Hi Jens, You could try using the CXF @Policy annotation on the SEI itself. I added a test that shows how this can be done:
https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/FaultTest.java;h=471f07ce0d6a53d7c869240e19ee494be6c360ee;hb=HEAD https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/DoubleItPortTypeImplJavaFirst.java;h=5e205246c7f4103b3f3d7a25cddd2517430edc83;hb=HEAD Two policies are defined on the latter, the security binding policy + then the actual signed/encrypted parts policy, which is attached on placement = Placement.BINDING_OPERATION_OUTPUT. This means that it is only invoked on the normal response, and not if an exception is thrown. Note Dan Kulp fixed a bug to get this test to work - before you could only add policy annotations on methods of an interface, not of the implementing class. Colm. On Wed, May 18, 2016 at 2:10 PM, Jens <[email protected]> wrote: > Thanks Colm, > > I cannot (am not supposed to) change the WSDL so I'm using a > wsp:PolicyReference on the CXF endpoint. > Is it possible that way as well? > > Jens > > > coheigea wrote > > Yes, simply reference the SignedParts policy only in the > wsdl:input/output > > in your wsdl:binding, and not the wsdl:fault. > > > > Colm. > > > > On Wed, May 18, 2016 at 9:17 AM, Jens < > > > smixdev@ > > > > wrote: > > > >> Hi, > >> > >> I'm using WS-SecurityPolicy to sign my SOAP messages with > >> SignedParts/Body > >> and OnlySignEntireHeadersAndBody. In previous versions of CXF, the > >> runtime > >> would never sign outgoing fault messages. Recent versions seem to now > >> sign > >> fault messages, too. Is there a way to disable this new behaviour and go > >> back to signing "regular" responses only? Is there a way to specify that > >> with WS-Policy? > >> > >> Thanks, > >> Jens > >> > >> > >> > >> -- > >> View this message in context: > >> > http://cxf.547215.n5.nabble.com/WS-SecurityPolicy-and-signing-faults-tp5768725.html > >> Sent from the cxf-user mailing list archive at Nabble.com. > >> > > > > > > > > -- > > Colm O hEigeartaigh > > > > Talend Community Coder > > http://coders.talend.com > > > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/WS-SecurityPolicy-and-signing-faults-tp5768725p5768739.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
