> On Jun 15, 2016, at 4:59 PM, Joe Schaefer <[email protected]> wrote: > > Yes I found a version of the WSDL that contains ws-policy elements.
Great! Let’s hope the policy is correct and complete. ;-) Once you have the wsdl, you should just be able to generate a client from it (wsdl2java) and use the standard client Service object to obtain the port you need. You would then configure the client using whatever security configuration options that are dictated by the policy. Without seeing the policy, that will be hard to determine. Since you mention both encryption and signature, you might be able to get an idea by looking at the “samples/ws_security/sign_enc_policy” example that comes in the CXF download. That uses spring to configure the client, but configuring via java code is relatively straightforward. The trick is getting the “Client_Encrypt.properties” file created (thats the name of the file in the sample, can be anything) which creates your keystrokes and alias’s and such that you will need. Dan > > > On Wed, Jun 15, 2016 at 4:27 PM, Joe Schaefer <[email protected]> wrote: > >> Yes there is a wsdl including wsse elements. I'm just not at liberty >> to share it publicly. I'm not sure it includes a ws-policy but I can >> investigate. >> >> Thanks Dan! >> >> Sent from my iPhone >> >>> On Jun 15, 2016, at 4:14 PM, Daniel Kulp <[email protected]> wrote: >>> >>> Joe, >>> >>> This isn’t really a lot to go on. Does the soap endpoint that you are >> connecting to have a published WSDL? Does the WSDL provide a WS-Policy >> definition that describes the security requirements? If so, things are >> significantly easier than if it doesn’t. With the WS-Policy stuff, it >> should just be a matter of configuring properties on the client (java code, >> spring config, etc…) for the stuff the policy requires (keystrokes, key >> aliases, etc…). If the WSDL doesn’t have a policy, things are quite a >> bit more complex. In that case, you’d have to figure out what the security >> requirements are and configure in appropriate actions onto a set of WSS4J >> interceptors. >>> >>> Anyway, start with looking at the WSDL and see what information is there >> and then we can figure out the next step. >>> >>> Dan >>> >>> >>>> On Jun 15, 2016, at 1:14 PM, Joe Schaefer <[email protected]> wrote: >>>> >>>> Hi, >>>> I have a business customer who needs a stand-alone web application that >> can >>>> connect to a SOAP endpoint that requires support for the Oasis WSS >>>> standards for XML encryption and signatures. >>>> >>>> Looking over the documentation for CXF it seems that may be the answer >> I'm >>>> looking for on some level. However I am a perl guy, so I may need some >>>> assistance braving the java world. My company will naturally >> compensate on >>>> a contract basis for any coding we need done, but it should be >>>> straightforward. >>>> >>>> I realize the Oasis specs cover a lot of ground, but I do not need more >>>> than a small handset supported. We have familiarity with SOAP UI from >>>> SoftBear which does the job, but is the wrong architecture for a >>>> concurrent, multi-user web services based solution. >>>> >>>> Any advice in this area would be greatly appreciated- I can try to >> answer >>>> any questions about our needs and requirements to the best of my >> ability, >>>> but at this point I'm just looking to know if the CXF community can >> support >>>> this type of use case. >>>> >>>> >>>> TIA! >>> >>> -- >>> Daniel Kulp >>> [email protected] - http://dankulp.com/blog >>> Talend Community Coder - http://coders.talend.com >>> >> -- Daniel Kulp [email protected] - http://dankulp.com/blog Talend Community Coder - http://coders.talend.com
