You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Bhushan Bhangale <bh...@kaleconsultants.com> on 2010/03/24 07:11:39 UTC
WS-Security policy in wsdl for java first approach
Hi,
I have used Java first approach with Apache CXF version 2.2.4. Following is
my configuration to implement WS-Security for my service. I am able to send
WS-Security header from my client and get access of the service. The issue
is with the WSDL as I am not able to define the Security policy in my
generated WSDL, due to which consumers of my client don't get clear picture
from the WSDL and need to read a supporting document. I have googled and
found that it cannot be done in Java First approach. Is this correct? Is
there no way I can achieve? Somewhere I read the 2.3 version have this
facility but I am unable to find any example or how to do it? Please help.
<jaxws:endpoint id="apexProrationService"
implementor="com.GreetServiceImpl"
address="/GreetService">
<jaxws:properties>
<entry key="mtom-enabled" value="true"
/>
</jaxws:properties>
<jaxws:inInterceptors>
<ref bean="sAAJInInterceptor" />
<ref bean="wSS4JInInterceptor" />
</jaxws:inInterceptors>
</jaxws:endpoint>
<bean id="sAAJInInterceptor"
class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
<bean id="wSS4JInInterceptor"
class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
<map>
<entry key="action"
value="UsernameToken" />
<entry key="passwordType"
value="PasswordText" />
<entry
key="passwordCallbackRef">
<ref
bean="serverPasswordCallback" />
</entry>
</map>
</constructor-arg>
</bean>
Thanks
Bhushan
Disclaimer: This email (including any attachments) is intended for the sole
use of the recipient/s and may contain material that is CONFIDENTIAL. Any
unauthorized disclosure / copying / distribution or forwarding of this message
or part is STRICTLY PROHIBITED. If you have erroneously received this message,
please delete it immediately and notify the sender. No liability is assumed for
any errors and/or omissions in the contents of this message. Information in
this message that does not relate to the official business of this Company
shall be understood as neither given nor endorsed by it. If verification is
required please request a hard-copy version.
To know more about Kale Consultants, visit www.kaleconsultants.com
-=-=-=-=-=-=-=-=-=-
Re: WS-Security policy in wsdl for java first approach
Posted by Daniel Kulp <dk...@apache.org>.
On Friday 26 March 2010 6:17:46 am Bhushan Bhangale wrote:
> Yes I am using spring and the configuration is same as your example
> java_first_spring_support.
>
> I am able to add the policy information in the generated wsdl after I added
> META-INF/cxf/cxf-extension-policy.xml.
>
> The problem is that the policy gets added twice for my project but for
> sample java_first_spring_support it shows only once. I have done exactly
> same at both places. Not sure which jar or configuration is conflicting in
> my application. If any pointers in this direction then please let me know
> otherwise I would need to start from basic and see at what point the policy
> gets added twice.
No idea really. I guess its possible that the same annotation processor is
being added twice. Not really sure. If you get an example, that would help.
Dan
>
> Thanks
> Bhushan
>
> -----Original Message-----
> From: Daniel Kulp [mailto:dkulp@apache.org]
> Sent: Friday, March 26, 2010 12:30 AM
> To: users@cxf.apache.org
> Cc: Bhushan Bhangale
> Subject: Re: WS-Security policy in wsdl for java first approach
>
>
> Are you using your own spring context xml or are you letting CXF create a
> default? If using your own, you'll need to import a bunch of other things.
>
> Primarily META-INF/cxf/cxf-extension-policy.xml
>
> Can you whip up an example that isn't working? Maybe add the annotations
> to
>
> one of our java_first demos? That way I can look to see what is not
> working.
>
> Dan
>
> On Thursday 25 March 2010 7:30:24 am Bhushan Bhangale wrote:
> > Daniel,
> >
> > I took the 2.3.0-SNAPSHOT source code and built the jars on my desktop.
> >
> > I added following annotation in my service class. The SecurityPolicy.xml
>
> is
>
> > in my classpath. Deployed and started the tomcat but the policy
>
> information
>
> > is still not visible.
> >
> > @Policies({
> >
> > @Policy(uri = "SecurityPolicy.xml")
> >
> > }
> > )
> > @WebService(endpointInterface = " com.GreetService")
> > public class GreetServiceImpl implements GreetService {
> >
> >
> > For testing purpose I kept the policy content same as provided in cxf
>
> junit
>
> > test.
