What version of CXF are you using? How is the policy referenced? Do you have the cxf-rt-ws-policy jar on the classpath?
Colm. On Thu, Oct 24, 2013 at 11:31 AM, markh <[email protected]> wrote: > Hi, > > I have a CXF web service with a security policy defined in the WSDL (based > on one of the examples I think), it works almost fine when called from > SoapUI. I say almost because it returns security info in the response which > I believe it shouldn't do, based on what the spec says about > AlwaysToRecipient, but that's a different problem. > > <wsp:Policy wsu:Id="UsernameTokenPolicy"> > <sp:UsernameToken > > sp:IncludeToken=" > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient > "> > <wsp:Policy> > <sp:WssUsernameToken11/> > </wsp:Policy> > </sp:UsernameToken> > </wsp:Policy> > > The problem I am seeing is security headers are not added by the client > when > relying on the policy in the WSDL. Neither of the following configurations > work: > > <jaxws:client id="client" > > > serviceClass="org.apache.camel.example.reportincident.ReportIncidentEndpoint" > address="http://fnd2012:9087/report";> > <jaxws:properties> > <entry key="ws-security.username" value="User" /> > <entry key="ws-security.password" value="Pass" /> > </jaxws:properties> > </jaxws:client> > > <jaxws:client id="client" > > > serviceClass="org.apache.camel.example.reportincident.ReportIncidentEndpoint" > address="http://fnd2012:9087/report";> > <jaxws:properties> > <entry key="ws-security.username" value="User" /> > <entry key="ws-security.callback-handler" > value-ref="myPasswordCallback"/> > </jaxws:properties> > </jaxws:client> > > However it works if I configure a WSS4JOutInterceptor as follows: > > <jaxws:client id="client" > > > serviceClass="org.apache.camel.example.reportincident.ReportIncidentEndpoint" > address="http://fnd2012:9087/report";> > <jaxws:outInterceptors> > <bean > class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"> > <constructor-arg> > <map> > <entry key="action" value="UsernameToken"/> > <entry key="user" value="User"/> > <entry key="passwordType" value="PasswordText"/> > <entry key="passwordCallbackRef" > value-ref="myPasswordCallback"/> > </map> > </constructor-arg> > </bean> > </jaxws:outInterceptors> > </jaxws:client> > > Any ideas where I am going wrong? > > TIA > > Mark > > > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/WS-SecurityPolicy-seems-to-be-ignored-on-client-side-tp5735502.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
