Hi Jens, > Wrt PolicyAttachment http://cxf.apache.org/docs/how-it-works.html says that > "Currently, CXF supports only domain expressions of type > wsa:EndpointReferenceType" to associate policy attachments with policy > targets. I suppose that means there is currently no means to select a specific > input/output from XML configuration only?
The PolicyAttachment URIDomainExpressionBuilder support was extended in CXF 2.7.12 (3.0.0): https://issues.apache.org/jira/browse/CXF-5685 Therefore you can use following expressions as well: wsdl11.definitions() wsdl11.service(service) wsdl11.binding(binding) wsdl11.bindingOperation(binding/operation) wsdl11.bindingOperation.input(binding/operation) wsdl11.bindingOperation.output(binding/operation) wsdl11.bindingOperation.fault(binding/operation/fault) See https://github.com/apache/cxf/blob/master/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/policy/AddressingPolicyExternalAttachmentWsdl11Test.java as a sample. I will update the documentation. If you need really dynamic way to assign the policy, you can consider to use PolicyConstants.POLICY_OVERRIDE properties in your interceptor: http://ashakirin.blogspot.de/2012/02/using-ws-policy-in-cxf-projects.html ; http://cxf.apache.org/using-ws-policy-in-cxf-projects (Dynamically via message property) Regards, Andrei. > -----Original Message----- > From: Jens [mailto:[email protected]] > Sent: Montag, 30. Mai 2016 09:30 > To: [email protected] > Subject: Re: WS-SecurityPolicy and signing faults > > Thanks, Colm. > > Unfortunately, that doesn't work for me, either. I'm using a Camel-CXF > endpoint to internally forward the messages and I don't actually have a SEI to > add annotations to. > > Wrt PolicyAttachment http://cxf.apache.org/docs/how-it-works.html says that > "Currently, CXF supports only domain expressions of type > wsa:EndpointReferenceType" to associate policy attachments with policy > targets. I suppose that means there is currently no means to select a specific > input/output from XML configuration only? > > Regards, > Jens > > > coheigea wrote > > Hi Jens, > > > > You could try using the CXF @Policy annotation on the SEI itself. I > > added a test that shows how this can be done: > > > > https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/ws > > -security/src/test/java/org/apache/cxf/systest/ws/fault/FaultTest.java > > ;h=471f07ce0d6a53d7c869240e19ee494be6c360ee;hb=HEAD > > https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/ws > > -security/src/test/java/org/apache/cxf/systest/ws/fault/DoubleItPortTy > > > peImplJavaFirst.java;h=5e205246c7f4103b3f3d7a25cddd2517430edc83;hb=HEA > > D > > > > Two policies are defined on the latter, the security binding policy + > > then the actual signed/encrypted parts policy, which is attached on > > placement = Placement.BINDING_OPERATION_OUTPUT. This means that it is > > only invoked on the normal response, and not if an exception is thrown. > > > > Note Dan Kulp fixed a bug to get this test to work - before you could > > only add policy annotations on methods of an interface, not of the > > implementing class. > > > > Colm. > > > > On Wed, May 18, 2016 at 2:10 PM, Jens < > > > smixdev@ > > > > wrote: > > > >> Thanks Colm, > >> > >> I cannot (am not supposed to) change the WSDL so I'm using a > >> wsp:PolicyReference on the CXF endpoint. > >> Is it possible that way as well? > >> > >> Jens > >> > >> > >> coheigea wrote > >> > Yes, simply reference the SignedParts policy only in the > >> wsdl:input/output > >> > in your wsdl:binding, and not the wsdl:fault. > >> > > >> > Colm. > >> > > >> > On Wed, May 18, 2016 at 9:17 AM, Jens < > >> > >> > smixdev@ > >> > >> > > wrote: > >> > > >> >> Hi, > >> >> > >> >> I'm using WS-SecurityPolicy to sign my SOAP messages with > >> >> SignedParts/Body and OnlySignEntireHeadersAndBody. In previous > >> >> versions of CXF, the runtime would never sign outgoing fault > >> >> messages. Recent versions seem to now sign fault messages, too. Is > >> >> there a way to disable this new behaviour and > >> go > >> >> back to signing "regular" responses only? Is there a way to > >> >> specify > >> that > >> >> with WS-Policy? > >> >> > >> >> Thanks, > >> >> Jens > >> >> > >> >> > >> >> > >> >> -- > >> >> View this message in context: > >> >> > >> http://cxf.547215.n5.nabble.com/WS-SecurityPolicy-and-signing-faults- > >> tp5768725.html > >> >> Sent from the cxf-user mailing list archive at Nabble.com. > >> >> > >> > > >> > > >> > > >> > -- > >> > Colm O hEigeartaigh > >> > > >> > Talend Community Coder > >> > http://coders.talend.com > >> > >> > >> > >> > >> > >> -- > >> View this message in context: > >> http://cxf.547215.n5.nabble.com/WS-SecurityPolicy-and-signing-faults- > >> tp5768725p5768739.html Sent from the cxf-user mailing list archive at > >> Nabble.com. > >> > > > > > > > > -- > > Colm O hEigeartaigh > > > > Talend Community Coder > > http://coders.talend.com > > > > > > -- > View this message in context: http://cxf.547215.n5.nabble.com/WS- > SecurityPolicy-and-signing-faults-tp5768725p5769073.html > Sent from the cxf-user mailing list archive at Nabble.com.
