Hi, One option is using policy attachments (http://www.w3.org/TR/ws-policy-attach/ ), in this case is not necessary to modify WSDL - it is enough to update appropriate policy URL in attachment:
<wsp:PolicyAttachment xmlns:wsp="http://www.w3.org/ns/ws-policy";> <wsp:AppliesTo> <wsp:URI>http://cxf.apache.org/MyService#wsdl11.service(MyServiceProvider)</wsp:URI> </wsp:AppliesTo> <wsp:PolicyReference URI=" http://www.example.com/mySigningPolicy " /> </wsp:PolicyAttachment> The second option is configure WSS4J Interceptors programmatically using old style Action configuration: http://cxf.apache.org/docs/ws-security.html. A bit more involved is applying policies dynamically without restarting client/service. It is possible using message context property PolicyConstants.POLICY_OVERRIDE: http://ashakirin.blogspot.de/2012/02/using-ws-policy-in-cxf-projects.html. Regards, Andrei. > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of > André von Deetzen > Sent: Montag, 2. Februar 2015 10:58 > To: [email protected] > Subject: Toggle signing of messages with SOAP-Messages > > Hi, > > we're using a soap service that wants our clients to sign their messages via a > SOAP-Policy and it is marked strict. > > Is there a setting / toggle that we can use to temporarily disable the use of > the > automatic configured WSS4J interceptors without changing the wsdl and force > our clients to redeploy? Or is removing the policy inside our wsdl the only > way > to deal with the automatic configuration? > > Thanks in advance > André
