Hi, > -----Original Message----- > From: [email protected] > [mailto:[email protected]] > Sent: Montag, 27. April 2015 10:39 > To: [email protected] > Subject: Antwort: RE: Antwort: RE: Custom WS-Security Policy for Webservice > > Hi, > > > > If not, I would recommend to set endpoint in CXF class https:// > > > github.com/apache/cxf/blob/master/rt/ws/policy/src/main/java/org/ > > > apache/cxf/ws/policy/PolicyAnnotationListener.java , loading method > > > handleEvent() case ENDPOINT_SELECTED and debug policy loading. > > Thanks for the hint, I'll give it a try. > > I've debugged the PlicyAnnotationListener at the recommended position, but no > result. Both methods in case ENDPOINT_SELECTED (addPolicies(...) and > addEndpointImplPolicies(...)) do not add a policy since the policy lists are > always empty (null). The reason for this is probably that the PropertyMap of > the > endpoint interface is also null. In summray, no policies (policy annotations) > are > found.
Did you see @Policies annotations for the implClass in addEndpointImplPolicies(...) in debugger variables explorer? Is the implementation class correct one? > > Do you have any idea/recommendation how to proceed? Do you think the > reason might be that I missed some important configuration, e.g., a namespace > in the policy file or something else (I don't think so since the examples > don't use > any custom namespaces)? > > In which environment did you run your sample projects? Maybe I'll give it a > try > to switch... I don't see obvious problem in your code. Try to run following CXF system test: https://github.com/apache/cxf/blob/master/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/JavaFirstPolicyServiceTest.java It uses service class with very similar @Policy annotation: https://github.com/apache/cxf/blob/master/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/javafirst/BindingSimpleServiceImpl.java What is the difference in your case? Regards, Andrei. > > Thanks > Niko > > > > > Thanks > > Niko > > > > > > > > Regards, > > > Andrei. > > > > > > > -----Original Message----- > > > > From: [email protected] > > > > [mailto:[email protected]] > > > > Sent: Dienstag, 21. April 2015 12:46 > > > > To: [email protected] > > > > Subject: Antwort: RE: Custom WS-Security Policy for Webservice > > > > > > > > Hi, > > > > > > > > thanks for the link to the examples. I'm using a similar > > > configuration now, but > > > > without success. > > > > > > > > Concerning your questions: What I want to achieve is basically the > > policy > > > > described here ( > > > > > > > http://docs.oasis-open.org/ws-sx/security-policy/examples/ws-sp-usecases- > > > > examples.html#_Toc274723250 > > > > ). The only difference is that I want to use Basic128 as the > > > Algorithm Suite. This > > > > is the requirement of our customer. Thus, I do not register an > > interceptor > > > > provider. The policy assertions I use should be standard, right? > > > > > > > > Thanks > > > > Niko > > > > > > > > Andrei Shakirin <[email protected]> schrieb am 20.04.2015 > 21:06:03: > > > > > > > > > Von: Andrei Shakirin <[email protected]> > > > > > An: "[email protected]" <[email protected]> > > > > > Datum: 20.04.2015 21:07 > > > > > Betreff: RE: Custom WS-Security Policy for Webservice > > > > > > > > > > Hi, > > > > > > > > > > Take a look in following system tests: > > > > > > https://github.com/apache/cxf/blob/master/systests/ws-security/src/ > > > > > > > test/java/org/apache/cxf/systest/ws/policy/JavaFirstPolicyService.java > > > > > > https://github.com/apache/cxf/blob/master/systests/ws-security/src/ > > > > > test/java/org/apache/cxf/systest/ws/policy/javafirst/ > > > > > OperationSimpleServiceImpl.java > > > > > > > > > > One possible issue is that uri attribute in @Policy annotation > > > > > can > > > be > > > > > required to be in URI form (classpath:/xxx, file:///xxx). > > > > > Do you register interceptor provider for the custom policy > assertion > > > > > or