Hi Andrei, I have finally had time to look into this issue again. It has been a while. :) I have looked through the example in samples/ws_security/ut_policy but I don't quite get it. Maybe the missing part is I forgot to mention I am doing java first for creating my WS server. I am looking for ways to add WS security (as simply as plain text username/password) to my existing web services (generated by CXF java-first method). All I am doing now is putting annotation in front of my java code and then the web services are generated automatically through CXF (please see my server side code snippet below).
I suspect I would need to 1. Add configuration to enable WS security (adding WS security annotation?) 2. Create an interceptor (or handler) to verify the username/password 3. Have client put username/password in the SOAP header Could you kindly point me to a document or an example that I can follow if possible please? Thanks a lot. ~Adam Interface class DWHServer.java: @WebService(name="DWHServer", targetNamespace="http://www.adcom.uci.edu";) public interface DWHServer { public List<ChartValidation> isValidKFSCharts( @WebParam(name="kfsChartList") List<ChartParameters> kfsChartList); } .... } Implementation class DWHServerImpl.java: @WebService(endpointInterface = "edu.uci.oit.dwh.webservices.DWHServer", serviceName = "DWHServer") @InInterceptors(interceptors={"edu.uci.oit.dwh.webservices.WSSecurityInterceptor"}) public class DWHServerImpl implements DWHServer { public List<ChartValidation> isValidKFSCharts(List<ChartParameters> kfsChartList) { .... } } -- View this message in context: http://cxf.547215.n5.nabble.com/Interceptors-for-WS-security-tp5722285p5724323.html Sent from the cxf-user mailing list archive at Nabble.com.
