Hi, > > If not, I would recommend to set endpoint in CXF class https:// > > github.com/apache/cxf/blob/master/rt/ws/policy/src/main/java/org/ > > apache/cxf/ws/policy/PolicyAnnotationListener.java , loading method > > handleEvent() case ENDPOINT_SELECTED and debug policy loading. > Thanks for the hint, I'll give it a try.
I've debugged the PlicyAnnotationListener at the recommended position, but no result. Both methods in case ENDPOINT_SELECTED (addPolicies(...) and addEndpointImplPolicies(...)) do not add a policy since the policy lists are always empty (null). The reason for this is probably that the PropertyMap of the endpoint interface is also null. In summray, no policies (policy annotations) are found. Do you have any idea/recommendation how to proceed? Do you think the reason might be that I missed some important configuration, e.g., a namespace in the policy file or something else (I don't think so since the examples don't use any custom namespaces)? In which environment did you run your sample projects? Maybe I'll give it a try to switch... Thanks Niko > > Thanks > Niko > > > > > Regards, > > Andrei. > > > > > -----Original Message----- > > > From: [email protected] > > > [mailto:[email protected]] > > > Sent: Dienstag, 21. April 2015 12:46 > > > To: [email protected] > > > Subject: Antwort: RE: Custom WS-Security Policy for Webservice > > > > > > Hi, > > > > > > thanks for the link to the examples. I'm using a similar > > configuration now, but > > > without success. > > > > > > Concerning your questions: What I want to achieve is basically the > policy > > > described here ( > > > > http://docs.oasis-open.org/ws-sx/security-policy/examples/ws-sp-usecases- > > > examples.html#_Toc274723250 > > > ). The only difference is that I want to use Basic128 as the > > Algorithm Suite. This > > > is the requirement of our customer. Thus, I do not register an > interceptor > > > provider. The policy assertions I use should be standard, right? > > > > > > Thanks > > > Niko > > > > > > Andrei Shakirin <[email protected]> schrieb am 20.04.2015 21:06:03: > > > > > > > Von: Andrei Shakirin <[email protected]> > > > > An: "[email protected]" <[email protected]> > > > > Datum: 20.04.2015 21:07 > > > > Betreff: RE: Custom WS-Security Policy for Webservice > > > > > > > > Hi, > > > > > > > > Take a look in following system tests: > > > > https://github.com/apache/cxf/blob/master/systests/ws-security/src/ > > > > > test/java/org/apache/cxf/systest/ws/policy/JavaFirstPolicyService.java > > > > https://github.com/apache/cxf/blob/master/systests/ws-security/src/ > > > > test/java/org/apache/cxf/systest/ws/policy/javafirst/ > > > > OperationSimpleServiceImpl.java > > > > > > > > One possible issue is that uri attribute in @Policy annotation can > be > > > > required to be in URI form (classpath:/xxx, file:///xxx). > > > > Do you register interceptor provider for the custom policy assertion > > > > or it contains standard assertions? What is your expectation from > > > > activating of custom policy? > > > > > > > > Regards, > > > > Andrei. > > > > > > > > > -----Original Message----- > > > > > From: [email protected] > > > > > [mailto:[email protected]] > > > > > Sent: Montag, 20. April 2015 12:24 > > > > > To: [email protected] > > > > > Subject: Custom WS-Security Policy for Webservice > > > > > > > > > > Hi all, > > > > > > > > > > I'm trying to apply a custom WS-Security policy to a web service. > > > > > I'm > > > using > > > > > wsimport from the jaxws-maven-plugin to generate the SEI. The > > > > > implementation of the SEI looks like this: > > > > > > > > > > > > > > > import javax.jws.WebService; > > > > > import org.apache.cxf.annotations.Policy; > > > > > import org.jboss.ws.api.annotation.EndpointConfig; > > > > > > > > > > @WebService( > > > > > portName = "VehicleOrderRetailDelivery", > > > > > serviceName = "VehicleOrderRetailDelivery", > > > > > targetNamespace = "some/namespace", > > > > > wsdlLocation = > > > > > "/WEB-INF/wsdl/VehicleOrderRetailDelivery.wsdl", > > > > > endpointInterface = > > > > > "mypackage.IVehicleOrderRetailDelivery" > > > > > ) > > > > > @Policies({@Policy(placement = Policy.Placement.BINDING, > uri > > > > > = "CustomPolicy.xml", includeInWSDL=true)}) > > > > > @EndpointConfig(configFile = > > > "WEB-INF/jaxws-endpoint-config.xml" > > > > > , configName = "Custom WS-Security Endpoint") > > > > > public class VehicleOrderRetailDelivery implements > > > > > IVehicleOrderRetailDelivery { > > > > > > > > > > public void report(@XmlElement(required = true) > > > > ReportRequestType > > > > > reportRequest) { ... } > > > > > } > > > > > > > > > > > > > > > The problem is that the custom WS-Security policy is not active. > If > > > > > I > > > send > > > > > requests to the endpoint using SoapUI, I get a soap fault telling > me > > > that > > > > > the message contains encrypted data. I'm using Wildfly 8.1.0 and > > > > > I've already set the log level to DEBUG but there is no > information > > > > > in the > > > log > > > > > what goes wrong or why the policy is not active. This part of the > > > > > log makes me believe that there is some kind of policy that it is > > > > > loaded > > > > > > > > > > 21:43:17,813 FINE [org.apache.cxf.phase.PhaseInterceptorChain] > > > (default > > > > > task-5) Chain org.apache.cxf.phase.PhaseInterceptorChain@3aa6c815 > > > > > was modified. `Current flow:` receive [PolicyInInterceptor, > > > > > EndpointAssociationInterceptor, AttachmentInInterceptor] > > > > > pre-stream [CertConstraintsInterceptor] > > > > > post-stream [StaxInInterceptor] > > > > > read [WSDLGetInterceptor, ReadHeadersInterceptor, > > > > > SoapActionInInterceptor, StartBodyInterceptor] > > > > > pre-protocol [EnableDecoupledFaultInterceptor, MEXInInterceptor, > > > > > MustUnderstandInterceptor] > > > > > pre-protocol-frontend [HandlerAuthInterceptor] > > > > > post-protocol [CheckFaultInterceptor, > > > JAXBAttachmentSchemaValidationHack > > > > > ] > > > > > unmarshal [DocLiteralInInterceptor, SoapHeaderInterceptor] > > > > > pre-logical [NsCtxSelectorStoreInterceptor, > > > OneWayProcessorInterceptor, > > > > > MustUnderstandEndingInterceptor] > > > > > post-logical [WrapperClassInInterceptor] > > > > > pre-invoke [SwAInInterceptor, HolderInInterceptor] > > > > > invoke [ServiceInvokerInterceptor, > > > > > UltimateReceiverMustUnderstandInterceptor] > > > > > post-invoke [OutgoingChainInterceptor, StaxInEndingInterceptor] > > > > > > > > > > but why is it not active? Does anybody have an idea why the custom > > > policy > > > > > is not loaded? Any hints are highly appreciated. > > > > > > > > > > Cheers > > > > > Nik
