On Tuesday 25 January 2011 6:36:47 pm barakka wrote: > Hello, > > I've noticed the following behavior on CXF 2.3.1. If I declare a security > policy at port-type operation level (Policy.Placement.PORT_TYPE_OPERATION) > and include it directly in the wsdl, the policy is picked up correctly and > processed by both PolicyIn and PolicyOut interceptors (which create the > right interceptors chain). > > Instead, if I use the @Policy annotation to include the policy in my > operation, even if the generated wsdl is identical and correctly contains > both the policy declaration and the policy reference on the operation, the > PolicyIn and PolicyOut interceptors seem to ignore the declared policy and > do not add the needed interceptors in the chain. > > Instead, adding the same policy declaration at service level works just > fine, and the policy is correctly picked up by the interceptors. > Unfortunately, this solution does not work for me, as in this case the > policy is applied to all service operations, included WS-RM operations > which shouldn't be protected. > > Is this a known problem? Is there a workaround solution?
Not a known issue. Can you create a small testcase and attach to a JIRA? > On a different topic, policies declared with @Policy at service level get > declared and referenced twice in the wsdl. This may be fixed in 2.3.2. I did fix a couple things around double declarations in 2.3.2, but I'm not 100% sure in this case. > > Thanks, > Riccardo. -- Daniel Kulp [email protected] http://dankulp.com/blog
