You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Alexandre Beaupre <be...@hotmail.com> on 2015/07/01 16:18:33 UTC

RE: Attaching a WS-SecurityPolicy to a WSDL

Thanks for the quick reply Colm!
I was not using TLS but it turns out my problem was with my @WebService annotation it was missing the "serviceName" attribute.  This is probably why the Wsdl11AttachmentPolicyProvider could not match the policy reference to my service.

Thanks for all your work in the Apache WS/Security community Colm, very impressive and much appreciated!

Alex

> Date: Tue, 30 Jun 2015 16:27:02 +0100
> Subject: Re: Attaching a WS-SecurityPolicy to a WSDL
> From: coheigea@apache.org
> To: users@cxf.apache.org
> 
> Is the service using TLS? If so then the "SignedParts/Body" policy will not
> fail, as it is deemed to be signed by the Transport layer. Normally, you
> only specify "SignedParts" policies for the input + outputs. The overall
> policy should link to a security binding policy, SymmetricBinding,
> AsymmetricBinding, TransportBinding, etc. All three of your policies link
> to the SignBody policy. There are numerous examples in the WSDLS in CXF's
> systests/ws-security, e.g.:
> 
> https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl;h=172b1bd13b09d3d24ddac5862bbede0b6c68041f;hb=HEAD
> 
> Colm.
> 
> On Tue, Jun 30, 2015 at 3:14 AM, Alexandre Beaupre <be...@hotmail.com>
> wrote:
> 
> > Hi,
> >
> > I'm using CXF version 3.1.1 and I am trying to attach a WS-SecurityPolicy
> > to my jax-ws:endpoint.
> > I have been successful with Axis2/Rampart, but for some reason I can't
> > seem to enforce the policy with CXF.
> >
> > In my WSDL I have added a simple policy :
> >
> >     <wsp:Policy wsu:Id="SignBody">
> >         <wsp:ExactlyOne>
> >             <wsp:All>
> >                 <sp:SignedParts>
> >                     <sp:Body/>
> >                 </sp:SignedParts>
> >             </wsp:All>
> >         </wsp:ExactlyOne>
> >     </wsp:Policy>
> >
> > And I have added policy references in my binding :
> >
> >     <wsdl:binding name="TestServiceSoapBinding" type="tns:TestService">
> >         <wsp:PolicyReference URI="#SignBody"/>
> >         <soap:binding style="document" transport="
> > http://schemas.xmlsoap.org/soap/http" />
> >         <wsdl:operation name="echo">
> >             <soap:operation soapAction="" />
> >             <wsdl:input name="echo">
> >                 <wsp:PolicyReference URI="#SignBody"/>
> >                 <soap:body use="literal" />
> >             </wsdl:input>
> >             <wsdl:output name="echoResponse">
> >                 <wsp:PolicyReference URI="#SignBody"/>
> >                 <soap:body use="literal" />
> >             </wsdl:output>
> >         </wsdl:operation>
> >     </wsdl:binding>
> >
> > However, using SoapUI I can still call the operation without applying any
> > security and nothing special is logged.
> > I have tried to debug the PolicyInInterceptor, it seems like the Policy is
> > getting created but that the Wsdl11AttachmentPolicyProvider is not
> > providing  the policy.
> >
> > Is there something I'm missing ?
> > Is there a sample test project for this I could try ?
> >
> > Thank you for your help!
> > Alex
> >
> 
> 
> 
> 
> -- 
> Colm O hEigeartaigh
> 
> Talend Community Coder
> http://coders.talend.com