> >
> > <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
> >
> > <wsp:ExactlyOne />
> >
> > </wsp:Policy>
> >
> > Thanks
> > Bhushan
> >
> > -----Original Message-----
> > From: Bhushan Bhangale [mailto:bhushan_bhangale@kaleconsultants.com]
> > Sent: Thursday, March 25, 2010 10:43 AM
> > To: 'Daniel Kulp'; users@cxf.apache.org
> > Subject: RE: WS-Security policy in wsdl for java first approach
> >
> > Thanks Daniel
> >
> > Do you mean I only replace the cxf-rt-ws-policy jar of 2.2.4 with the one
> > built from 2.3 trunk and all the other cxf jars are still at 2.2.4?
> >
> > Bhushan
> >
> > -----Original Message-----
> > From: Daniel Kulp [mailto:dkulp@apache.org]
> > Sent: Thursday, March 25, 2010 8:15 AM
> > To: users@cxf.apache.org
> > Cc: Bhushan Bhangale
> > Subject: Re: WS-Security policy in wsdl for java first approach
> >
> >
> >
> > Yea, for java first, the only option is the stuff on trunk for 2.3. If
> > you
>
> > want to experiment with it, you can look at the tests at:
> http://svn.apache.org/repos/asf/cxf/trunk/rt/ws/policy/src/test/java/org/ap
>
> > a che/cxf/ws/policy/
> >
> > Specifically the PolicyAnnotationTest.java
> >
> > It uses some annotations to associate some policy fragments with the
> > endpoint/operations. Those fragments would be included in the generated
> > WSDL.
> >
> > Dan
> >
> > On Wednesday 24 March 2010 2:11:39 am Bhushan Bhangale wrote:
> > > Hi,
> > >
> > >
> > >
> > > I have used Java first approach with Apache CXF version 2.2.4.
> > > Following
> >
> > is
> >
> > > my configuration to implement WS-Security for my service. I am able to
> >
> > send
> >
> > > WS-Security header from my client and get access of the service. The
> > > issue is with the WSDL as I am not able to define the Security policy
> > > in my generated WSDL, due to which consumers of my client don't get
> > > clear
> >
> > picture
> >
> > > from the WSDL and need to read a supporting document. I have googled
> > > and found that it cannot be done in Java First approach. Is this
> > > correct? Is there no way I can achieve? Somewhere I read the 2.3
> > > version have this facility but I am unable to find any example or how
> > > to do it? Please help.
> > >
> > >
> > >
> > > <jaxws:endpoint id="apexProrationService"
> > >
> > > implementor="com.GreetServiceImpl"
> > >
> > > address="/GreetService">
> > >
> > > <jaxws:properties>
> > >
> > > <entry key="mtom-enabled"
> > > value="true"
> > >
> > > />
> > >
> > > </jaxws:properties>
> > >
> > > <jaxws:inInterceptors>
> > >
> > > <ref bean="sAAJInInterceptor" />
> > >
> > > <ref bean="wSS4JInInterceptor" />
> > >
> > > </jaxws:inInterceptors>
> > >
> > > </jaxws:endpoint>
> > >
> > >
> > >
> > > <bean id="sAAJInInterceptor"
> > >
> > > class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
> > >
> > > <bean id="wSS4JInInterceptor"
> > >
> > > class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
> > >
> > > <constructor-arg>
> > >
> > > <map>
> > >
> > > <entry key="action"
> > >
> > > value="UsernameToken" />
> > >
> > > <entry
>
> key="passwordType"
>
> > > value="PasswordText" />
> > >
> > > <entry
> > >
> > > key="passwordCallbackRef">
> > >
> > > <ref
> > >
> > > bean="serverPasswordCallback" />
> > >
> > > </entry>
> > >
> > > </map>
> > >
> > > </constructor-arg>
> > >
> > > </bean>
> > >
> > > Thanks
> > >
> > > Bhushan
> > >
> > >
> > >
> > >
> > > Disclaimer: This email (including any attachments) is intended for the
> >
> > sole
> >
> > > use of the recipient/s and may contain material that is CONFIDENTIAL.
