Hi Brecht, Take a look in this conversation: http://cxf.547215.n5.nabble.com/Best-practice-of-using-external-WS-Policy-files-with-CXF-td5736545.html#a5737138 option (c) I have published a simple example illustrating the "dynamic policy" approach: https://github.com/ashakirin/cxf.howtos/tree/master/ws-policy.dynamic
Regards, ________________________________________ From: Brecht Yperman <[email protected]> Sent: Wednesday, August 5, 2015 5:28 PM To: [email protected] Subject: RE: Separate WS-Security policy for inbound and outbound messages Hi, This is great for new projects, but I'd like the existing stuff to 'just work'. I know that's not simple, considering the library change, but I'd like to get as close as possible. I'm currently thinking about implementing my own policy interceptors, but this seems non-trivial for a 'CXF-beginner' like myself. Thanks, Brecht -----Oorspronkelijk bericht----- Van: Colm O hEigeartaigh [mailto:[email protected]] Verzonden: woensdag 5 augustus 2015 16:55 Aan: [email protected] Onderwerp: Re: Separate WS-Security policy for inbound and outbound messages Hi Brecht, Why not just use the standard approach of associating a security binding with the WSDL binding, and then associate a SignedParts policy with the WSDL input, but no (SignedParts) policy with the WSDL output? I just checked doing this in a system test and it worked fine. Colm. On Mon, Aug 3, 2015 at 3:52 PM, Brecht Yperman <[email protected]> wrote: > Hi, > I already posted this to Stackoverflow, but I'm guessing I'll get > better responses here. > > I'm addressing a webservice using CXF that requires a WS-Security > Signature on the request, but the response has no signature. I > recently moved from Axis2 to CXF, but would try to keep all existing > configuration working as much as possible. > In Axis2 I was able to specify a different policy for the request and > the response. > client.getOptions().setProperty(RampartMessageData.KEY_RAMPART_OUT_POL > ICY, > outPolicy); > > I tried setting a different policy for the request context and the > response context, but that seems to have no effect (the policy is > found on the Exchange, which has all properties copied from the > requestContext in the ClientImpl.doInvoke method) > client.getRequestContext().put(PolicyConstants.POLICY_OVERRIDE, > outPolicy); > > Is this possible using Apache CXF? > Thanks, > Brecht > > [http://www.invenso.com/emailimgs/Invenso.png] > > - > > ________________________________ > > - > > - > > Brecht Yperman > Senior Developer > E [email protected]<mailto:[email protected]> > P +32 52 52 27 75 > > [http://www.invenso.com/emailimgs/xd.png]<http://www.xperido.com/> > > XperiDo<http://www.xperido.com> > Document creation & output management > > [http://www.invenso.com/emailimgs/xb.png]<http://www.xbintegrator.com/ > > > > XBintegrator<http://www.xbintegrator.com> > Integration & development foundation > > - > > ________________________________ > > - > > > > - > > The contents of this e-mail and any of its attachments are intended > for work preparation purposes only, and do by no means contain any > legally binding promises or statements. They are intended only for use > by the > addressee(s) named herein and may contain legally privileged and/or > confidential information. If you are not the intended recipient, > please note that any review, dissemination, disclosure, alteration, > printing, copying or transmission of this e-mail and/or any file > transmitted with it, is strictly prohibited and may be unlawful. If > you have received this e-mail by mistake, please immediately notify > the sender and permanently delete the original as well as any copy of > any e-mail and any printout thereof. > > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
