Hi, You can reuse CXF STSClient to get security token from STS (org.apache.cxf.ws.security.trust.STSClient). Look in IssuedTokenInterceptorProvider code to understand how to call STSClient (org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider.getTokenFromSTS()) You can also see how CXF cache for security token is implemented: IssuedTokenInterceptorProvider.handleMessage(): retrieveCachedToken(); getTokenStore(message).add(tok).
Injection security token is more tricky. You can refer AbstractBindingBuilder.handleSupportingTokens(), AbstractBindingBuilder.addSupportingTokens(), AsymmetricBindingHandler.doSignBeforeEncrypt() and doEncryptBeforeSign(); SymmetricBindingHandler and TransportBindingHandler. Just out of curiosity: which requirements impede of using standard CXF caching mechanism for security tokens? Regards, Andrei. > -----Original Message----- > From: patch_78 [mailto:[email protected]] > Sent: Sonntag, 14. April 2013 18:23 > To: [email protected] > Subject: Re: How to call STS directly and cache security token > > Hi Andrei, > > Thank you for your reply. > > My requirement is actually Client explicitly gets security token from STS, > injects the security token into SOAP header, and organizes its own caching. > Is it possible for CXF framework? Do you have any suggestions or examples ? > > Thanks! > patch > > > > -- > View this message in context: http://cxf.547215.n5.nabble.com/How-to-call- > STS-directly-and-cache-security-token-tp5726259p5726266.html > Sent from the cxf-user mailing list archive at Nabble.com.
