You're wsdl doesn't contain any security policy fragments or anything to define the security requirements. There are two options:
1) Use the WSS4JInInterceptor documented at: http://cxf.apache.org/docs/ws-security.html 2) Create a WS-Policy document that describes the policy you want to enforce and attach that to the service via something like the @Policy annotation or similar. Dan On Friday, February 24, 2012 3:05:43 PM Martin Nielsen wrote: > Hello. > I need help with making my WS-SecurityPolicy behave. I have a > beginner-level knowledge concerning CXF and web-services in general. Im > pretty sure i understand all the concepts but i have very little practical > experience (yet). > > My problem is this. I have a running java2wsdl webservice that I have > compiled and tested. It works fine. Now i want to add a security policy to > the webservice that signs and encrypts all traffic. So modify my beans file > to this: > > > <beans xmlns="http://www.springframework.org/schema/beans"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xmlns:jaxws="http://cxf.apache.org/jaxws"; > xmlns:soap="http://cxf.apache.org/bindings/soap"; > xsi:schemaLocation=" > http://www.springframework.org/schema/beans > http://www.springframework.org/schema/beans/spring-beans-2.0.xsd > http://cxf.apache.org/jaxws > http://cxf.apache.org/schemas/jaxws.xsd";> > > > <jaxws:endpoint > id="LoginService" > implementor="orgserver.services.Login" > address="/Login"> > > <jaxws:properties> > <entry key="ws-security.signature.properties" > value="server-crypto.properties"/> > <entry key="ws-security.encryption.properties" > value="server-crypto.properties"/> > <entry key="ws-security.signature.username" value="myservicekey"/> > <entry key="ws-security.encryption.username" value="useReqSigCert"/> > <entry key="ws-security.callback-handler" > value="orgserver.common.services.ServerCallback"/> > </jaxws:properties> > > </jaxws:endpoint> > </beans> > > I double and triple checked that all the files are where they are supposed > to be, and tomcat lets me deploy without errors. But then i use my old test > client (Without any kind of security) to contact the web service, and I > still get a reply. > > What I need is to make the signing and encryption mandatory, so the > web-server will only handle requests with the propper signature and > encryption, but how do i do that? > Do I need to change the WSDL in order to make the security policy kick in? > > Oh and here is the WSDL. No security elements in there, as the wsdl is > generated from the java code. > > <?xml version="1.0" encoding="UTF-8"?> > <wsdl:definitions name="LoginService" targetNamespace=" > http://localhost:8080/"; xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"; > xmlns:tns="http://localhost:8080/"; xmlns:xsd=" > http://www.w3.org/2001/XMLSchema"; xmlns:soap=" > http://schemas.xmlsoap.org/wsdl/soap/";> > <wsdl:types> > <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"; xmlns:tns=" > http://localhost:8080/"; elementFormDefault="unqualified" targetNamespace=" > http://localhost:8080/"; version="1.0"> > <xs:element name="Login" type="tns:Login"/> > <xs:element name="LoginResponse" type="tns:LoginResponse"/> > <xs:complexType name="Login"> > <xs:sequence> > <xs:element minOccurs="0" name="username" type="xs:string"/> > <xs:element minOccurs="0" name="password" type="xs:string"/> > </xs:sequence> > </xs:complexType> > <xs:complexType name="LoginResponse"> > <xs:sequence> > <xs:element minOccurs="0" name="Token" type="xs:string"/> > </xs:sequence> > </xs:complexType> > </xs:schema> > </wsdl:types> > <wsdl:message name="Login"> > <wsdl:part name="parameters" element="tns:Login"> > </wsdl:part> > </wsdl:message> > <wsdl:message name="LoginResponse"> > <wsdl:part name="parameters" element="tns:LoginResponse"> > </wsdl:part> > </wsdl:message> > <wsdl:portType name="LoginService"> > <wsdl:operation name="Login"> > <wsdl:input name="Login" message="tns:Login"> > </wsdl:input> > <wsdl:output name="LoginResponse" message="tns:LoginResponse"> > </wsdl:output> > </wsdl:operation> > </wsdl:portType> > <wsdl:binding name="LoginServiceSoapBinding" type="tns:LoginService"> > <soap:binding style="document" transport=" > http://schemas.xmlsoap.org/soap/http"/> > <wsdl:operation name="Login"> > <soap:operation soapAction="" style="document"/> > <wsdl:input name="Login"> > <soap:body use="literal"/> > </wsdl:input> > <wsdl:output name="LoginResponse"> > <soap:body use="literal"/> > </wsdl:output> > </wsdl:operation> > </wsdl:binding> > <wsdl:service name="LoginService"> > <wsdl:port name="LoginServicePort" > binding="tns:LoginServiceSoapBinding"> > <soap:address location="http://localhost:9090/LoginServicePort"/> > </wsdl:port> > </wsdl:service> > </wsdl:definitions> > > Request and response > > <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; > xmlns:loc="http://localhost:8080/";> > <soapenv:Header/> > <soapenv:Body> > <loc:Login> > > <username>baseuser</username> > > <password>baseuser</password> > </loc:Login> > </soapenv:Body> > </soapenv:Envelope> > > <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";> > <soap:Body> > <ns2:LoginResponse xmlns:ns2="http://localhost:8080/";> > <Token>4ec89454-2d00-419e-bbaa-a780d205dfc1</Token> > </ns2:LoginResponse> > </soap:Body> > </soap:Envelope> -- Daniel Kulp [email protected] - http://dankulp.com/blog Talend Community Coder - http://coders.talend.com
