Hi there,
I started to work with the DOSGi Subproject of Apache CXF and for the
most part everything worked fine until I began trying to add security
to my web service. AFAIK there're two possible methods implementing
WS-Security policies in CXF, right?
1) WSDL-first approach by specifying the *.wsdl location that the
server should publish a lá
props.put("org.apache.cxf.ws.wsdl.location", "/hello.wsdl");
2) Using WSS4J In/Out Interceptors
I tried both of them and the server always published no security
policies at all in my http://localhost:9090/hello?wsdl ([1] Link to
generated WSDL by CXF DOSGi) In the first approach I tested that the
*.wsdl-File is accessible by the bundle and configured it with the
org.apache.cxf.ws.wsdl.location property ([2] Link to WSDL with
manually added WS-Policy stuff) I also specified all other properties
necessary (org.apache.cxf.ws.wsdl.*) from DOSGi References. The
resulting wsdl shows no security bindings at all and equaled to [1]
Then I tried the second approach with using WSS4JInInterceptors and
again, the resulting WSDL file has shown no difference to [1]. Here's
the Activator code that I used for that method: Activator.java. I'm
using cxf-dosgi-ri-singlebundle-distribution-1.3 and my favorable
method would be the Interceptor Method. Also I'm trying to avoid
Spring or any other type of XML-based Server/Client configuration. I
was also searching through the mailing list with moderate success.
Up to this point I'm not sure where I'm wrong. Help appreciated.
Cheers,
Thomas
[1] Link to generated WSDL by CXF DOSGi (http://pastebin.com/d20vNAQN)
[2] Link to WSDL with manually added WS-Policy stuff
(http://pastebin.com/d20vNAQN)
[3] Activator.java (http://pastebin.com/YwvDZmvv)
