The first example uses manual WSS4J configuration (which doesn't read a WSDL to determine the needed security), the second uses WS-SecurityPolicy. Generally, the choice is based on whether your web service provider uses WS:Policy security elements in its WSDL; if so use WS-SecPol configuration else use manual configuration.
Link #8 here: http://www.jroller.com/gmazza/entry/blog_article_index has examples using both for both UsernameToken and X.509. HTH, Glen Andre den Hartog wrote: > > Hi, > > In the CXF manual, a config like this is used: > > <jaxws:inInterceptors> > <bean > class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> > <constructor-arg> > <map> > <entry key="action" value="Signature > Encrypt"/> > <entry key="signaturePropFile" > value="server-certificates.properties" > /> > <entry key="decryptionPropFile" > value="server-certificates.properties" /> > <entry key="passwordCallbackRef"> > <ref bean="MyPasswordCallback"/> > </entry> > </map> > </constructor-arg> > </bean> > </jaxws:inInterceptors> > > However, in the IBM examples > (http://www.ibm.com/developerworks/java/library/j-jws13.html?ca=drs-) they > use: > > <jaxws:properties> > <entry key="ws-security.signature.properties" > value="server-certificates.properties"/> > <entry key="ws-security.signature.username" > value="someusername"/> > <entry key="ws-security.encryption.properties" > value="server-certificates.properties"/> > <entry key="ws-security.encryption.username" > value="someusername"/> > <entry key="ws-security.callback-handler" > value-ref="MyPasswordCallback" /> > </jaxws:properties> > > Does anyone know what the differences are, and when to use the one versus > the other? > > Thanks, Andre > -- View this message in context: http://old.nabble.com/server-config----jaxws%3AinInterceptor-or-jaxws%3Aproperties--tp28900118p28902095.html Sent from the cxf-user mailing list archive at Nabble.com.
