Am Freitag, 2. November 2018, 09:08:34 CET schrieb Jesper Duelund Isaksen: > Thanks for your suggestion Markus! > > It looks like a WebServiceProvider for either the SAXSource or > StreamSource would fit our needs. > > However the note regarding developers needing to manually handle SOAP > envelopes leads me to assume that everything WS-SecurityPolicy > related needs to be manually handled as well. Would you consider that > correct?
no, you don't need to handle security manually. Full WS-SecurityPolicy (or other cxf-specific interceptors) are available. Simply put the ws-security-policy into your wsdl and let cxf do the hard work for you. @ServiceMode(value = Service.Mode.PAYLOAD) @WebServiceProvider(wsdlLocation = "your.wsdl", ...) public class MyProvider implements Provider<Source> { @Override public Source invoke(Source source) { ...unmarshal source on demand with jaxb or similar... } } regards msc