How should the new "ws-security.sts.applies-to" property in 2.2.8 be used? I'm
getting a NullPointerException with and without the property in
IssuedTokenInterceptorProvider. The stack trace seems to point to "String s =
message.getContextualProperty(SecurityConstants.STS_APPLIES_TO).toString();"
I'm guessing that I'm just not using it correctly.
<jaxws:client name="{StockQuoteService}StockQuoteServiceHttpSoap11Endpoint"
createdFromAPI="true">
<jaxws:features>
<wsa:addressing xmlns:wsa="http://cxf.apache.org/ws/addressing"; />
</jaxws:features>
<jaxws:properties>
<entry key="ws-security.sts.client">
<!-- direct STSClient config and creation -->
<bean class="org.apache.cxf.ws.security.trust.STSClient">
<constructor-arg ref="cxf" />
<property name="requiresEntropy" value="false" />
<property name="wsdlLocation"
value="src/main/resources/STS.wsdl" />
<property name="serviceName"
value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512}SecurityTokenService";
/>
<property name="endpointName"
value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512}RequestSecurityToken";
/>
<property name="properties">
<map>
<entry key="ws-security.username" value="scott" />
<entry key="ws-security.password" value="tiger" />
<entry key="ws-security.sts.applies-to"
value="http://foo.org/VER/SAML1.1"; />
</map>
</property>
</bean>
</entry>
</jaxws:properties>
It was added to 2.2.8 after I had a problem with an STS provider that used the
AppliesTo URL as it's only configuration mechanism. I extended the STSClient
class for 2.2.7 but wanted to use the new fix when I ran into this problem.
Let me know if I should write up a test? Any help would be great.
Thanks again,
Brandon Richins
ECIS Migration
Intermountain Healthcare
4646 Lake Park Blvd
Salt Lake City, UTÂ 84120
p. 801.442.5523
c. 801.589.2428
