Hello,
I am building an application with a cxf client (ws-client) that needs to
use WS-Security in order to authentificate the requests.
I will like to create only one cxf proxy and then set the ws-securty
properties programmatically.
I will like to do it that way because not all the requests need the
WS-Security (in fact the provider replies with an error if the ws-security
is set but not expected). Moreover, the cxf proxy needs to manage multiple
users for the WS-Security, that is, the proxy should be able to manage more
than one username / password (the username / password is know at runtime).
So far, i have only seen examples where
1) The WS-Security password is set using a CallbackHandler which is refered
in the creation of a WSS4JOutInterceptor :
<bean id="wssOut"
class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<constructor-arg>
<map>
<entry key="action" value="UsernameToken"/>
<entry key="user" value="myUser"/>
<entry key="passwordType" value="PasswordDigest"/>
<entry key="passwordCallbackRef">
<ref bean="clientPasswordCallback"/>
</entry>
<entry key="useEncodedPasswords" value="true"/>
</map>
</constructor-arg>
</bean>
And usually the password is stored in the CallbackHandler
or 2) When the application needs to use the client, it creates a new proxy
and then it sets an WSS4JOutInterceptor.
Is there any other way to do that ?
Best regards,
Ezequiel.
