The PolicyBasedWSS4JOutInterceptor uses WS-SecurityPolicy to construct
the outbound WS-Security requirements on the request. An example you
can take a look at is here ("testAsymmetricProtectTokens" - the
signing BinarySecurityToken is signed as per the "ProtectTokens"
policy):http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/x509/X509TokenTest.java?view=markup This uses the policy "DoubleItAsymmetricProtectTokensPolicy": http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/DoubleItX509.wsdl?view=markup The client configuration is here: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/client/client.xml?view=markup Colm. On Tue, Dec 13, 2011 at 3:00 PM, Jeppe Cramon <[email protected]> wrote: > Hi > > > > I've been following Glen Mazza's example for Adding X.509 security > headers to Apache CXF SOAP calls > (http://www.jroller.com/gmazza/entry/cxf_x509_profile > <http://www.jroller.com/gmazza/entry/cxf_x509_profile> ), though I've > turned encryption off as I didn't need it. > > When using it client to server, where both are using CXF and the > WSS4JOut/InInterceptor's, everything works nicely. > > > > Next attempt was to call a service exposed through Oracle Service Bus > (OSB). This service runs under Oracle Web Services Manager (OWSM) which > enforces signing of the call. > > First thing I had to change was to add <entry > key="signatureKeyIdentifier" value="DirectReference"/> to my clients > org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor config, otherwise > OWSM wouldn't accept the calls at all. > > Unfortunately changing the setting didn't cure the problem totally, > because OWSM still requires the X509 Binary Security Token to be signed. > > Looked around and didn't find anything - found an old nabble post about > setting tokenProtection to true. Didn't find anything about it, but > googling code revealed that PolicyBasedWSS4JOutInterceptor exists, but > unfortunately I have no idea on how to get it working. > > > > Did I overlook an example or some documentation? If not, I would > appreciate some pointers or examples on how to configure > PolicyBasedWSS4JOutInterceptor/PolicyBasedWSS4JInInterceptor for both > client and server setup :-) > > > > Thanks in advance > > > > /Jeppe > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
