Hi, > Did you already try to get a WSDL from the service endpoint: http:// > host:port/SERVICE_ENDPOINT?wsdl ? > Is your policy populated in the WSDL? Yes, I tried but without success.
> If not, I would recommend to set endpoint in CXF class https:// > github.com/apache/cxf/blob/master/rt/ws/policy/src/main/java/org/ > apache/cxf/ws/policy/PolicyAnnotationListener.java , loading method > handleEvent() case ENDPOINT_SELECTED and debug policy loading. Thanks for the hint, I'll give it a try. Thanks Niko > > Regards, > Andrei. > > > -----Original Message----- > > From: [email protected] > > [mailto:[email protected]] > > Sent: Dienstag, 21. April 2015 12:46 > > To: [email protected] > > Subject: Antwort: RE: Custom WS-Security Policy for Webservice > > > > Hi, > > > > thanks for the link to the examples. I'm using a similar > configuration now, but > > without success. > > > > Concerning your questions: What I want to achieve is basically the policy > > described here ( > > http://docs.oasis-open.org/ws-sx/security-policy/examples/ws-sp-usecases- > > examples.html#_Toc274723250 > > ). The only difference is that I want to use Basic128 as the > Algorithm Suite. This > > is the requirement of our customer. Thus, I do not register an interceptor > > provider. The policy assertions I use should be standard, right? > > > > Thanks > > Niko > > > > Andrei Shakirin <[email protected]> schrieb am 20.04.2015 21:06:03: > > > > > Von: Andrei Shakirin <[email protected]> > > > An: "[email protected]" <[email protected]> > > > Datum: 20.04.2015 21:07 > > > Betreff: RE: Custom WS-Security Policy for Webservice > > > > > > Hi, > > > > > > Take a look in following system tests: > > > https://github.com/apache/cxf/blob/master/systests/ws-security/src/ > > > test/java/org/apache/cxf/systest/ws/policy/JavaFirstPolicyService.java > > > https://github.com/apache/cxf/blob/master/systests/ws-security/src/ > > > test/java/org/apache/cxf/systest/ws/policy/javafirst/ > > > OperationSimpleServiceImpl.java > > > > > > One possible issue is that uri attribute in @Policy annotation can be > > > required to be in URI form (classpath:/xxx, file:///xxx). > > > Do you register interceptor provider for the custom policy assertion > > > or it contains standard assertions? What is your expectation from > > > activating of custom policy? > > > > > > Regards, > > > Andrei. > > > > > > > -----Original Message----- > > > > From: [email protected] > > > > [mailto:[email protected]] > > > > Sent: Montag, 20. April 2015 12:24 > > > > To: [email protected] > > > > Subject: Custom WS-Security Policy for Webservice > > > > > > > > Hi all, > > > > > > > > I'm trying to apply a custom WS-Security policy to a web service. > > > > I'm > > using > > > > wsimport from the jaxws-maven-plugin to generate the SEI. The > > > > implementation of the SEI looks like this: > > > > > > > > > > > > import javax.jws.WebService; > > > > import org.apache.cxf.annotations.Policy; > > > > import org.jboss.ws.api.annotation.EndpointConfig; > > > > > > > > @WebService( > > > > portName = "VehicleOrderRetailDelivery", > > > > serviceName = "VehicleOrderRetailDelivery", > > > > targetNamespace = "some/namespace", > > > > wsdlLocation = > > > > "/WEB-INF/wsdl/VehicleOrderRetailDelivery.wsdl", > > > > endpointInterface = > > > > "mypackage.IVehicleOrderRetailDelivery" > > > > ) > > > > @Policies({@Policy(placement = Policy.Placement.BINDING, uri > > > > = "CustomPolicy.xml", includeInWSDL=true)}) > > > > @EndpointConfig(configFile = > > "WEB-INF/jaxws-endpoint-config.xml" > > > > , configName = "Custom WS-Security Endpoint") > > > > public class VehicleOrderRetailDelivery implements > > > > IVehicleOrderRetailDelivery { > > > > > > > > public void report(@XmlElement(required = true) > > > ReportRequestType > > > > reportRequest) { ... } > > > > } > > > > > > > > > > > > The problem is that the custom WS-Security policy is not active. If > > > > I > > send > > > > requests to the endpoint using SoapUI, I get a soap fault telling me > > that > > > > the message contains encrypted data. I'm using Wildfly 8.1.0 and > > > > I've already set the log level to DEBUG but there is no information > > > > in the > > log > > > > what goes wrong or why the policy is not active. This part of the > > > > log makes me believe that there is some kind of policy that it is > > > > loaded > > > > > > > > 21:43:17,813 FINE [org.apache.cxf.phase.PhaseInterceptorChain] > > (default > > > > task-5) Chain org.apache.cxf.phase.PhaseInterceptorChain@3aa6c815 > > > > was modified. `Current flow:` receive [PolicyInInterceptor, > > > > EndpointAssociationInterceptor, AttachmentInInterceptor] > > > > pre-stream [CertConstraintsInterceptor] > > > > post-stream [StaxInInterceptor] > > > > read [WSDLGetInterceptor, ReadHeadersInterceptor, > > > > SoapActionInInterceptor, StartBodyInterceptor] > > > > pre-protocol [EnableDecoupledFaultInterceptor, MEXInInterceptor, > > > > MustUnderstandInterceptor] > > > > pre-protocol-frontend [HandlerAuthInterceptor] > > > > post-protocol [CheckFaultInterceptor, > > JAXBAttachmentSchemaValidationHack > > > > ] > > > > unmarshal [DocLiteralInInterceptor, SoapHeaderInterceptor] > > > > pre-logical [NsCtxSelectorStoreInterceptor, > > OneWayProcessorInterceptor, > > > > MustUnderstandEndingInterceptor] > > > > post-logical [WrapperClassInInterceptor] > > > > pre-invoke [SwAInInterceptor, HolderInInterceptor] > > > > invoke [ServiceInvokerInterceptor, > > > > UltimateReceiverMustUnderstandInterceptor] > > > > post-invoke [OutgoingChainInterceptor, StaxInEndingInterceptor] > > > > > > > > but why is it not active? Does anybody have an idea why the custom > > policy > > > > is not loaded? Any hints are highly appreciated. > > > > > > > > Cheers > > > > Nik
