Re: Attaching a WS-SecurityPolicy to a WSDL

Tue, 30 Jun 2015 08:28:04 -0700 

Is the service using TLS? If so then the "SignedParts/Body" policy will not
fail, as it is deemed to be signed by the Transport layer. Normally, you
only specify "SignedParts" policies for the input + outputs. The overall
policy should link to a security binding policy, SymmetricBinding,
AsymmetricBinding, TransportBinding, etc. All three of your policies link
to the SignBody policy. There are numerous examples in the WSDLS in CXF's
systests/ws-security, e.g.:

https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl;h=172b1bd13b09d3d24ddac5862bbede0b6c68041f;hb=HEAD

Colm.

On Tue, Jun 30, 2015 at 3:14 AM, Alexandre Beaupre <[email protected]>
wrote:

> Hi,
>
> I'm using CXF version 3.1.1 and I am trying to attach a WS-SecurityPolicy
> to my jax-ws:endpoint.
> I have been successful with Axis2/Rampart, but for some reason I can't
> seem to enforce the policy with CXF.
>
> In my WSDL I have added a simple policy :
>
>     <wsp:Policy wsu:Id="SignBody">
>         <wsp:ExactlyOne>
>             <wsp:All>
>                 <sp:SignedParts>
>                     <sp:Body/>
>                 </sp:SignedParts>
>             </wsp:All>
>         </wsp:ExactlyOne>
>     </wsp:Policy>
>
> And I have added policy references in my binding :
>
>     <wsdl:binding name="TestServiceSoapBinding" type="tns:TestService">
>         <wsp:PolicyReference URI="#SignBody"/>
>         <soap:binding style="document" transport="
> http://schemas.xmlsoap.org/soap/http"; />
>         <wsdl:operation name="echo">
>             <soap:operation soapAction="" />
>             <wsdl:input name="echo">
>                 <wsp:PolicyReference URI="#SignBody"/>
>                 <soap:body use="literal" />
>             </wsdl:input>
>             <wsdl:output name="echoResponse">
>                 <wsp:PolicyReference URI="#SignBody"/>
>                 <soap:body use="literal" />
>             </wsdl:output>
>         </wsdl:operation>
>     </wsdl:binding>
>
> However, using SoapUI I can still call the operation without applying any
> security and nothing special is logged.
> I have tried to debug the PolicyInInterceptor, it seems like the Policy is
> getting created but that the Wsdl11AttachmentPolicyProvider is not
> providing  the policy.
>
> Is there something I'm missing ?
> Is there a sample test project for this I could try ?
>
> Thank you for your help!
> Alex
>




-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Reply via email to