Thanks Glen! It's my fault :(, I forgot to enable WS-Addressing feature on the <jaxws:client> side. Now it works with both WS-Addressing and Security soap header.
Thanks. Xilai -----Original Message----- From: Glen Mazza [mailto:[email protected]] Sent: Saturday, December 31, 2011 11:18 AM To: [email protected] Subject: Re: How to get both WS-Addresssing and UsernameToken Security take effect? Can you try putting the ws:addressing requirement within the WSDL Policy (instead of within CXF config), as shown here: http://www.jroller.com/gmazza/entry/cxf_usernametoken_profile#UTCXF4 , except with a wsp:Optional of "false"? HTH, Glen On 12/30/2011 09:59 PM, XiLai Dai wrote: > Hi, > > We have a service endpoint spring configuration like this: > <jaxws:endpoint id="testService" > implementor= ...> > <jaxws:features> > <wsa:addressing > xmlns:wsa="http://cxf.apache.org/ws/addressing"/> > <p:policies> > <wsp:Policy> > <wsp:ExactlyOne> > <wsp:All> > <wsp:PolicyReference > URI="token.policy"/> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > </p:policies> > </jaxws:endpoint> > > The token.policy as this: > <wsp:Policy wsu:Id="UsernameToken" xmlns:wsu= > > "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > xmlns:wsp="http://www.w3.org/ns/ws-policy"; > xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> > <wsp:ExactlyOne> > <wsp:All> > <sp:SupportingTokens> > <wsp:Policy> > <sp:UsernameToken > sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"/> > </wsp:Policy> > </sp:SupportingTokens> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > > We just want to enable both WS-Addressing feature and UsernameToken security > policy. But from the Message content we have intercepted, seems no Addressing > headers found in the soap message. > > <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";> > <soap:Header> > <wsse:Security soap:mustUnderstand="1" > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";> > <wsse:UsernameToken > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > wsu:Id="UsernameToken-3"> > <wsse:Username>testuser</wsse:Username> > <wsse:Password > Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>testpwd</wsse:Password> > </wsse:UsernameToken> > </wsse:Security> > </soap:Header> > <soap:Body> > <isdx:echo > xmlns:isdx="http://services.sopware.org/demo/Whiteboard";><value>hi!</value></isdx:echo> > </soap:Body> > </soap:Envelope> > > Have I missed something? How to get both WS-Addressing and Security take > effect? > (the CXF version used is 2.5.0) > > Thanks! > Xilai -- Glen Mazza Talend Community Coders http://coders.talend.com blog: http://www.jroller.com/gmazza
