You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Brecht Yperman <br...@invenso.com> on 2015/08/03 16:52:18 UTC
Separate WS-Security policy for inbound and outbound messages
Hi,
I already posted this to Stackoverflow, but I'm guessing I'll get better responses here.
I'm addressing a webservice using CXF that requires a WS-Security Signature on the request, but the response has no signature. I recently moved from Axis2 to CXF, but would try to keep all existing configuration working as much as possible.
In Axis2 I was able to specify a different policy for the request and the response.
client.getOptions().setProperty(RampartMessageData.KEY_RAMPART_OUT_POLICY, outPolicy);
I tried setting a different policy for the request context and the response context, but that seems to have no effect (the policy is found on the Exchange, which has all properties copied from the requestContext in the ClientImpl.doInvoke method)
client.getRequestContext().put(PolicyConstants.POLICY_OVERRIDE,
outPolicy);
Is this possible using Apache CXF?
Thanks,
Brecht
[http://www.invenso.com/emailimgs/Invenso.png]
-
________________________________
-
-
Brecht Yperman
Senior Developer
E brecht.yperman@invenso.com<ma...@invenso.com>
P +32 52 52 27 75
[http://www.invenso.com/emailimgs/xd.png]<http://www.xperido.com/>
XperiDo<http://www.xperido.com>
Document creation & output management
[http://www.invenso.com/emailimgs/xb.png]<http://www.xbintegrator.com/>
XBintegrator<http://www.xbintegrator.com>
Integration & development foundation
-
________________________________
-
-
The contents of this e-mail and any of its attachments are intended for work preparation purposes only, and do by no means contain any legally binding promises or statements. They are intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient, please note that any review, dissemination, disclosure, alteration, printing, copying or transmission of this e-mail and/or any file transmitted with it, is strictly prohibited and may be unlawful. If you have received this e-mail by mistake, please immediately notify the sender and permanently delete the original as well as any copy of any e-mail and any printout thereof.
Re: Separate WS-Security policy for inbound and outbound messages
Posted by Andrei Shakirin <as...@talend.com>.
Hi Brecht,
Take a look in this conversation: http://cxf.547215.n5.nabble.com/Best-practice-of-using-external-WS-Policy-files-with-CXF-td5736545.html#a5737138 option (c)
I have published a simple example illustrating the "dynamic policy" approach: https://github.com/ashakirin/cxf.howtos/tree/master/ws-policy.dynamic
Regards,
________________________________________
From: Brecht Yperman <br...@invenso.com>
Sent: Wednesday, August 5, 2015 5:28 PM
To: users@cxf.apache.org
Subject: RE: Separate WS-Security policy for inbound and outbound messages
Hi,
This is great for new projects, but I'd like the existing stuff to 'just work'. I know that's not simple, considering the library change, but I'd like to get as close as possible.
I'm currently thinking about implementing my own policy interceptors, but this seems non-trivial for a 'CXF-beginner' like myself.
Thanks,
Brecht
-----Oorspronkelijk bericht-----
Van: Colm O hEigeartaigh [mailto:coheigea@apache.org]
Verzonden: woensdag 5 augustus 2015 16:55
Aan: users@cxf.apache.org
Onderwerp: Re: Separate WS-Security policy for inbound and outbound messages
Hi Brecht,
Why not just use the standard approach of associating a security binding with the WSDL binding, and then associate a SignedParts policy with the WSDL input, but no (SignedParts) policy with the WSDL output? I just checked doing this in a system test and it worked fine.
Colm.
On Mon, Aug 3, 2015 at 3:52 PM, Brecht Yperman <br...@invenso.com>
wrote:
> Hi,
> I already posted this to Stackoverflow, but I'm guessing I'll get
> better responses here.
>
> I'm addressing a webservice using CXF that requires a WS-Security
> Signature on the request, but the response has no signature. I
> recently moved from Axis2 to CXF, but would try to keep all existing
> configuration working as much as possible.
