Just be sure you are using 2.7.0 for this as there were a few bugs in java first ws policy support fixed in 2.7.0.
Sent from my Galaxy S2 On Oct 18, 2012 6:12 PM, "Jason Pell" <[email protected]> wrote: > I am not sure about policies that are outside of the classpath. I > have only tried loading policies via the classpath. > > The uri is resolved to something similiar to a spring Resource. So > you might be able to reference it using a "file:" uri but not sure. > > In order to load this via spring what you would do is import your > SignEncrypt.xml file into spring. See attached I modified your > policy file so it can be imported by spring. So you can reference it > as a normal spring import statement: > > <import resouce="SignEncrypt.xml" /> > > Not sure whether you will need to use classpath, or a file reference > or what, but spring will tell you if it cannot import it. > > Then what you can do in your interface instead of referencing the xml > file, is use the spring reference like so: > > @Policies({ @Policy(uri ="#SignAndEncryptPolicy") }) > > Cheers > Jason > > > On Thu, Oct 18, 2012 at 5:56 PM, Flavio Campana > <[email protected]> wrote: > > Thanks for all the answers. > > What i'm trying to do is to create a secure web service with > UsernameToken, > > Signing and Encription. > > if i understood correctly all the info, i need to: > > > > provide a CallbackHandler which sets the keystore password for DECRYPT > and > > SIGNATURE action, and check the hashed password for USERNMANE_TOKEN. > > Create a policy file (attached) > > Annotate the WS interface with @Policies({ @Policy(uri = > > "policy:SignEncrypt.xml") }) (it's placed under WEB-INF/policies, should > i > > use a different uri? How can i load this with spring?) > > > > > > Il 18/10/2012 03:02, [email protected] ha scritto: > > > > Out of the couple I highlighted I eventually decided to go with using > > externalAttachment and wrote my own DomainExpressionBuilder and > > DomainExpression. > > > > What I wanted to be able to do was apply a single security policy to > > all jaxws:endpoints at the operation level for all except the "ping" > > operation which I wanted > > to have free to access. > > > > This was extremely simple to achieve. > > > > In my spring xml I registered: > > > > <p:externalAttachment > > location="classpath:/wspolicy/UsernamePasswordTimestampPolicy.xml"/> > > > > <!-- register a policy attachment appliesto checker! --> > > <bean id="com.pellcorp.spring.security.DomainExpressionBuilder" > > class="com.pellcorp.spring.security.DomainExpressionBuilder" /> > > > > My UsernamePasswordTimestampPolicy.xml has an namespace of > > xmlns:myns="http://pellcorp.com/security/policy"; and an AppliesTo: > > > > <wsp:AppliesTo> > > <myns:OperationMatch /> > > </wsp:AppliesTo> > > > > Then my expression builder has this element as the supported type: > > > > new QName("http://pellcorp.com/security/policy";, "OperationMatch") > > > > I then implemented the public boolean appliesTo(BindingMessageInfo > > messageInfo) { > > > > if (Type.INPUT.equals(messageInfo.getMessageInfo().getType())) { > > String operationName = > > messageInfo.getBindingOperation().getName().getLocalPart(); > > return !"ping".equalsIgnoreCase(operationName); > > } > > > > It works wonderfully on the server and with 2.7.1 snapshot the > > relevent policy reference and policy are included in the wsdl. > > > > Cheers > > Jason > > > > On Thu, Oct 18, 2012 at 11:45 AM, <[email protected]> wrote: > > > > Actually java first in cxf supports ws-policy very nicely. I have been > > contributing some additional work in this area and I don't think you > need to > > go to the trouble of having to manually manipulate a wsdl post gen. > > > > With 2.7.1 snapshot I have added additional work to ensure that even if > you > > want to use external ws policy attachments you can have them applied at > the > > binding operation level. > > > > Or you can annotate the web service interface with either a classpath > > reference to a policy file or you can use a #id to refer to q policy > > embedded in spring context. You can use spring imports to import a policy > > file but it will need to be embedded in a spring bean xml tag. > > > > I have been very happy with all these approaches and performed a lot of > > testing and it works very well in 2.7 onwards. 2.7.1 just has one > > enhancement to include policies ij wsdl that have been applied at the op > > message level. > > > > Happy to provide additional info about all this > > > > Sent from my Galaxy S2 > > > > On Oct 18, 2012 8:38 AM, "Glen Mazza" <[email protected]> wrote: > > > > I'd recommend building a Java-first web service in order to auto-generate > > a WSDL[1, link 3][2], then with WSDL in hand switch to a WSDL-first > > implementation where you can do whatever security options you want [1, > links > > 11-21, also the CXF WS-* samples]. > > > > Glen > > > > [1] http://www.jroller.com/gmazza/entry/blog_article_index (link 3) > > [2] > > > http://cxf.apache.org/docs/defining-contract-first-webservices-with-wsdl-generation-from-java.html > > > > On 10/17/2012 03:04 AM, Flavio Campana wrote: > > > > Hi everyone, > > i was looking for some example of implementing a web service with CXF > > wich used WS-Security and WS-SecurityPolicy using a code first approach. > > Do you know if there are any? > > > > Thanks. > > > > > > -- > > Glen Mazza > > Talend Community Coders - coders.talend.com > > blog: www.jroller.com/gmazza > > > > >