it contains standard assertions? What is your expectation > > > > > from activating of custom policy? > > > > > > > > > > Regards, > > > > > Andrei. > > > > > > > > > > > -----Original Message----- > > > > > > From: [email protected] > > > > > > [mailto:[email protected]] > > > > > > Sent: Montag, 20. April 2015 12:24 > > > > > > To: [email protected] > > > > > > Subject: Custom WS-Security Policy for Webservice > > > > > > > > > > > > Hi all, > > > > > > > > > > > > I'm trying to apply a custom WS-Security policy to a web > service. > > > > > > I'm > > > > using > > > > > > wsimport from the jaxws-maven-plugin to generate the SEI. The > > > > > > implementation of the SEI looks like this: > > > > > > > > > > > > > > > > > > import javax.jws.WebService; > > > > > > import org.apache.cxf.annotations.Policy; > > > > > > import org.jboss.ws.api.annotation.EndpointConfig; > > > > > > > > > > > > @WebService( > > > > > > portName = "VehicleOrderRetailDelivery", > > > > > > serviceName = "VehicleOrderRetailDelivery", > > > > > > targetNamespace = "some/namespace", > > > > > > wsdlLocation = > > > > > > "/WEB-INF/wsdl/VehicleOrderRetailDelivery.wsdl", > > > > > > endpointInterface = > > > > > > "mypackage.IVehicleOrderRetailDelivery" > > > > > > ) > > > > > > @Policies({@Policy(placement = > > > > > > Policy.Placement.BINDING, > > > uri > > > > > > = "CustomPolicy.xml", includeInWSDL=true)}) > > > > > > @EndpointConfig(configFile = > > > > "WEB-INF/jaxws-endpoint-config.xml" > > > > > > , configName = "Custom WS-Security Endpoint") > > > > > > public class VehicleOrderRetailDelivery implements > > > > > > IVehicleOrderRetailDelivery { > > > > > > > > > > > > public void report(@XmlElement(required = > > > > > > true) > > > > > ReportRequestType > > > > > > reportRequest) { ... } > > > > > > } > > > > > > > > > > > > > > > > > > The problem is that the custom WS-Security policy is not active. > > > If > > > > > > I > > > > send > > > > > > requests to the endpoint using SoapUI, I get a soap fault > telling > > me > > > > that > > > > > > the message contains encrypted data. I'm using Wildfly 8.1.0 > > > > > > and I've already set the log level to DEBUG but there is no > > information > > > > > > in the > > > > log > > > > > > what goes wrong or why the policy is not active. This part of > the > > > > > > log makes me believe that there is some kind of policy that it > is > > > > > > loaded > > > > > > > > > > > > 21:43:17,813 FINE > > > > > > [org.apache.cxf.phase.PhaseInterceptorChain] > > > > (default > > > > > > task-5) Chain > org.apache.cxf.phase.PhaseInterceptorChain@3aa6c815 > > > > > > was modified. `Current flow:` receive [PolicyInInterceptor, > > > > > > EndpointAssociationInterceptor, AttachmentInInterceptor] > > > > > > pre-stream [CertConstraintsInterceptor] > > > > > > post-stream [StaxInInterceptor] > > > > > > read [WSDLGetInterceptor, ReadHeadersInterceptor, > > > > > > SoapActionInInterceptor, StartBodyInterceptor] > > > > > > pre-protocol [EnableDecoupledFaultInterceptor, > MEXInInterceptor, > > > > > > MustUnderstandInterceptor] > > > > > > pre-protocol-frontend [HandlerAuthInterceptor] > > > > > > post-protocol [CheckFaultInterceptor, > > > > JAXBAttachmentSchemaValidationHack > > > > > > ] > > > > > > unmarshal [DocLiteralInInterceptor, SoapHeaderInterceptor] > > > > > > pre-logical [NsCtxSelectorStoreInterceptor, > > > > OneWayProcessorInterceptor, > > > > > > MustUnderstandEndingInterceptor] > > > > > > post-logical [WrapperClassInInterceptor] > > > > > > pre-invoke [SwAInInterceptor, HolderInInterceptor] > > > > > > invoke [ServiceInvokerInterceptor, > > > > > > UltimateReceiverMustUnderstandInterceptor] > > > > > > post-invoke [OutgoingChainInterceptor, > StaxInEndingInterceptor] > > > > > > > > > > > > but why is it not active? Does anybody have an idea why the > custom > > > > policy > > > > > > is not loaded? Any hints are highly appreciated. > > > > > > > > > > > > Cheers > > > > > > Nik
