Hi, Did you already try to get a WSDL from the service endpoint: http://host:port/SERVICE_ENDPOINT?wsdl ? Is your policy populated in the WSDL?
If not, I would recommend to set endpoint in CXF class https://github.com/apache/cxf/blob/master/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyAnnotationListener.java , loading method handleEvent() case ENDPOINT_SELECTED and debug policy loading. Regards, Andrei. > -----Original Message----- > From: [email protected] > [mailto:[email protected]] > Sent: Dienstag, 21. April 2015 12:46 > To: [email protected] > Subject: Antwort: RE: Custom WS-Security Policy for Webservice > > Hi, > > thanks for the link to the examples. I'm using a similar configuration now, > but > without success. > > Concerning your questions: What I want to achieve is basically the policy > described here ( > http://docs.oasis-open.org/ws-sx/security-policy/examples/ws-sp-usecases- > examples.html#_Toc274723250 > ). The only difference is that I want to use Basic128 as the Algorithm Suite. > This > is the requirement of our customer. Thus, I do not register an interceptor > provider. The policy assertions I use should be standard, right? > > Thanks > Niko > > Andrei Shakirin <[email protected]> schrieb am 20.04.2015 21:06:03: > > > Von: Andrei Shakirin <[email protected]> > > An: "[email protected]" <[email protected]> > > Datum: 20.04.2015 21:07 > > Betreff: RE: Custom WS-Security Policy for Webservice > > > > Hi, > > > > Take a look in following system tests: > > https://github.com/apache/cxf/blob/master/systests/ws-security/src/ > > test/java/org/apache/cxf/systest/ws/policy/JavaFirstPolicyService.java > > https://github.com/apache/cxf/blob/master/systests/ws-security/src/ > > test/java/org/apache/cxf/systest/ws/policy/javafirst/ > > OperationSimpleServiceImpl.java > > > > One possible issue is that uri attribute in @Policy annotation can be > > required to be in URI form (classpath:/xxx, file:///xxx). > > Do you register interceptor provider for the custom policy assertion > > or it contains standard assertions? What is your expectation from > > activating of custom policy? > > > > Regards, > > Andrei. > > > > > -----Original Message----- > > > From: [email protected] > > > [mailto:[email protected]] > > > Sent: Montag, 20. April 2015 12:24 > > > To: [email protected] > > > Subject: Custom WS-Security Policy for Webservice > > > > > > Hi all, > > > > > > I'm trying to apply a custom WS-Security policy to a web service. > > > I'm > using > > > wsimport from the jaxws-maven-plugin to generate the SEI. The > > > implementation of the SEI looks like this: > > > > > > > > > import javax.jws.WebService; > > > import org.apache.cxf.annotations.Policy; > > > import org.jboss.ws.api.annotation.EndpointConfig; > > > > > > @WebService( > > > portName = "VehicleOrderRetailDelivery", > > > serviceName = "VehicleOrderRetailDelivery", > > > targetNamespace = "some/namespace", > > > wsdlLocation = > > > "/WEB-INF/wsdl/VehicleOrderRetailDelivery.wsdl", > > > endpointInterface = > > > "mypackage.IVehicleOrderRetailDelivery" > > > ) > > > @Policies({@Policy(placement = Policy.Placement.BINDING, uri > > > = "CustomPolicy.xml", includeInWSDL=true)}) > > > @EndpointConfig(configFile = > "WEB-INF/jaxws-endpoint-config.xml" > > > , configName = "Custom WS-Security Endpoint") > > > public class VehicleOrderRetailDelivery implements > > > IVehicleOrderRetailDelivery { > > > > > > public void report(@XmlElement(required = true) > > ReportRequestType > > > reportRequest) { ... } > > > } > > > > > > > > > The problem is that the custom WS-Security policy is not active. If > > > I > send > > > requests to the endpoint using SoapUI, I get a soap fault telling me > that > > > the message contains encrypted data. I'm using Wildfly 8.1.0 and > > > I've already set the log level to DEBUG but there is no information > > > in the > log > > > what goes wrong or why the policy is not active. This part of the > > > log makes me believe that there is some kind of policy that it is > > > loaded > > > > > > 21:43:17,813 FINE [org.apache.cxf.phase.PhaseInterceptorChain] > (default > > > task-5) Chain org.apache.cxf.phase.PhaseInterceptorChain@3aa6c815 > > > was modified. `Current flow:` receive [PolicyInInterceptor, > > > EndpointAssociationInterceptor, AttachmentInInterceptor] > > > pre-stream [CertConstraintsInterceptor] > > > post-stream [StaxInInterceptor] > > > read [WSDLGetInterceptor, ReadHeadersInterceptor, > > > SoapActionInInterceptor, StartBodyInterceptor] > > > pre-protocol [EnableDecoupledFaultInterceptor, MEXInInterceptor, > > > MustUnderstandInterceptor] > > > pre-protocol-frontend [HandlerAuthInterceptor] > > > post-protocol [CheckFaultInterceptor, > JAXBAttachmentSchemaValidationHack > > > ] > > > unmarshal [DocLiteralInInterceptor, SoapHeaderInterceptor] > > > pre-logical [NsCtxSelectorStoreInterceptor, > OneWayProcessorInterceptor, > > > MustUnderstandEndingInterceptor] > > > post-logical [WrapperClassInInterceptor] > > > pre-invoke [SwAInInterceptor, HolderInInterceptor] > > > invoke [ServiceInvokerInterceptor, > > > UltimateReceiverMustUnderstandInterceptor] > > > post-invoke [OutgoingChainInterceptor, StaxInEndingInterceptor] > > > > > > but why is it not active? Does anybody have an idea why the custom > policy > > > is not loaded? Any hints are highly appreciated. > > > > > > Cheers > > > Nik