>
> Any
>
> > > unauthorized disclosure / copying / distribution or forwarding of this
> > > message or part is STRICTLY PROHIBITED. If you have erroneously
> > > received this message, please delete it immediately and notify the
> > > sender. No liability is assumed for any errors and/or omissions in the
> > > contents of this message. Information in this message that does not
> > > relate to the official business of this Company shall be understood as
> > > neither given nor endorsed by it. If verification is required please
> > > request a hard-copy version.
> > >
> > > To know more about Kale Consultants, visit www.kaleconsultants.com
> > >
> > > -=-=-=-=-=-=-=-=-=-
--
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog
RE: WS-Security policy in wsdl for java first approach
Posted by Bhushan Bhangale <bh...@kaleconsultants.com>.
Yes I am using spring and the configuration is same as your example
java_first_spring_support.
I am able to add the policy information in the generated wsdl after I added
META-INF/cxf/cxf-extension-policy.xml.
The problem is that the policy gets added twice for my project but for
sample java_first_spring_support it shows only once. I have done exactly
same at both places. Not sure which jar or configuration is conflicting in
my application. If any pointers in this direction then please let me know
otherwise I would need to start from basic and see at what point the policy
gets added twice.
Thanks
Bhushan
-----Original Message-----
From: Daniel Kulp [mailto:dkulp@apache.org]
Sent: Friday, March 26, 2010 12:30 AM
To: users@cxf.apache.org
Cc: Bhushan Bhangale
Subject: Re: WS-Security policy in wsdl for java first approach
Are you using your own spring context xml or are you letting CXF create a
default? If using your own, you'll need to import a bunch of other things.
Primarily META-INF/cxf/cxf-extension-policy.xml
Can you whip up an example that isn't working? Maybe add the annotations to
one of our java_first demos? That way I can look to see what is not
working.
Dan
On Thursday 25 March 2010 7:30:24 am Bhushan Bhangale wrote:
> Daniel,
>
> I took the 2.3.0-SNAPSHOT source code and built the jars on my desktop.
>
> I added following annotation in my service class. The SecurityPolicy.xml
is
> in my classpath. Deployed and started the tomcat but the policy
information
> is still not visible.
>
> @Policies({
> @Policy(uri = "SecurityPolicy.xml")
> }
> )
> @WebService(endpointInterface = " com.GreetService")
> public class GreetServiceImpl implements GreetService {
>
>
> For testing purpose I kept the policy content same as provided in cxf
junit
> test.
>
> <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
> <wsp:ExactlyOne />
> </wsp:Policy>
>
> Thanks
> Bhushan
>
> -----Original Message-----
> From: Bhushan Bhangale [mailto:bhushan_bhangale@kaleconsultants.com]
> Sent: Thursday, March 25, 2010 10:43 AM
> To: 'Daniel Kulp'; users@cxf.apache.org
> Subject: RE: WS-Security policy in wsdl for java first approach
>
> Thanks Daniel
>
> Do you mean I only replace the cxf-rt-ws-policy jar of 2.2.4 with the one
> built from 2.3 trunk and all the other cxf jars are still at 2.2.4?
>
> Bhushan
>
> -----Original Message-----
> From: Daniel Kulp [mailto:dkulp@apache.org]
> Sent: Thursday, March 25, 2010 8:15 AM
> To: users@cxf.apache.org
> Cc: Bhushan Bhangale
> Subject: Re: WS-Security policy in wsdl for java first approach
>
>
>
> Yea, for java first, the only option is the stuff on trunk for 2.3. If
> you
>
> want to experiment with it, you can look at the tests at:
>
>
http://svn.apache.org/repos/asf/cxf/trunk/rt/ws/policy/src/test/java/org/ap
> a che/cxf/ws/policy/
>
> Specifically the PolicyAnnotationTest.java
>
> It uses some annotations to associate some policy fragments with the
> endpoint/operations. Those fragments would be included in the generated
> WSDL.
>
> Dan
>
> On Wednesday 24 March 2010 2:11:39 am Bhushan Bhangale wrote:
> > Hi,
> >
> >
> >
> > I have used Java first approach with Apache CXF version 2.2.4. Following
>
> is
>
> > my configuration to implement WS-Security for my service. I am able to
>
> send
>
> > WS-Security header from my client and get access of the service. The
> > issue is with the WSDL as I am not able to define the Security policy in
> > my generated WSDL, due to which consumers of my client don't get clear
>
> picture
>
> > from the WSDL and need to read a supporting document. I have googled and
> > found that it cannot be done in Java First approach. Is this correct? Is
> > there no way I can achieve? Somewhere I read the 2.3 version have this
> > facility but I am unable to find any example or how to do it? Please
> > help.
