to do it. You would normally define some >> sort >> of session object in schema and then reference that schema from the other >> services and define soap:headers in those WSDL's for the sessions. >> >> Dan >> >> >>> >>> Thanks, >>> -Vitaly >>> >>> Here is SOAP request with WS-Security which WSS4JInInterceptor is >>> handling. >>> >>> <soapenv:Envelope >>> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; >>> xmlns:spr="http://spring.demo/";> >>> soap:mustUnderstand="1"> >>> <soapenv:Header> >>> <wsse:Security >>> >>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecur >>> ity-secext-1.0.xsd" >>> >>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri >>> ty-utility-1.0.xsd" soapenv:mustUnderstand="true"> >>> <wsse:UsernameToken wsu:Id="UsernameToken-799830164"> >>> <wsse:Username>username</wsse:Username> >>> <wsse:Password >>> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-toke >>> n-profile-1.0#PasswordText">password</wsse:Password> >>> </wsse:UsernameToken> >>> </wsse:Security> >>> </soapenv:Header> >>> >>> <soapenv:Body> >>> <spr:getDude> >>> <!--Optional:--> >>> <arg0>1</arg0> >>> <!--Optional:--> >>> <arg1>2</arg1> >>> </spr:getDude> >>> </soapenv:Body> >>> </soapenv:Envelope> >>> >>> My project is attached. >>> http://www.nabble.com/file/p25977266/CXFHelloServer.jar >>> CXFHelloServer.jar >>> >> >> -- >> Daniel Kulp >> [email protected] >> http://www.dankulp.com/blog >> >> > > -- > View this message in context: > http://www.nabble.com/java-first-how-to-add-WS-Security-header-to-WSDL-tp25977266p25978891.html > Sent from the cxf-user mailing list archive at Nabble.com. > > > > > > <!-- > Licensed to the Apache Software Foundation (ASF) under one > or more contributor license agreements. See the NOTICE file > distributed with this work for additional information > regarding copyright ownership. The ASF licenses this file > to you under the Apache License, Version 2.0 (the > "License"); you may not use this file except in compliance > with the License. You may obtain a copy of the License at > > http://www.apache.org/licenses/LICENSE-2.0 > > Unless required by applicable law or agreed to in writing, > software distributed under the License is distributed on an > "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY > KIND, either express or implied. See the License for the > specific language governing permissions and limitations > under the License. > --> > <project xmlns="http://maven.apache.org/POM/4.0.0"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 > http://maven.apache.org/maven-v4_0_0.xsd";> > <modelVersion>4.0.0</modelVersion> > <groupId>org.apache.cxf.samples</groupId> > <artifactId>wsdl_first_https</artifactId> > <version>1.0</version> > <name>WSDL first demo using HTTPS</name> > <properties> > <cxf.version>2.2.5-SNAPSHOT</cxf.version> > </properties> > <build> > <sourceDirectory>src</sourceDirectory> > <plugins> > <plugin> > <artifactId>maven-compiler-plugin</artifactId> > <configuration> > <source>1.5</source> > <target>1.5</target> > </configuration> > </plugin> > <plugin> > <groupId>org.apache.cxf</groupId> > <artifactId>cxf-codegen-plugin</artifactId> > <version>LATEST</version> > <executions> > <execution> > <id>generate-sources</id> > <phase>generate-sources</phase> > <configuration> > <wsdlOptions> > <wsdlOption> > > <wsdl>${basedir}/wsdl/hello_world.wsdl</wsdl> > </wsdlOption> > </wsdlOptions> > </configuration> > <goals> > <goal>wsdl2java</goal> > </goals> > </execution> > </executions> > </plugin> > <plugin> > <artifactId>maven-antrun-plugin</artifactId> > <executions> > <execution> > <id>copyxmlfiles</id> > <phase>generate-sources</phase> > <goals> > <goal>run</goal> > </goals> > <configuration> > <tasks> > <copy > file="${basedir}/src/demo/hw_https/server/CherryServer.xml" > todir="${basedir}/target/classes/demo/hw_https/server"/> > <copy > file="${basedir}/src/demo/hw_https/client/WibbleClient.xml" > todir="${basedir}/target/classes/demo/hw_https/client"/> > <copy > file="${basedir}/src/demo/hw_https/client/InsecureClient.xml" > todir="${basedir}/target/classes/demo/hw_https/client"/> > <copy todir="${basedir}/target/classes/certs"> > <fileset