On 02/03/2012 02:08 PM, Daniel Kulp wrote:
On Friday, February 03, 2012 8:02:35 PM COURTAULT Francois wrote:
Hello Glen,
First, my WDSL contains policy statements.
I have read again more carefully your article.
Let me know if I have well understood:
- if the WSDL contains policy statements, the WS-SecurityPolicy option
is the preferred approach: right ?
Quite likely the required approach, yes. If the WSDL contains policies and
the policy engine is turned on (which is the default starting in CXF 2.3),
then the policy based interceptors will be automatically engaged. Using the
non-policy based approach may interfere with it.
Clarification: if you *don't* include the cxf-rt-ws-policy dependency
(as listed in the blog article), then any WS-Policy statements in the
WSDL will be ignored, and in that case you can use the WSS4J interceptor
approach to manually add headers.
- if the WSDL doesn't contain policy
statements, the WSS4J interceptors option is required: right ?
You CAN, using configuration, provide a policy attachment that would define a
security policy and drive the policy based interceptors that way. Definitely
tricky though.
But does
that mean also that you cannot use this option if the WSDL contains policy
statements ?
So, if the answer to above question is yes, the CXF client coding rules are:
- if your WSDL contains policy statements, you have no choice, you have to
use WS-SecurityPolicy option: right ? - if your WSDL doesn't contains
policy statements, you have no choice, you have to use WSS4J interceptors
option: right ?
I think that's the easy answer. The more complete answer is that you COULD
use the WSS4J interceptors along with a custom interceptor that assert the
various policies and likely remove/skip the policy based things. Definitely
more work though.
Dan
Best Regards.
-----Original Message-----
From: Glen Mazza [mailto:[email protected]]
Sent: vendredi 3 février 2012 19:42
To: [email protected]
Subject: Re: Issue with CXF-2.5.2 regarding UsernameToken
Once *you* decide which one you want--your choice but if the WSDL doesn't
have security policy statements it will need to be WSS4J--just follow my
blog entry, making changes as explained in the tutorial depending on the
option you wanted. For example, the code segment referenced had
instructions just before it telling you to comment out / uncomment the
particular segment depending on the method you chose.
Glen
On 02/03/2012 01:33 PM, COURTAULT Francois wrote:
Hello,
OK but how do you choose the method WSS4J interceptors or
WS-SecurityPolicy ?
Best Regards.
--
Glen Mazza
Talend Community Coders - coders.talend.com
blog: www.jroller.com/gmazza
