There is no really easy way to do this. The WS-SecurityPolicy approach will only work with the TransportBinding, which is only applicable if the endpoint is secured using TLS. The non-TLS bindings (Symmetric + Asymmetric) will not work without signing/encrypting the request.
Probably the best approach is to write your own code to put the Timestamp + BinarySecurityToken in the security header using WSS4J's internal functionality. For example, here are some tests that manually add both a Timestamp + BinarySecurityToken to the security header of a request: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/message/TimestampTest.java?view=markup http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/message/token/BinarySecurityTokenTest.java?view=markup Colm. On Thu, Apr 11, 2013 at 11:00 PM, Rubicon <[email protected]> wrote: > I just need to create the security header with a Timestamp and the BST, > without signing or encrypting... I found this topic ( x 509 security token > <http://cxf.547215.n5.nabble.com/x-509-security-token-td5150380.html> ) > that seems to be more in the direction I need, so I have started chasing > it... > > But now I am hitting an assertion: *HttpsToken could not be asserted: Not > an > HTTPs connection* > > The URL of the web service I am connecting to is HTTP://, not HTTPS://, > but > I cannot seem to change HttpsToken to HttpToken, even if I include older > ws-security schemas that did have HttpToken. > > Am I on the right track? How can I get past this? Here is my policy: > > / > <wsdl:binding name="{method}Soap" type="tns:{method}Soap"> > <wsp:PolicyReference URI="#{method}SupportingTokenPolicy" /> > .... > </wsdl:binding> > .... > <wsp:Policy wsu:Id="{method}SupportingTokenPolicy"> > <wsp:ExactlyOne> > <wsp:All> > <sp:TransportBinding> > <wsp:Policy> > <sp:TransportToken> > <wsp:Policy> > <sp:HttpsToken> > <wsp:Policy/> > </sp:HttpsToken> > </wsp:Policy> > </sp:TransportToken> > <sp:Layout> > <wsp:Policy> > <sp:Lax /> > </wsp:Policy> > </sp:Layout> > <sp:IncludeTimestamp /> > <sp:AlgorithmSuite> > <wsp:Policy> > <sp:Basic128 /> > </wsp:Policy> > </sp:AlgorithmSuite> > </wsp:Policy> > </sp:TransportBinding> > <sp:SupportingTokens> > <wsp:Policy> > <sp:X509Token > > sp:IncludeToken=" > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient > "> > <wsp:Policy> > <sp:WssX509V3Token10 /> > </wsp:Policy> > </sp:X509Token> > </wsp:Policy> > </sp:SupportingTokens> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > / > > Thanks again for everyone's help. > > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/CXF-client-to-NET-web-service-attempting-to-create-BinarySecurityToken-BST-tp5726168p5726189.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