dir="${basedir}/certs"/> > </copy> > </tasks> > </configuration> > </execution> > </executions> > </plugin> > </plugins> > </build> > <profiles> > <profile> > <id>server</id> > <build> > <defaultGoal>test</defaultGoal> > <plugins> > <plugin> > <groupId>org.codehaus.mojo</groupId> > <artifactId>exec-maven-plugin</artifactId> > <executions> > <execution> > <phase>test</phase> > <goals> > <goal>exec</goal> > </goals> > <configuration> > <executable>java</executable> > <arguments> > <argument>-classpath</argument> > <classpath/> > > <argument>demo.hw_https.server.Server</argument> > </arguments> > </configuration> > </execution> > </executions> > </plugin> > </plugins> > </build> > </profile> > <profile> > <id>insecure.client</id> > <build> > <defaultGoal>test</defaultGoal> > <plugins> > <plugin> > <groupId>org.codehaus.mojo</groupId> > <artifactId>exec-maven-plugin</artifactId> > <executions> > <execution> > <phase>test</phase> > <goals> > <goal>java</goal> > </goals> > <configuration> > > <mainClass>demo.hw_https.client.Client</mainClass> > <arguments> > > <argument>${basedir}/wsdl/hello_world.wsdl</argument> > <argument>insecure</argument> > </arguments> > </configuration> > </execution> > </executions> > </plugin> > </plugins> > </build> > </profile> > <profile> > <id>secure.client</id> > <build> > <defaultGoal>test</defaultGoal> > <plugins> > <plugin> > <groupId>org.codehaus.mojo</groupId> > <artifactId>exec-maven-plugin</artifactId> > <executions> > <execution> > <phase>test</phase> > <goals> > <goal>java</goal> > </goals> > <configuration> > > <mainClass>demo.hw_https.client.Client</mainClass> > <arguments> > > <argument>${basedir}/wsdl/hello_world.wsdl</argument> > <argument>secure</argument> > </arguments> > </configuration> > </execution> > </executions> > </plugin> > </plugins> > </build> > </profile> > </profiles> > <repositories> > <repository> > <id>apache-snapshots</id> > <name>Apache Snapshot Repository</name> > > <url>http://people.apache.org/repo/m2-snapshot-repository/</url> > <snapshots> > <enabled>true</enabled> > </snapshots> > </repository> > <repository> > <id>apache-incubating</id> > <name>Apache Incubating Repository</name> > <url>http://people.apache.org/repo/m2-incubating-repository/</url> > </repository> > <repository> > <id>apache-snapshots2</id> > <name>Apache Snapshot Repository</name> > > <url>http://repository.apache.org/content/groups/snapshots-group/</url> > </repository> > <!-- for jaxb-impl --> > <repository> > <id>java.net</id> > <url>http://download.java.net/maven/1/</url> > <layout>legacy</layout> > </repository> > </repositories> > <pluginRepositories> > <pluginRepository> > <id>apache-plugin-snapshots</id> > <name>Apache Maven Plugin Snapshots</name> > > <url>http://people.apache.org/repo/m2-snapshot-repository</url> > <releases> > <enabled>false</enabled> > </releases> > <snapshots> > <enabled>true</enabled> > </snapshots> > </pluginRepository> > <pluginRepository> > <id>apache-plugin-incubating</id> > <name>Apache Plugin Incubating Repository</name> > > <url>http://people.apache.org/repo/m2-incubating-repository/</url> > </pluginRepository> > </pluginRepositories> > <dependencies> > <dependency> > <groupId>org.apache.cxf</groupId> > <artifactId>cxf-rt-frontend-jaxws</artifactId> > <version>${cxf.version}</version> > </dependency> > <dependency> > <groupId>org.apache.cxf</groupId> > <artifactId>cxf-rt-transports-http</artifactId> > <version>${cxf.version}</version> > </dependency> > <dependency> > <groupId>org.apache.cxf</groupId> > <artifactId>cxf-rt-transports-http-jetty</artifactId> > <version>${cxf.version}</version> > </dependency> > > <dependency> > <groupId>org.apache.cxf</groupId> > <artifactId>cxf-rt-ws-security</artifactId> > <version>${cxf.version}</version> > </dependency> > <dependency> > <groupId>org.apache.cxf</groupId> > <artifactId>cxf-rt-ws-policy</artifactId> > <version>${cxf.version}</version> > </dependency> > </dependencies> > </project> > > -- View this message in context: http://www.nabble.com/java-first-how-to-add-WS-Security-header-to-WSDL-tp25977266p25979600.html Sent from the cxf-user mailing list archive at Nabble.com.
