Hi On 03/04/12 16:04, Thomas Pischulski wrote:
Hi there,I started to work with the DOSGi Subproject of Apache CXF and for the most part everything worked fine until I began trying to add security to my web service. AFAIK there're two possible methods implementing WS-Security policies in CXF, right? 1) WSDL-first approach by specifying the *.wsdl location that the server should publish a lá props.put("org.apache.cxf.ws.wsdl.location", "/hello.wsdl");
It might be to do with the bug opened against 1.3: https://issues.apache.org/jira/browse/DOSGI-111
2) Using WSS4J In/Out Interceptors I tried both of them and the server always published no security policies at all in my http://localhost:9090/hello?wsdl ([1] Link to generated WSDL by CXF DOSGi) In the first approach I tested that the *.wsdl-File is accessible by the bundle and configured it with the org.apache.cxf.ws.wsdl.location property ([2] Link to WSDL with manually added WS-Policy stuff) I also specified all other properties necessary (org.apache.cxf.ws.wsdl.*) from DOSGi References. The resulting wsdl shows no security bindings at all and equaled to [1] Then I tried the second approach with using WSS4JInInterceptors and again, the resulting WSDL file has shown no difference to [1]. Here's the Activator code that I used for that method: Activator.java. I'm using cxf-dosgi-ri-singlebundle-distribution-1.3 and my favorable method would be the Interceptor Method. Also I'm trying to avoid Spring or any other type of XML-based Server/Client configuration. I was also searching through the mailing list with moderate success.
I think at [3] you need to wrap wssIn in a List and that should do it HTH, Sergey
Up to this point I'm not sure where I'm wrong. Help appreciated. Cheers, Thomas [1] Link to generated WSDL by CXF DOSGi (http://pastebin.com/d20vNAQN) [2] Link to WSDL with manually added WS-Policy stuff (http://pastebin.com/d20vNAQN) [3] Activator.java (http://pastebin.com/YwvDZmvv)