> >
> >
> >
> > <jaxws:endpoint id="apexProrationService"
> >
> > implementor="com.GreetServiceImpl"
> >
> > address="/GreetService">
> >
> > <jaxws:properties>
> >
> > <entry key="mtom-enabled"
> > value="true"
> >
> > />
> >
> > </jaxws:properties>
> >
> > <jaxws:inInterceptors>
> >
> > <ref bean="sAAJInInterceptor" />
> >
> > <ref bean="wSS4JInInterceptor" />
> >
> > </jaxws:inInterceptors>
> >
> > </jaxws:endpoint>
> >
> >
> >
> > <bean id="sAAJInInterceptor"
> >
> > class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
> >
> > <bean id="wSS4JInInterceptor"
> >
> > class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
> >
> > <constructor-arg>
> >
> > <map>
> >
> > <entry key="action"
> >
> > value="UsernameToken" />
> >
> > <entry
key="passwordType"
> >
> > value="PasswordText" />
> >
> > <entry
> >
> > key="passwordCallbackRef">
> >
> > <ref
> >
> > bean="serverPasswordCallback" />
> >
> > </entry>
> >
> > </map>
> >
> > </constructor-arg>
> >
> > </bean>
> >
> > Thanks
> >
> > Bhushan
> >
> >
> >
> >
> > Disclaimer: This email (including any attachments) is intended for the
>
> sole
>
> > use of the recipient/s and may contain material that is CONFIDENTIAL.
Any
> > unauthorized disclosure / copying / distribution or forwarding of this
> > message or part is STRICTLY PROHIBITED. If you have erroneously received
> > this message, please delete it immediately and notify the sender. No
> > liability is assumed for any errors and/or omissions in the contents of
> > this message. Information in this message that does not relate to the
> > official business of this Company shall be understood as neither given
> > nor endorsed by it. If verification is required please request a
> > hard-copy version.
> >
> > To know more about Kale Consultants, visit www.kaleconsultants.com
> >
> > -=-=-=-=-=-=-=-=-=-
--
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog
Disclaimer: This email (including any attachments) is intended for the sole
use of the recipient/s and may contain material that is CONFIDENTIAL. Any
unauthorized disclosure / copying / distribution or forwarding of this message
or part is STRICTLY PROHIBITED. If you have erroneously received this message,
please delete it immediately and notify the sender. No liability is assumed for
any errors and/or omissions in the contents of this message. Information in
this message that does not relate to the official business of this Company
shall be understood as neither given nor endorsed by it. If verification is
required please request a hard-copy version.
To know more about Kale Consultants, visit www.kaleconsultants.com
-=-=-=-=-=-=-=-=-=-
Re: WS-Security policy in wsdl for java first approach
Posted by Daniel Kulp <dk...@apache.org>.
Are you using your own spring context xml or are you letting CXF create a
default? If using your own, you'll need to import a bunch of other things.
Primarily META-INF/cxf/cxf-extension-policy.xml
Can you whip up an example that isn't working? Maybe add the annotations to
one of our java_first demos? That way I can look to see what is not working.
Dan
On Thursday 25 March 2010 7:30:24 am Bhushan Bhangale wrote:
> Daniel,
>
> I took the 2.3.0-SNAPSHOT source code and built the jars on my desktop.
>
> I added following annotation in my service class. The SecurityPolicy.xml is
> in my classpath. Deployed and started the tomcat but the policy information
> is still not visible.
>
> @Policies({
> @Policy(uri = "SecurityPolicy.xml")
> }
> )
> @WebService(endpointInterface = " com.GreetService")
> public class GreetServiceImpl implements GreetService {
>
>
> For testing purpose I kept the policy content same as provided in cxf junit
> test.
>
> <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
> <wsp:ExactlyOne />
> </wsp:Policy>
>
> Thanks
> Bhushan
>
> -----Original Message-----
> From: Bhushan Bhangale [mailto:bhushan_bhangale@kaleconsultants.com]
> Sent: Thursday, March 25, 2010 10:43 AM
> To: 'Daniel Kulp'; users@cxf.apache.org
> Subject: RE: WS-Security policy in wsdl for java first approach
>
> Thanks Daniel
>
> Do you mean I only replace the cxf-rt-ws-policy jar of 2.2.4 with the one
> built from 2.3 trunk and all the other cxf jars are still at 2.2.4?
