Hi, I see that the wsdl wasn't referenced in your jaxws:client configuration. In this case client will started, but doesn't apply the policy. Do you bind you policy in other way (annotations, etc)? If not, I would try the following:
<jaxws:client id="client" xmlns:serviceNamespace="wsdl namespace" serviceName=" serviceNamespace:wsdl service name" endpointName="serviceNamespace:wsdl port name" wsdlLocation="location of your wsdl containing the policy" serviceClass="org.apache.camel.example.reportincident.ReportIncidentEndpoint" address="http://fnd2012:9087/report";> <jaxws:properties> <entry key="ws-security.username" value="User" /> <entry key="ws-security.password" value="Pass" /> </jaxws:properties> </jaxws:client> Regards, Andrei. > -----Original Message----- > From: markh [mailto:[email protected]] > Sent: Donnerstag, 24. Oktober 2013 12:31 > To: [email protected] > Subject: WS-SecurityPolicy seems to be ignored on client side > > Hi, > > I have a CXF web service with a security policy defined in the WSDL (based on > one of the examples I think), it works almost fine when called from SoapUI. I > say almost because it returns security info in the response which I believe it > shouldn't do, based on what the spec says about AlwaysToRecipient, but > that's a different problem. > > <wsp:Policy wsu:Id="UsernameTokenPolicy"> > <sp:UsernameToken > > sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws- > securitypolicy/200702/IncludeToken/AlwaysToRecipient"> > <wsp:Policy> > <sp:WssUsernameToken11/> > </wsp:Policy> > > </sp:UsernameToken> > </wsp:Policy> > > The problem I am seeing is security headers are not added by the client > when relying on the policy in the WSDL. Neither of the following > configurations > work: > > <jaxws:client id="client" > > serviceClass="org.apache.camel.example.reportincident.ReportIncidentEnd > point" > address="http://fnd2012:9087/report";> > <jaxws:properties> > <entry key="ws-security.username" value="User" /> > <entry key="ws-security.password" value="Pass" /> > </jaxws:properties> > </jaxws:client> > > <jaxws:client id="client" > > serviceClass="org.apache.camel.example.reportincident.ReportIncidentEnd > point" > address="http://fnd2012:9087/report";> > <jaxws:properties> > <entry key="ws-security.username" value="User" /> > <entry key="ws-security.callback-handler" > value-ref="myPasswordCallback"/> > </jaxws:properties> > </jaxws:client> > > However it works if I configure a WSS4JOutInterceptor as follows: > > <jaxws:client id="client" > > serviceClass="org.apache.camel.example.reportincident.ReportIncidentEnd > point" > address="http://fnd2012:9087/report";> > <jaxws:outInterceptors> > <bean > class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"> > <constructor-arg> > <map> > <entry key="action" value="UsernameToken"/> > <entry key="user" value="User"/> > <entry key="passwordType" value="PasswordText"/> > <entry key="passwordCallbackRef" > value-ref="myPasswordCallback"/> > </map> > </constructor-arg> > </bean> > </jaxws:outInterceptors> > </jaxws:client> > > Any ideas where I am going wrong? > > TIA > > Mark > > > > > > -- > View this message in context: http://cxf.547215.n5.nabble.com/WS- > SecurityPolicy-seems-to-be-ignored-on-client-side-tp5735502.html > Sent from the cxf-user mailing list archive at Nabble.com.
