The only real “API” that I’m aware of is Neethi, which is what we use.
My suggestion would be to write an interceptor that runs after our PolicyIn/OutInterceptors and does: AssertionInfoMap map = message.get(AssertionInfoMap.class); From that map, you can find the QNames and such of the policies that CXF is trying to use and use them to verify other settings on the message. Anything missing can be added as a property to the message itself. Dan On Dec 12, 2013, at 3:47 AM, Raagu <[email protected]> wrote: > I have a java application, in which I have used jaxws-ri library, to make > webservice calls to different webservice application. In order to make > webservice clients, I have used dispatch APIs. Now I'm making my code to > handle ws-security as well, if the webservice application exposes security > considerations interms of wsdl policies. To handle ws-security, since > jaxws-ri (reference implementation) does not support that,I have explored > other libraries and found Apache CXF does support that. I have tried running > sample client program using Apache CXF (doubleit services) and was able to > invoke webservice which has different policy assertion (STS, Encryption, > Addressing, Signature and so on). The sample snippet I tried are as follows. > > URL wsdlURL = new > URL("http://localhost:8080/doubleit/services/doubleit?wsdl";); > Service service = Service.create(wsdlURL, new > QName("http://www.example.org/contract/DoubleIt","DoubleItService";)); > Dispatch<SOAPMessage> disp = service.createDispatch(new > QName("http://www.example.org/contract/DoubleIt","DoubleItPort";), > SOAPMessage.class, Service.Mode.MESSAGE); > > MessageFactory factory = MessageFactory.newInstance(); > SOAPMessage loginRequestSOAPMesage = factory.createMessage(); > > SOAPPart requestSoapPart = loginRequestSOAPMesage.getSOAPPart(); > SOAPEnvelope requestEnvelope = requestSoapPart.getEnvelope(); > SOAPBody requestBody = requestEnvelope.getBody(); > SOAPBodyElement element = > requestBody.addBodyElement(requestEnvelope.createName("DoubleIt", "ser", > "http://www.example.org/schema/DoubleIt";)); > element.addChildElement("numberToDouble").addTextNode("222"); > > disp.getRequestContext().put("ws-security.encryption.username", > "mystskey"); > disp.getRequestContext().put("ws-security.encryption.properties", > "clientKeystore.properties"); > disp.getRequestContext().put("ws-security.callback-handler", > "client.ClientCallbackHandler"); > disp.getRequestContext().put("ws-security.username", "alice"); > > SOAPMessage response = disp.invoke(loginRequestSOAPMesage); > > In the above code, I had hard coded some of the ws-security properties with > values to make sure all the required values are present in the > requestContext based on the policy assertions in the wsdl. But my question > is how to make it generic ? Are there any APIs using which we can parse all > the policies from wsdl, pragmatically in Java, and based on the policies > present in the wsdl, we get required values and set to proper ws-security > properties ? I had googled for it in many places but I did not get relevant > topics of my interest ? > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/How-to-parse-wsdl-policies-in-java-tp5737761.html > Sent from the cxf-user mailing list archive at Nabble.com. -- Daniel Kulp [email protected] - http://dankulp.com/blog Talend Community Coder - http://coders.talend.com