>
> Bhushan
>
> -----Original Message-----
> From: Daniel Kulp [mailto:dkulp@apache.org]
> Sent: Thursday, March 25, 2010 8:15 AM
> To: users@cxf.apache.org
> Cc: Bhushan Bhangale
> Subject: Re: WS-Security policy in wsdl for java first approach
>
>
>
> Yea, for java first, the only option is the stuff on trunk for 2.3. If
> you
>
> want to experiment with it, you can look at the tests at:
>
> http://svn.apache.org/repos/asf/cxf/trunk/rt/ws/policy/src/test/java/org/ap
> a che/cxf/ws/policy/
>
> Specifically the PolicyAnnotationTest.java
>
> It uses some annotations to associate some policy fragments with the
> endpoint/operations. Those fragments would be included in the generated
> WSDL.
>
> Dan
>
> On Wednesday 24 March 2010 2:11:39 am Bhushan Bhangale wrote:
> > Hi,
> >
> >
> >
> > I have used Java first approach with Apache CXF version 2.2.4. Following
>
> is
>
> > my configuration to implement WS-Security for my service. I am able to
>
> send
>
> > WS-Security header from my client and get access of the service. The
> > issue is with the WSDL as I am not able to define the Security policy in
> > my generated WSDL, due to which consumers of my client don't get clear
>
> picture
>
> > from the WSDL and need to read a supporting document. I have googled and
> > found that it cannot be done in Java First approach. Is this correct? Is
> > there no way I can achieve? Somewhere I read the 2.3 version have this
> > facility but I am unable to find any example or how to do it? Please
> > help.
> >
> >
> >
> > <jaxws:endpoint id="apexProrationService"
> >
> > implementor="com.GreetServiceImpl"
> >
> > address="/GreetService">
> >
> > <jaxws:properties>
> >
> > <entry key="mtom-enabled"
> > value="true"
> >
> > />
> >
> > </jaxws:properties>
> >
> > <jaxws:inInterceptors>
> >
> > <ref bean="sAAJInInterceptor" />
> >
> > <ref bean="wSS4JInInterceptor" />
> >
> > </jaxws:inInterceptors>
> >
> > </jaxws:endpoint>
> >
> >
> >
> > <bean id="sAAJInInterceptor"
> >
> > class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
> >
> > <bean id="wSS4JInInterceptor"
> >
> > class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
> >
> > <constructor-arg>
> >
> > <map>
> >
> > <entry key="action"
> >
> > value="UsernameToken" />
> >
> > <entry key="passwordType"
> >
> > value="PasswordText" />
> >
> > <entry
> >
> > key="passwordCallbackRef">
> >
> > <ref
> >
> > bean="serverPasswordCallback" />
> >
> > </entry>
> >
> > </map>
> >
> > </constructor-arg>
> >
> > </bean>
> >
> > Thanks
> >
> > Bhushan
> >
> >
> >
> >
> > Disclaimer: This email (including any attachments) is intended for the
>
> sole
>
> > use of the recipient/s and may contain material that is CONFIDENTIAL. Any
> > unauthorized disclosure / copying / distribution or forwarding of this
> > message or part is STRICTLY PROHIBITED. If you have erroneously received
> > this message, please delete it immediately and notify the sender. No
> > liability is assumed for any errors and/or omissions in the contents of
> > this message. Information in this message that does not relate to the
> > official business of this Company shall be understood as neither given
> > nor endorsed by it. If verification is required please request a
> > hard-copy version.
> >
> > To know more about Kale Consultants, visit www.kaleconsultants.com
> >
> > -=-=-=-=-=-=-=-=-=-
--
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog
RE: WS-Security policy in wsdl for java first approach
Posted by Bhushan Bhangale <bh...@kaleconsultants.com>.
Daniel,
I took the 2.3.0-SNAPSHOT source code and built the jars on my desktop.
I added following annotation in my service class. The SecurityPolicy.xml is
in my classpath. Deployed and started the tomcat but the policy information
is still not visible.
