Dan, Thanks so much for the suggestion. I turned on addressing and I now have the AppliesTo header in my outgoing message. Unfortunately the STS server we use uses an arbitrary namespace for the endpoint address like the request below.
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust";> <soapenv:Header/> <soapenv:Body> <wst:RequestSecurityToken> <wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType> <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> <wsa:EndpointReference xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing";> <wsa:Address>http:/arbitrarynamespace/org/VER/ICM/SAML1.1</wsa:Address> </wsa:EndpointReference> </wsp:AppliesTo> </wst:RequestSecurityToken> </soapenv:Body> </soapenv:Envelope> When I run my CXF sample, it looks like CXF uses the address of the enclosing jaxws:client. Is there any way to coerce it to use an arbitrary address? In my client code I execute the below code to set the service endpoint. I wondered if there is something like "provider.getRequestContext().put(STS_APPLIES_TO, target)"? BindingProvider provider = (BindingProvider)stub; provider.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, target); Thanks again, Brandon -----Original Message----- From: Daniel Kulp [mailto:[email protected]] Sent: Tuesday, April 13, 2010 8:32 AM To: [email protected] Cc: Brandon Richins Subject: Re: Add an AppliesTo header to outbound STS message I think you need to turn on WS-Addressing for the client. Looking at the code, the AppliesTo header is added if WS-Addressing maps are found and an endpoint address is available. I'm pretty sure the address is always there, so I'm going to assume it's due to addressing not being turned on. Especially since I don't see anything addressing related in your config. Dan On Monday 12 April 2010 7:44:16 pm Brandon Richins wrote: > Hi, > > I am trying out some of the WS-Trust features of CXF and got stumped when I > tried to have an AppliesTo section automatically added to my RST WS-Trust > request. I'm wondering if it's possible to add the AppliesTo header > without having to manually massage the STS client inside my client code. > I've done the ws-security examples from the recent IBM DeveloperWorks > series and run the ws-trust samples included in the CXF distro but was > trying to take this just a little bit further. Should I move away from > the configuration route and try the template or STS in the Java clinet? > Any suggestions or pointers would be great. My cxf.xml configuration is > below. > > === > <beans xmlns="http://www.springframework.org/schema/beans"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xmlns:http="http://cxf.apache.org/transports/http/configuration"; > xmlns:jaxws="http://cxf.apache.org/jaxws"; > xmlns:cxf="http://cxf.apache.org/core"; > xmlns:p="http://cxf.apache.org/policy"; > xmlns:sec="http://cxf.apache.org/configuration/security"; > xsi:schemaLocation=" > http://www.springframework.org/schema/beans > http://www.springframework.org/schema/beans/spring-beans.xsd > http://cxf.apache.org/jaxws > http://cxf.apache.org/schemas/jaxws.xsd > http://cxf.apache.org/transports/http/configuration > http://cxf.apache.org/schemas/configuration/http-conf.xsd > http://cxf.apache.org/configuration/security > http://cxf.apache.org/schemas/configuration/security.xsd > http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd > http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd";> > <cxf:bus> > <cxf:features> > <p:policies /> > <cxf:logging /> > </cxf:features> > </cxf:bus> > > <p:externalAttachment location="classpath:/sts.policy.xml" /> > > <jaxws:client name="{FooService}FooServiceHttpSoap11Endpoint" > createdFromAPI="true"> <jaxws:properties> > <entry key="ws-security.sts.client"> > <!-- direct STSClient config and creation --> > <bean class="org.apache.cxf.ws.security.trust.STSClient"> > <constructor-arg ref="cxf" /> > <property name="wsdlLocation" > > value="https://internal-stsaddress:9445/TrustServerWST13/services/RequestS > ecurityToken?wsdl" /> <property name="serviceName" > value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512}SecurityTokenServ > ice" /> <property name="endpointName" > value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512}RequestSecurityTo > ken" /> <property name="properties"> > <map> > <entry key="ws-security.username" value="scott" /> > <entry key="ws-security.password" value="tiger" /> > </map> > </property> > </bean> > </entry> > </jaxws:properties> > </jaxws:client> > </beans> > === > > Thanks in advance. > > Brandon Richins -- Daniel Kulp [email protected] http://dankulp.com/blog
