Thanks for the reply! Figures, since it is a state run web service.
Do you have any advice on how to approach it? Are there any frameworks that will understand it out of the box? Or am I stuck configuring an outInterceptor by hand? ________________________________ From: coheigea [via CXF] <[email protected]> To: Bob Ross <[email protected]> Sent: Monday, January 21, 2013 4:02 AM Subject: Re: Best CXF client approach for remote WSDL using wsp:Policy Hi Bob, > I am having trouble making a CXF client that works with the following WSDL: > http://pastebin.com/9nCh5fBT <http://pastebin.com/9nCh5fBT> (the actual location is client-SSL protected) That WSDL contains WS-SecurityPolicy 1.0 assertions (such as wssp:Integrity) that are not supported in CXF. This specification is quite old and not used any more - the current version is WS-SecurityPolicy 1.3. > I thought I read somewhere on the CXF website that "*In CXF 2.2, if the > cxf-rt-ws-policy and cxf-rt-ws-security modules are available on the > classpath, the WS-SecurityPolicy stuff is automatically enabled*". This is correct. However, the SecurityPolicy layer in CXF does not support the old 1.0 specification. Colm. On Fri, Jan 18, 2013 at 9:51 PM, Bob Ross <[hidden email]> wrote: > I am having trouble making a CXF client that works with the following WSDL: > http://pastebin.com/9nCh5fBT (the actual location is client-SSL protected) > > I have tried multiple approaches to generating a client that fulfills the > security policies it dictates, but I'm either encrypting too much or it > says > my signature is invalid... > > I am currently trying to get a > "org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor" to work with no > success. > > I thought I read somewhere on the CXF website that "*In CXF 2.2, if the > cxf-rt-ws-policy and cxf-rt-ws-security modules are available on the > classpath, the WS-SecurityPolicy stuff is automatically enabled*". Does > that mean it can dynamically handle all WS-Security related parts to a WSDL > as long as you provide it the properties to your keystore. Is that where > you make a "<jaxws:client>" in Spring and just pass it "ws-security.*" > properties? I want to make sure I won't waste my time with that approach. > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/Best-CXF-client-approach-for-remote-WSDL-using-wsp-Policy-tp5721874.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com ________________________________ If you reply to this email, your message will be added to the discussion below: http://cxf.547215.n5.nabble.com/Best-CXF-client-approach-for-remote-WSDL-using-wsp-Policy-tp5721874p5721924.html To unsubscribe from Best CXF client approach for remote WSDL using wsp:Policy, click here. NAML -- View this message in context: http://cxf.547215.n5.nabble.com/Best-CXF-client-approach-for-remote-WSDL-using-wsp-Policy-tp5721874p5721954.html Sent from the cxf-user mailing list archive at Nabble.com.