@Policies({
@Policy(uri = "SecurityPolicy.xml")
}
)
@WebService(endpointInterface = " com.GreetService")
public class GreetServiceImpl implements GreetService {
For testing purpose I kept the policy content same as provided in cxf junit
test.
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:ExactlyOne />
</wsp:Policy>
Thanks
Bhushan
-----Original Message-----
From: Bhushan Bhangale [mailto:bhushan_bhangale@kaleconsultants.com]
Sent: Thursday, March 25, 2010 10:43 AM
To: 'Daniel Kulp'; users@cxf.apache.org
Subject: RE: WS-Security policy in wsdl for java first approach
Thanks Daniel
Do you mean I only replace the cxf-rt-ws-policy jar of 2.2.4 with the one
built from 2.3 trunk and all the other cxf jars are still at 2.2.4?
Bhushan
-----Original Message-----
From: Daniel Kulp [mailto:dkulp@apache.org]
Sent: Thursday, March 25, 2010 8:15 AM
To: users@cxf.apache.org
Cc: Bhushan Bhangale
Subject: Re: WS-Security policy in wsdl for java first approach
Yea, for java first, the only option is the stuff on trunk for 2.3. If you
want to experiment with it, you can look at the tests at:
http://svn.apache.org/repos/asf/cxf/trunk/rt/ws/policy/src/test/java/org/apa
che/cxf/ws/policy/
Specifically the PolicyAnnotationTest.java
It uses some annotations to associate some policy fragments with the
endpoint/operations. Those fragments would be included in the generated
WSDL.
Dan
On Wednesday 24 March 2010 2:11:39 am Bhushan Bhangale wrote:
> Hi,
>
>
>
> I have used Java first approach with Apache CXF version 2.2.4. Following
is
> my configuration to implement WS-Security for my service. I am able to
send
> WS-Security header from my client and get access of the service. The issue
> is with the WSDL as I am not able to define the Security policy in my
> generated WSDL, due to which consumers of my client don't get clear
picture
> from the WSDL and need to read a supporting document. I have googled and
> found that it cannot be done in Java First approach. Is this correct? Is
> there no way I can achieve? Somewhere I read the 2.3 version have this
> facility but I am unable to find any example or how to do it? Please help.
>
>
>
> <jaxws:endpoint id="apexProrationService"
>
> implementor="com.GreetServiceImpl"
>
> address="/GreetService">
>
> <jaxws:properties>
>
> <entry key="mtom-enabled" value="true"
> />
>
> </jaxws:properties>
>
> <jaxws:inInterceptors>
>
> <ref bean="sAAJInInterceptor" />
>
> <ref bean="wSS4JInInterceptor" />
>
> </jaxws:inInterceptors>
>
> </jaxws:endpoint>
>
>
>
> <bean id="sAAJInInterceptor"
> class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
>
> <bean id="wSS4JInInterceptor"
> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
>
> <constructor-arg>
>
> <map>
>
> <entry key="action"
> value="UsernameToken" />
>
> <entry key="passwordType"
> value="PasswordText" />
>
> <entry
> key="passwordCallbackRef">
>
> <ref
> bean="serverPasswordCallback" />
>
> </entry>
>
> </map>
>
> </constructor-arg>
>
> </bean>
>
>
>
> Thanks
>
> Bhushan
>
>
>
>
> Disclaimer: This email (including any attachments) is intended for the
sole
> use of the recipient/s and may contain material that is CONFIDENTIAL. Any
> unauthorized disclosure / copying / distribution or forwarding of this
> message or part is STRICTLY PROHIBITED. If you have erroneously received
> this message, please delete it immediately and notify the sender. No
> liability is assumed for any errors and/or omissions in the contents of
> this message. Information in this message that does not relate to the
> official business of this Company shall be understood as neither given nor
> endorsed by it. If verification is required please request a hard-copy
> version.
>
> To know more about Kale Consultants, visit www.kaleconsultants.com
>
> -=-=-=-=-=-=-=-=-=-
--
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog
Disclaimer: This email (including any attachments) is intended for the sole
use of the recipient/s and may contain material that is CONFIDENTIAL. Any
unauthorized disclosure / copying / distribution or forwarding of this
message
or part is STRICTLY PROHIBITED. If you have erroneously received this
message,
please delete it immediately and notify the sender. No liability is assumed
for
any errors and/or omissions in the contents of this message. Information in
this message that does not relate to the official business of this Company
shall be understood as neither given nor endorsed by it. If verification is
required please request a hard-copy version.
