Hello,
I've been trying to create a web service form an implementation and want
to use the @Policies to includes the security definition for username
token in the wsdl that eclipse generates. I've been searching around the
internet and found various things that imply that this should be
achievable - but I haven't quite managed it.
I'm using cxf 2.5.3 and eclipse 4.2.0 (Juno) with Java 1.6. So I created
a simple web service. I then added:
@Policies({
@Policy(uri = "SecurityPolicy.xml")
}
)
after my imports on the class defining the web service (Hello.java). I
suspect that I don't need the @policies and could just have the @Policy.
I created a file SecurityPolicy.xml (below) in the WEB-INF directory:
<!-- Policy for UsernameToken with plaintext password, sent from client
to
server only -->
<wsp:Policy wsu:Id="UsernameToken" xmlns:wsu=
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-util
ity-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<wsp:ExactlyOne>
<wsp:All>
<!-- Empty <TransportBinding/> element required due to bug in
CXF 2.2.6 -->
<sp:TransportBinding/>
<sp:SupportingTokens>
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken=".../IncludeToken/AlwaysToRecipient"/>
</wsp:Policy>
</sp:SupportingTokens>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
In cxf-beans.xml, I added the xml below to the existing bean definition
for the service (HelloService):
<jaxws:properties>
<entry key="ws-security.callback-handler"
value="com.our.ws.tutorial.ServerCallback"/>
</jaxws:properties> </jaxws:endpoint>
I then created the SerrverCallback class.
In using eclipse to generate the wsdl, web service and deploy it, there
is no sign of any security being added to the wsdl or being implemented
on the project.
Can someone please point me in the right direction?
Thanks.
