Thanks, Colm. Unfortunately, that doesn't work for me, either. I'm using a Camel-CXF endpoint to internally forward the messages and I don't actually have a SEI to add annotations to.
Wrt PolicyAttachment http://cxf.apache.org/docs/how-it-works.html says that "Currently, CXF supports only domain expressions of type wsa:EndpointReferenceType" to associate policy attachments with policy targets. I suppose that means there is currently no means to select a specific input/output from XML configuration only? Regards, Jens coheigea wrote > Hi Jens, > > You could try using the CXF @Policy annotation on the SEI itself. I added > a > test that shows how this can be done: > > https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/FaultTest.java;h=471f07ce0d6a53d7c869240e19ee494be6c360ee;hb=HEAD > https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/DoubleItPortTypeImplJavaFirst.java;h=5e205246c7f4103b3f3d7a25cddd2517430edc83;hb=HEAD > > Two policies are defined on the latter, the security binding policy + then > the actual signed/encrypted parts policy, which is attached on placement = > Placement.BINDING_OPERATION_OUTPUT. This means that it is only invoked on > the normal response, and not if an exception is thrown. > > Note Dan Kulp fixed a bug to get this test to work - before you could > only > add policy annotations on methods of an interface, not of the implementing > class. > > Colm. > > On Wed, May 18, 2016 at 2:10 PM, Jens < > smixdev@ > > wrote: > >> Thanks Colm, >> >> I cannot (am not supposed to) change the WSDL so I'm using a >> wsp:PolicyReference on the CXF endpoint. >> Is it possible that way as well? >> >> Jens >> >> >> coheigea wrote >> > Yes, simply reference the SignedParts policy only in the >> wsdl:input/output >> > in your wsdl:binding, and not the wsdl:fault. >> > >> > Colm. >> > >> > On Wed, May 18, 2016 at 9:17 AM, Jens < >> >> > smixdev@ >> >> > > wrote: >> > >> >> Hi, >> >> >> >> I'm using WS-SecurityPolicy to sign my SOAP messages with >> >> SignedParts/Body >> >> and OnlySignEntireHeadersAndBody. In previous versions of CXF, the >> >> runtime >> >> would never sign outgoing fault messages. Recent versions seem to now >> >> sign >> >> fault messages, too. Is there a way to disable this new behaviour and >> go >> >> back to signing "regular" responses only? Is there a way to specify >> that >> >> with WS-Policy? >> >> >> >> Thanks, >> >> Jens >> >> >> >> >> >> >> >> -- >> >> View this message in context: >> >> >> http://cxf.547215.n5.nabble.com/WS-SecurityPolicy-and-signing-faults-tp5768725.html >> >> Sent from the cxf-user mailing list archive at Nabble.com. >> >> >> > >> > >> > >> > -- >> > Colm O hEigeartaigh >> > >> > Talend Community Coder >> > http://coders.talend.com >> >> >> >> >> >> -- >> View this message in context: >> http://cxf.547215.n5.nabble.com/WS-SecurityPolicy-and-signing-faults-tp5768725p5768739.html >> Sent from the cxf-user mailing list archive at Nabble.com. >> > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com -- View this message in context: http://cxf.547215.n5.nabble.com/WS-SecurityPolicy-and-signing-faults-tp5768725p5769073.html Sent from the cxf-user mailing list archive at Nabble.com.
