Hi Gary,
You're probably best off working with the WS-SecurityPolicy generated by
WCF, which will describe the security configuration in an interoperable
way. This is embedded in the WSDL generated by the WCF service. CXF will
configure its security handling based on the policy, and you then only
need to supply the added information (such as certificates and keys)
needed at runtime.
You can see some of Glen's blog entries, or my article at
http://www.ibm.com/developerworks/java/library/j-jws13.html for details
of the policy-based approach.
- Dennis
Dennis M. Sosnoski
Java SOA and Web Services Consulting <http://www.sosnoski.com/consult.html>
CXF and Web Services Security Training
<http://www.sosnoski.com/training.html>
Web Services Jump-Start <http://www.sosnoski.com/jumpstart.html>
On 05/03/2012 08:40 AM, gmui wrote:
I was able to get a CXF client (generated from wsdl2java) to talk to my WCF
web service using wsHttpBinding with transport layer security. My next
issue is trying to get my CXF / Java client to invoke a different WCF
service configured with wsHttpBinding but this time with
TransportWithMessageCredential. Here's the wcf security config:
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None"/>
<message clientCredentialType="Certificate"
negotiateServiceCredential="false"
establishSecurityContext="false"/>
</security>
The resulting WCF wsdl looks like this:
I'm fairly new to configuring wss4j but I presume I'll need to add some
specific interceptors (both in and out) to handle the interop. Can anyone
give me any suggestions on what might be needed? Or even at least assure me
that this is doable with CXF?
Thanks,
Gary
--
View this message in context:
http://cxf.547215.n5.nabble.com/More-cxf-wcf-interop-questions-tp5681573.html
Sent from the cxf-user mailing list archive at Nabble.com.
