Hi, I think you just insulted a whole bunch of people who work with java first every day - me included. And I have years and years of contract first experience to fall back on, but I prefer java first for my current product work as it just makes sense.
Each to their own I say Cheers Jason On Thu, Oct 18, 2012 at 10:00 PM, Glen Mazza <[email protected]> wrote: > I still hold to my recommendation. Attaching policy with Java first is not > portable and not defined in any spec (not to say messier and more complex > than just directly storing the security in the WSDL.) Java-first is usually > the "training wheels" way of implementing web services, once you're ready to > move to WS-Policy you should first become comfortable with WSDLs, and if > you're not comfortable with the latter IMO you're not ready to be > implementing secure solutions with SOAP. > > Glen > > > On Thu, Oct 18, 2012 at 11:45 AM, <[email protected]> wrote: >>>> >>>> Actually java first in cxf supports ws-policy very nicely. I have been >>>> contributing some additional work in this area and I don't think you >>>> need to >>>> go to the trouble of having to manually manipulate a wsdl post gen. >>>> >>>> With 2.7.1 snapshot I have added additional work to ensure that even if >>>> you >>>> want to use external ws policy attachments you can have them applied at >>>> the >>>> binding operation level. >>>> >>>> Or you can annotate the web service interface with either a classpath >>>> reference to a policy file or you can use a #id to refer to q policy >>>> embedded in spring context. You can use spring imports to import a >>>> policy >>>> file but it will need to be embedded in a spring bean xml tag. >>>> >>>> I have been very happy with all these approaches and performed a lot of >>>> testing and it works very well in 2.7 onwards. 2.7.1 just has one >>>> enhancement to include policies ij wsdl that have been applied at the op >>>> message level. >>>> >>>> Happy to provide additional info about all this >>>> >>>> Sent from my Galaxy S2 >>>> >>>> On Oct 18, 2012 8:38 AM, "Glen Mazza"<[email protected]> wrote: >>>>> >>>>> I'd recommend building a Java-first web service in order to >>>>> auto-generate >>>>> a WSDL[1, link 3][2], then with WSDL in hand switch to a WSDL-first >>>>> implementation where you can do whatever security options you want [1, >>>>> links >>>>> 11-21, also the CXF WS-* samples]. >>>>> >>>>> Glen >>>>> >>>>> [1]http://www.jroller.com/gmazza/entry/blog_article_index (link 3) >>>>> [2] >>>>> >>>>> http://cxf.apache.org/docs/defining-contract-first-webservices-with-wsdl-generation-from-java.html >>>>> >>>>> On 10/17/2012 03:04 AM, Flavio Campana wrote: >>>>>> >>>>>> Hi everyone, >>>>>> i was looking for some example of implementing a web service with CXF >>>>>> wich used WS-Security and WS-SecurityPolicy using a code first >>>>>> approach. >>>>>> Do you know if there are any? >>>>>> >>>>>> Thanks. >>>>> >>>>> >>>>> -- >>>>> Glen Mazza >>>>> Talend Community Coders - coders.talend.com >>>>> blog:www.jroller.com/gmazza >>>>> >> > > > -- > Glen Mazza > Talend Community Coders - coders.talend.com > blog: www.jroller.com/gmazza >
