Using wsp:Optional="true" is definitely supported for newer versions of CXF (although I'm not sure if it is for CXF 2.5.4, which is quite an old release), as it's used in one of the existing WS-Security system tests. Perhaps the issue was fixed in this bug: https://issues.apache.org/jira/browse/CXF-5645
Colm. On Tue, Aug 30, 2016 at 8:06 AM, Jesper Duelund Isaksen < [email protected]> wrote: > Hello > > I am trying to implement WS-Trust including a policy that CXF uses to > validate the received token on our application server. This part we have > achieved successfully. > > Be we have an additional security model which uses the TLS protocol and > data from the SOAP request body to validate access to our services. Due to > SSL/TLS-termination happening before the request reaches the application > server, we cannot implement a policy alternative with TransportBinding. > > I have experimented with putting wsp:Optional="true" and > wsp:Ignorable="true" on the policy specifying the AssymetricBinding but > they do not seem to take effect. > Is this supported by CXF? > > I am unfortunately locked to CXF 2.5.4 for now. > > Possible alternative solutions I have considered are: > > * Alternative policy with a custom assertion (but I believe it > would require a custom policy selector as well) > > * Exposing two wsdl's, one with the token policy, one without the > token policy. > > Would you recommend any of these solutions? > > Med venlig hilsen / Kind regards > Jesper Duelund Isaksen > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