> In Axis2 I was able to specify a different policy for the request and
> the response.
> client.getOptions().setProperty(RampartMessageData.KEY_RAMPART_OUT_POL
> ICY,
> outPolicy);
>
> I tried setting a different policy for the request context and the
> response context, but that seems to have no effect (the policy is
> found on the Exchange, which has all properties copied from the
> requestContext in the ClientImpl.doInvoke method)
> client.getRequestContext().put(PolicyConstants.POLICY_OVERRIDE,
> outPolicy);
>
> Is this possible using Apache CXF?
> Thanks,
> Brecht
>
> [http://www.invenso.com/emailimgs/Invenso.png]
>
> -
>
> ________________________________
>
> -
>
> -
>
> Brecht Yperman
> Senior Developer
> E brecht.yperman@invenso.com<ma...@invenso.com>
> P +32 52 52 27 75
>
> [http://www.invenso.com/emailimgs/xd.png]<http://www.xperido.com/>
>
> XperiDo<http://www.xperido.com>
> Document creation & output management
>
> [http://www.invenso.com/emailimgs/xb.png]<http://www.xbintegrator.com/
> >
>
> XBintegrator<http://www.xbintegrator.com>
> Integration & development foundation
>
> -
>
> ________________________________
>
> -
>
>
>
> -
>
> The contents of this e-mail and any of its attachments are intended
> for work preparation purposes only, and do by no means contain any
> legally binding promises or statements. They are intended only for use
> by the
> addressee(s) named herein and may contain legally privileged and/or
> confidential information. If you are not the intended recipient,
> please note that any review, dissemination, disclosure, alteration,
> printing, copying or transmission of this e-mail and/or any file
> transmitted with it, is strictly prohibited and may be unlawful. If
> you have received this e-mail by mistake, please immediately notify
> the sender and permanently delete the original as well as any copy of
> any e-mail and any printout thereof.
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
RE: Separate WS-Security policy for inbound and outbound messages
Posted by Brecht Yperman <br...@invenso.com>.
Hi,
This is great for new projects, but I'd like the existing stuff to 'just work'. I know that's not simple, considering the library change, but I'd like to get as close as possible.
I'm currently thinking about implementing my own policy interceptors, but this seems non-trivial for a 'CXF-beginner' like myself.
Thanks,
Brecht
-----Oorspronkelijk bericht-----
Van: Colm O hEigeartaigh [mailto:coheigea@apache.org]
Verzonden: woensdag 5 augustus 2015 16:55
Aan: users@cxf.apache.org
Onderwerp: Re: Separate WS-Security policy for inbound and outbound messages
Hi Brecht,
Why not just use the standard approach of associating a security binding with the WSDL binding, and then associate a SignedParts policy with the WSDL input, but no (SignedParts) policy with the WSDL output? I just checked doing this in a system test and it worked fine.
Colm.
On Mon, Aug 3, 2015 at 3:52 PM, Brecht Yperman <br...@invenso.com>
wrote:
> Hi,
> I already posted this to Stackoverflow, but I'm guessing I'll get
> better responses here.
>
> I'm addressing a webservice using CXF that requires a WS-Security
> Signature on the request, but the response has no signature. I
> recently moved from Axis2 to CXF, but would try to keep all existing
> configuration working as much as possible.
> In Axis2 I was able to specify a different policy for the request and
> the response.
> client.getOptions().setProperty(RampartMessageData.KEY_RAMPART_OUT_POL
> ICY,
> outPolicy);
>
> I tried setting a different policy for the request context and the
> response context, but that seems to have no effect (the policy is
> found on the Exchange, which has all properties copied from the
> requestContext in the ClientImpl.doInvoke method)
> client.getRequestContext().put(PolicyConstants.POLICY_OVERRIDE,
> outPolicy);
>
> Is this possible using Apache CXF?
