If you use WS-SecureConversation with CXF it sets up a co-located STS (with the endpoint) automatically for you. Your client can invoke on the endpoint/STS first to get a SecurityContextToken before then invoking on the endpoint with the token.
Colm. On Thu, May 25, 2017 at 10:52 AM, pat7 <[email protected]> wrote: > I just wrote a method with an random generator to issue the secuirty > context > token. After that I stored the token in a database and then I compare the > received sctoken from the client with the token in the database via a > callbackhandler. > > I think that does not make sense or it is wrong to use a policy with a > supporting token "secureconversation" without a tokenstore. Am I right? > > In my opinion, I have two options. > > 1) Apply a STS, which uses all functionalities of the apache cxf to use a > policy with WS-SecureConversation > 2) Remove the policy of WS-SecureConversation. > I do not prefer option two. > > Regards, > Patrick > > > > -- > View this message in context: http://cxf.547215.n5.nabble. > com/WS-SecureConversation-MTOM-Policy-cannot-be- > satisfied-tp5780524p5780686.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
