Hi Bob, I don't know of any currently-supported frameworks that would work with this out of the box, and in any case you're likely to be stuck with configuring the handling yourself. You could probably do this using CXF, though because of the old standards in use you'd likely need to write your own interceptors (which would in turn call WSS4J to do the actual security processing) rather than just configuring the security operations directly.
I've worked with several clients on compatibility with older WS-Security implementations, and I think I could help you with this if you can pay for some consulting time. Would that be a possibility? If not, you could look at the WS-Security Wrapper I wrote, as one way of handling this: http://wsswrapper.sourceforge.net/ The wrapper basically talks plain XML on one side and WS-Security SOAP on the other. That may not be exactly what you want, but the code should show you how to do the basic security operations with WSS4J. I'll copy this to the list, too, but without the plug for my services. :-) Regards, - Dennis Dennis M. Sosnoski Java SOA and Web Services Consulting CXF and Web Services Security Training Web Services Jump-Start Bob Ross wrote .. > Thanks for the reply! > > Figures, since it is a state run web service. > > Do you have any advice on how to approach it? Â Are there any frameworks > that will understand it out of the box? Â Or am I stuck configuring an > outInterceptor by hand? > > > ________________________________ > From: coheigea [via CXF] <[email protected]> > To: Bob Ross <[email protected]> > Sent: Monday, January 21, 2013 4:02 AM > Subject: Re: Best CXF client approach for remote WSDL using wsp:Policy > > > Hi Bob, > > > I am having trouble making a CXF client that works with the following > WSDL: > > http://pastebin.com/9nCh5fBTÂ <http://pastebin.com/9nCh5fBT> (the actual > location is client-SSL protected) > > That WSDL contains WS-SecurityPolicy 1.0 assertions (such as > wssp:Integrity) that are not supported in CXF. This specification is quite > old and not used any more - the current version is WS-SecurityPolicy 1.3. > > > I thought I read somewhere on the CXF website that "*In CXF 2.2, if the > > cxf-rt-ws-policy and cxf-rt-ws-security modules are available on the > > classpath, the WS-SecurityPolicy stuff is automatically enabled*". > > This is correct. However, the SecurityPolicy layer in CXF does not support > the old 1.0 specification. > > Colm. > > On Fri, Jan 18, 2013 at 9:51 PM, Bob Ross <[hidden email]> wrote: > > > > I am having trouble making a CXF client that works with the following > WSDL: > > http://pastebin.com/9nCh5fBTÂ (the actual location is client-SSL protected) > > > > I have tried multiple approaches to generating a client that fulfills > the > > security policies it dictates, but I'm either encrypting too much or > it > > says > > my signature is invalid... > > > > I am currently trying to get a > > "org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor" to work with no > > success. > > > > I thought I read somewhere on the CXF website that "*In CXF 2.2, if the > > cxf-rt-ws-policy and cxf-rt-ws-security modules are available on the > > classpath, the WS-SecurityPolicy stuff is automatically enabled*". Â Does > > that mean it can dynamically handle all WS-Security related parts to > a WSDL > > as long as you provide it the properties to your keystore. Â Is that > where > > you make a "<jaxws:client>" in Spring and just pass it "ws-security.*" > > properties? Â I want to make sure I won't waste my time with that approach. > > > > > > > > -- > > View this message in context: > > http://cxf.547215.n5.nabble.com/Best-CXF-client-approach-for-remote-WSDL-using-wsp-Policy-tp5721874.html > > Sent from the cxf-user mailing list archive at Nabble.com. > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > > > ________________________________ > > If you reply to this email, your message will be added to the discussion > below: > http://cxf.547215.n5.nabble.com/Best-CXF-client-approach-for-remote-WSDL-using-wsp-Policy-tp5721874p5721924.html > To unsubscribe from Best CXF client approach for remote WSDL using wsp:Policy, > click here. > NAML > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/Best-CXF-client-approach-for-remote-WSDL-using-wsp-Policy-tp5721874p5721954.html > Sent from the cxf-user mailing list archive at Nabble.com.