> Thanks,
> Brecht
>
> [http://www.invenso.com/emailimgs/Invenso.png]
>
> -
>
> ________________________________
>
> -
>
> -
>
> Brecht Yperman
> Senior Developer
> E brecht.yperman@invenso.com<ma...@invenso.com>
> P +32 52 52 27 75
>
> [http://www.invenso.com/emailimgs/xd.png]<http://www.xperido.com/>
>
> XperiDo<http://www.xperido.com>
> Document creation & output management
>
> [http://www.invenso.com/emailimgs/xb.png]<http://www.xbintegrator.com/
> >
>
> XBintegrator<http://www.xbintegrator.com>
> Integration & development foundation
>
> -
>
> ________________________________
>
> -
>
>
>
> -
>
> The contents of this e-mail and any of its attachments are intended
> for work preparation purposes only, and do by no means contain any
> legally binding promises or statements. They are intended only for use
> by the
> addressee(s) named herein and may contain legally privileged and/or
> confidential information. If you are not the intended recipient,
> please note that any review, dissemination, disclosure, alteration,
> printing, copying or transmission of this e-mail and/or any file
> transmitted with it, is strictly prohibited and may be unlawful. If
> you have received this e-mail by mistake, please immediately notify
> the sender and permanently delete the original as well as any copy of
> any e-mail and any printout thereof.
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: Separate WS-Security policy for inbound and outbound messages
Posted by Colm O hEigeartaigh <co...@apache.org>.
Hi Brecht,
Why not just use the standard approach of associating a security binding
with the WSDL binding, and then associate a SignedParts policy with the
WSDL input, but no (SignedParts) policy with the WSDL output? I just
checked doing this in a system test and it worked fine.
Colm.
On Mon, Aug 3, 2015 at 3:52 PM, Brecht Yperman <br...@invenso.com>
wrote:
> Hi,
> I already posted this to Stackoverflow, but I'm guessing I'll get better
> responses here.
>
> I'm addressing a webservice using CXF that requires a WS-Security
> Signature on the request, but the response has no signature. I recently
> moved from Axis2 to CXF, but would try to keep all existing configuration
> working as much as possible.
> In Axis2 I was able to specify a different policy for the request and the
> response.
> client.getOptions().setProperty(RampartMessageData.KEY_RAMPART_OUT_POLICY,
> outPolicy);
>
> I tried setting a different policy for the request context and the
> response context, but that seems to have no effect (the policy is found on
> the Exchange, which has all properties copied from the requestContext in
> the ClientImpl.doInvoke method)
> client.getRequestContext().put(PolicyConstants.POLICY_OVERRIDE,
> outPolicy);
>
> Is this possible using Apache CXF?
> Thanks,
> Brecht
>
> [http://www.invenso.com/emailimgs/Invenso.png]
>
> -
>
> ________________________________
>
> -
>
> -
>
> Brecht Yperman
> Senior Developer
> E brecht.yperman@invenso.com<ma...@invenso.com>
> P +32 52 52 27 75
>
> [http://www.invenso.com/emailimgs/xd.png]<http://www.xperido.com/>
>
> XperiDo<http://www.xperido.com>
> Document creation & output management
>
> [http://www.invenso.com/emailimgs/xb.png]<http://www.xbintegrator.com/>
>
> XBintegrator<http://www.xbintegrator.com>
> Integration & development foundation
>
> -
>
> ________________________________
>
> -
>
>
>
> -
>
> The contents of this e-mail and any of its attachments are intended for
> work preparation purposes only, and do by no means contain any legally
> binding promises or statements. They are intended only for use by the
> addressee(s) named herein and may contain legally privileged and/or
> confidential information. If you are not the intended recipient, please
> note that any review, dissemination, disclosure, alteration, printing,
> copying or transmission of this e-mail and/or any file transmitted with it,
> is strictly prohibited and may be unlawful. If you have received this
> e-mail by mistake, please immediately notify the sender and permanently
> delete the original as well as any copy of any e-mail and any printout
> thereof.
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com