Hi, thanks for the link to the examples. I'm using a similar configuration now, but without success.
Concerning your questions: What I want to achieve is basically the policy described here ( http://docs.oasis-open.org/ws-sx/security-policy/examples/ws-sp-usecases-examples.html#_Toc274723250 ). The only difference is that I want to use Basic128 as the Algorithm Suite. This is the requirement of our customer. Thus, I do not register an interceptor provider. The policy assertions I use should be standard, right? Thanks Niko Andrei Shakirin <[email protected]> schrieb am 20.04.2015 21:06:03: > Von: Andrei Shakirin <[email protected]> > An: "[email protected]" <[email protected]> > Datum: 20.04.2015 21:07 > Betreff: RE: Custom WS-Security Policy for Webservice > > Hi, > > Take a look in following system tests: > https://github.com/apache/cxf/blob/master/systests/ws-security/src/ > test/java/org/apache/cxf/systest/ws/policy/JavaFirstPolicyService.java > https://github.com/apache/cxf/blob/master/systests/ws-security/src/ > test/java/org/apache/cxf/systest/ws/policy/javafirst/ > OperationSimpleServiceImpl.java > > One possible issue is that uri attribute in @Policy annotation can > be required to be in URI form (classpath:/xxx, file:///xxx). > Do you register interceptor provider for the custom policy assertion > or it contains standard assertions? What is your expectation from > activating of custom policy? > > Regards, > Andrei. > > > -----Original Message----- > > From: [email protected] > > [mailto:[email protected]] > > Sent: Montag, 20. April 2015 12:24 > > To: [email protected] > > Subject: Custom WS-Security Policy for Webservice > > > > Hi all, > > > > I'm trying to apply a custom WS-Security policy to a web service. I'm using > > wsimport from the jaxws-maven-plugin to generate the SEI. The > > implementation of the SEI looks like this: > > > > > > import javax.jws.WebService; > > import org.apache.cxf.annotations.Policy; > > import org.jboss.ws.api.annotation.EndpointConfig; > > > > @WebService( > > portName = "VehicleOrderRetailDelivery", > > serviceName = "VehicleOrderRetailDelivery", > > targetNamespace = "some/namespace", > > wsdlLocation = > > "/WEB-INF/wsdl/VehicleOrderRetailDelivery.wsdl", > > endpointInterface = > > "mypackage.IVehicleOrderRetailDelivery" > > ) > > @Policies({@Policy(placement = Policy.Placement.BINDING, uri = > > "CustomPolicy.xml", includeInWSDL=true)}) > > @EndpointConfig(configFile = "WEB-INF/jaxws-endpoint-config.xml" > > , configName = "Custom WS-Security Endpoint") > > public class VehicleOrderRetailDelivery implements > > IVehicleOrderRetailDelivery { > > > > public void report(@XmlElement(required = true) > ReportRequestType > > reportRequest) { ... } > > } > > > > > > The problem is that the custom WS-Security policy is not active. If I send > > requests to the endpoint using SoapUI, I get a soap fault telling me that > > the message contains encrypted data. I'm using Wildfly 8.1.0 and I've > > already set the log level to DEBUG but there is no information in the log > > what goes wrong or why the policy is not active. This part of the log > > makes me believe that there is some kind of policy that it is loaded > > > > 21:43:17,813 FINE [org.apache.cxf.phase.PhaseInterceptorChain] (default > > task-5) Chain org.apache.cxf.phase.PhaseInterceptorChain@3aa6c815 was > > modified. `Current flow:` > > receive [PolicyInInterceptor, EndpointAssociationInterceptor, > > AttachmentInInterceptor] > > pre-stream [CertConstraintsInterceptor] > > post-stream [StaxInInterceptor] > > read [WSDLGetInterceptor, ReadHeadersInterceptor, > > SoapActionInInterceptor, StartBodyInterceptor] > > pre-protocol [EnableDecoupledFaultInterceptor, MEXInInterceptor, > > MustUnderstandInterceptor] > > pre-protocol-frontend [HandlerAuthInterceptor] > > post-protocol [CheckFaultInterceptor, JAXBAttachmentSchemaValidationHack > > ] > > unmarshal [DocLiteralInInterceptor, SoapHeaderInterceptor] > > pre-logical [NsCtxSelectorStoreInterceptor, OneWayProcessorInterceptor, > > MustUnderstandEndingInterceptor] > > post-logical [WrapperClassInInterceptor] > > pre-invoke [SwAInInterceptor, HolderInInterceptor] > > invoke [ServiceInvokerInterceptor, > > UltimateReceiverMustUnderstandInterceptor] > > post-invoke [OutgoingChainInterceptor, StaxInEndingInterceptor] > > > > but why is it not active? Does anybody have an idea why the custom policy > > is not loaded? Any hints are highly appreciated. > > > > Cheers > > Nik
