Hi, thx for reply. With the following Policy definition it works.
<wsp:Policy xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"; xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="BiPROAuthSecurityPolicy"> <wsp:ExactlyOne> <wsp:All> <sp:TransportBinding> <wsp:Policy> <sp:TransportToken> <wsp:Policy> <sp:HttpsToken RequireClientCertificate="false"/> </wsp:Policy> </sp:TransportToken> </wsp:Policy> </sp:TransportBinding> <sp:SupportingTokens> <wsp:Policy> <wsp:ExactlyOne> <wsp:All> <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";> <wsp:Policy/> </sp:UsernameToken> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> </sp:SupportingTokens> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> I have one more question. Can you give me a hit how can I implement in the Callback Handler an access to a own data source(MySQL) for username and password? patrick -- View this message in context: http://cxf.547215.n5.nabble.com/Bipro-Security-token-service-simple-Usernametoken-tp5777721p5777791.html Sent from the cxf-user mailing list archive at Nabble.com.
