If you were using WS-SecurityPolicy instead, you could specify the username + password as JAX-WS properties instead. However, this doesn't really suit with your use-case where sometimes the requests are not secured. Could you create two client proxies, one for no security + one that sends a UsernameToken?
Colm. On Fri, Aug 14, 2015 at 5:38 PM, Ezequiel Puig <[email protected]> wrote: > Hello, > > I am building an application with a cxf client (ws-client) that needs to > use WS-Security in order to authentificate the requests. > > I will like to create only one cxf proxy and then set the ws-securty > properties programmatically. > > I will like to do it that way because not all the requests need the > WS-Security (in fact the provider replies with an error if the ws-security > is set but not expected). Moreover, the cxf proxy needs to manage multiple > users for the WS-Security, that is, the proxy should be able to manage more > than one username / password (the username / password is know at runtime). > > So far, i have only seen examples where > 1) The WS-Security password is set using a CallbackHandler which is refered > in the creation of a WSS4JOutInterceptor : > > <bean id="wssOut" > class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"> > <constructor-arg> > <map> > <entry key="action" value="UsernameToken"/> > <entry key="user" value="myUser"/> > <entry key="passwordType" value="PasswordDigest"/> > <entry key="passwordCallbackRef"> > <ref bean="clientPasswordCallback"/> > </entry> > <entry key="useEncodedPasswords" value="true"/> > </map> > </constructor-arg> > </bean> > > And usually the password is stored in the CallbackHandler > > or 2) When the application needs to use the client, it creates a new proxy > and then it sets an WSS4JOutInterceptor. > > Is there any other way to do that ? > > > Best regards, > > > Ezequiel. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
