Currently I use an external policy to apply security policies to the STS client. It seems that the policy is applied based on a static endpoint address (http://cxf.apache.org/docs/how-it-works.html). Since my environment will have a different STS address for production than development I would like to avoid separate policy files for each endpoint. Is it possible to create the endpoint address based on the endpoint name instead of address like {http://docs.oasis-open.org/ws-sx/ws-trust/200512}RequestSecurityToken? Is there a name for the {namespace}name notation used in CXF?
I've included the start of an external policy showing a sample endpoint address. <?xml version="1.0" encoding="UTF-8"?> <attachments xmlns:wsp="http://www.w3.org/ns/ws-policy"; xmlns:wsa="http://www.w3.org/2005/08/addressing";> <wsp:PolicyAttachment> <wsp:AppliesTo> <wsa:EndpointReference> <wsa:Address>https://dev-sts.foo.com/services/RequestSecurityToken</wsa:Address> </wsa:EndpointReference> </wsp:AppliesTo> <wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> <wsp:ExactlyOne> <wsp:All> Thanks, Brandon Richins
