You can configure the org.apache.cxf.ws.policy.AlternativeSelector [1] to be used in the Bus, either through the spring configuration or with something like:
bus.getExtension(PolicyEngine.class).setAlternativeSelector(new MaximalAlternativeSelector()); The default selector is the MinimalAlternativeSelector. Cheers Alessio [1] http://cxf.apache.org/docs/wspconfiguration.html On 10/04/2011 08:44 AM, Marc Giger wrote: > Hi > > Yesterday I tried to setup CXF with WS-Policy via annotations. The following > Policy with two alternatives was applied: > > <wsp:Policy > xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"; > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> > <wsp:ExactlyOne> > <wsp:All> > <sp:AsymmetricBinding> > <wsp:Policy> > <sp:InitiatorToken> > <wsp:Policy> > <sp:X509Token> > <wsp:Policy> > <sp:WssX509V3Token11/> > </wsp:Policy> > </sp:X509Token> > </wsp:Policy> > </sp:InitiatorToken> > <sp:RecipientToken> > <wsp:Policy> > <sp:X509Token> > <wsp:Policy> > <sp:WssX509V3Token11/> > </wsp:Policy> > </sp:X509Token> > </wsp:Policy> > </sp:RecipientToken> > <sp:IncludeTimestamp/> > </wsp:Policy> > </sp:AsymmetricBinding> > <sp:SignedParts> > <sp:Body/> > </sp:SignedParts> > <sp:SignedElements> > <!-- The IncludeTimestamp says that the Timestamp must be > integrity protected either by > transport or by message level security. We enforce message level > protection here: --> > <sp:XPath xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"; > > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> > /soap:Envelope/soap:Header/wsse:Security/wsu:Timestamp > </sp:XPath> > </sp:SignedElements> > </wsp:All> > <wsp:All> > <sp:AsymmetricBinding> > <wsp:Policy> > <sp:InitiatorToken> > <wsp:Policy> > <sp:X509Token> > <wsp:Policy> > <sp:WssX509V3Token11/> > </wsp:Policy> > </sp:X509Token> > </wsp:Policy> > </sp:InitiatorToken> > <sp:RecipientToken> > <wsp:Policy> > <sp:X509Token> > <wsp:Policy> > <sp:WssX509V3Token11/> > </wsp:Policy> > </sp:X509Token> > </wsp:Policy> > </sp:RecipientToken> > <sp:IncludeTimestamp/> > </wsp:Policy> > </sp:AsymmetricBinding> > <sp:SignedParts> > <sp:Body/> > </sp:SignedParts> > <sp:SignedElements> > <!-- The IncludeTimestamp says that the Timestamp must be > integrity protected either by > transport or by message level security. We enforce message level > protection here: --> > <sp:XPath xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"; > > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> > /soap:Envelope/soap:Header/wsse:Security/wsu:Timestamp > </sp:XPath> > </sp:SignedElements> > <sp:EncryptedParts> > <sp:Body/> > </sp:EncryptedParts> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > > The expectation from my sided was, that one of the alternatives is choosen > based on the actual request. But CXF chooses > per default the alternative with the lowest number of assertions without > taking the actual request into account. > Then this selected alternative (effective Policy) is always used for all > subsequent requests. > > Is this correct, or did I miss something? Is there a switch to change this > behavior? > > Thanks > > Marc > > -- Alessio Soldano Web Service Lead, JBoss
