Hi, Take a look in following system tests: https://github.com/apache/cxf/blob/master/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/JavaFirstPolicyService.java https://github.com/apache/cxf/blob/master/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/javafirst/OperationSimpleServiceImpl.java
One possible issue is that uri attribute in @Policy annotation can be required to be in URI form (classpath:/xxx, file:///xxx). Do you register interceptor provider for the custom policy assertion or it contains standard assertions? What is your expectation from activating of custom policy? Regards, Andrei. > -----Original Message----- > From: [email protected] > [mailto:[email protected]] > Sent: Montag, 20. April 2015 12:24 > To: [email protected] > Subject: Custom WS-Security Policy for Webservice > > Hi all, > > I'm trying to apply a custom WS-Security policy to a web service. I'm using > wsimport from the jaxws-maven-plugin to generate the SEI. The > implementation of the SEI looks like this: > > > import javax.jws.WebService; > import org.apache.cxf.annotations.Policy; > import org.jboss.ws.api.annotation.EndpointConfig; > > @WebService( > portName = "VehicleOrderRetailDelivery", > serviceName = "VehicleOrderRetailDelivery", > targetNamespace = "some/namespace", > wsdlLocation = > "/WEB-INF/wsdl/VehicleOrderRetailDelivery.wsdl", > endpointInterface = > "mypackage.IVehicleOrderRetailDelivery" > ) > @Policies({@Policy(placement = Policy.Placement.BINDING, uri = > "CustomPolicy.xml", includeInWSDL=true)}) > @EndpointConfig(configFile = "WEB-INF/jaxws-endpoint-config.xml" > , configName = "Custom WS-Security Endpoint") > public class VehicleOrderRetailDelivery implements > IVehicleOrderRetailDelivery { > > public void report(@XmlElement(required = true) > ReportRequestType > reportRequest) { ... } > } > > > The problem is that the custom WS-Security policy is not active. If I send > requests to the endpoint using SoapUI, I get a soap fault telling me that > the message contains encrypted data. I'm using Wildfly 8.1.0 and I've > already set the log level to DEBUG but there is no information in the log > what goes wrong or why the policy is not active. This part of the log > makes me believe that there is some kind of policy that it is loaded > > 21:43:17,813 FINE [org.apache.cxf.phase.PhaseInterceptorChain] (default > task-5) Chain org.apache.cxf.phase.PhaseInterceptorChain@3aa6c815 was > modified. `Current flow:` > receive [PolicyInInterceptor, EndpointAssociationInterceptor, > AttachmentInInterceptor] > pre-stream [CertConstraintsInterceptor] > post-stream [StaxInInterceptor] > read [WSDLGetInterceptor, ReadHeadersInterceptor, > SoapActionInInterceptor, StartBodyInterceptor] > pre-protocol [EnableDecoupledFaultInterceptor, MEXInInterceptor, > MustUnderstandInterceptor] > pre-protocol-frontend [HandlerAuthInterceptor] > post-protocol [CheckFaultInterceptor, JAXBAttachmentSchemaValidationHack > ] > unmarshal [DocLiteralInInterceptor, SoapHeaderInterceptor] > pre-logical [NsCtxSelectorStoreInterceptor, OneWayProcessorInterceptor, > MustUnderstandEndingInterceptor] > post-logical [WrapperClassInInterceptor] > pre-invoke [SwAInInterceptor, HolderInInterceptor] > invoke [ServiceInvokerInterceptor, > UltimateReceiverMustUnderstandInterceptor] > post-invoke [OutgoingChainInterceptor, StaxInEndingInterceptor] > > but why is it not active? Does anybody have an idea why the custom policy > is not loaded? Any hints are highly appreciated. > > Cheers > Nik