To know more about Kale Consultants, visit www.kaleconsultants.com
-=-=-=-=-=
Disclaimer: This email (including any attachments) is intended for the sole
use of the recipient/s and may contain material that is CONFIDENTIAL. Any
unauthorized disclosure / copying / distribution or forwarding of this message
or part is STRICTLY PROHIBITED. If you have erroneously received this message,
please delete it immediately and notify the sender. No liability is assumed for
any errors and/or omissions in the contents of this message. Information in
this message that does not relate to the official business of this Company
shall be understood as neither given nor endorsed by it. If verification is
required please request a hard-copy version.
To know more about Kale Consultants, visit www.kaleconsultants.com
-=-=-=-=-=-=-=-=-=-
RE: WS-Security policy in wsdl for java first approach
Posted by Bhushan Bhangale <bh...@kaleconsultants.com>.
Thanks Daniel
Do you mean I only replace the cxf-rt-ws-policy jar of 2.2.4 with the one
built from 2.3 trunk and all the other cxf jars are still at 2.2.4?
Bhushan
-----Original Message-----
From: Daniel Kulp [mailto:dkulp@apache.org]
Sent: Thursday, March 25, 2010 8:15 AM
To: users@cxf.apache.org
Cc: Bhushan Bhangale
Subject: Re: WS-Security policy in wsdl for java first approach
Yea, for java first, the only option is the stuff on trunk for 2.3. If you
want to experiment with it, you can look at the tests at:
http://svn.apache.org/repos/asf/cxf/trunk/rt/ws/policy/src/test/java/org/apa
che/cxf/ws/policy/
Specifically the PolicyAnnotationTest.java
It uses some annotations to associate some policy fragments with the
endpoint/operations. Those fragments would be included in the generated
WSDL.
Dan
On Wednesday 24 March 2010 2:11:39 am Bhushan Bhangale wrote:
> Hi,
>
>
>
> I have used Java first approach with Apache CXF version 2.2.4. Following
is
> my configuration to implement WS-Security for my service. I am able to
send
> WS-Security header from my client and get access of the service. The issue
> is with the WSDL as I am not able to define the Security policy in my
> generated WSDL, due to which consumers of my client don't get clear
picture
> from the WSDL and need to read a supporting document. I have googled and
> found that it cannot be done in Java First approach. Is this correct? Is
> there no way I can achieve? Somewhere I read the 2.3 version have this
> facility but I am unable to find any example or how to do it? Please help.
>
>
>
> <jaxws:endpoint id="apexProrationService"
>
> implementor="com.GreetServiceImpl"
>
> address="/GreetService">
>
> <jaxws:properties>
>
> <entry key="mtom-enabled" value="true"
> />
>
> </jaxws:properties>
>
> <jaxws:inInterceptors>
>
> <ref bean="sAAJInInterceptor" />
>
> <ref bean="wSS4JInInterceptor" />
>
> </jaxws:inInterceptors>
>
> </jaxws:endpoint>
>
>
>
> <bean id="sAAJInInterceptor"
> class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
>
> <bean id="wSS4JInInterceptor"
> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
>
> <constructor-arg>
>
> <map>
>
> <entry key="action"
> value="UsernameToken" />
>
> <entry key="passwordType"
> value="PasswordText" />
>
> <entry
> key="passwordCallbackRef">
>
> <ref
> bean="serverPasswordCallback" />
>
> </entry>
>
> </map>
>
> </constructor-arg>
>
> </bean>
>
>
>
> Thanks
>
> Bhushan
>
>
>
>
> Disclaimer: This email (including any attachments) is intended for the
sole
> use of the recipient/s and may contain material that is CONFIDENTIAL. Any
> unauthorized disclosure / copying / distribution or forwarding of this
> message or part is STRICTLY PROHIBITED. If you have erroneously received
> this message, please delete it immediately and notify the sender. No
> liability is assumed for any errors and/or omissions in the contents of
> this message. Information in this message that does not relate to the
> official business of this Company shall be understood as neither given nor
> endorsed by it. If verification is required please request a hard-copy
> version.
>
> To know more about Kale Consultants, visit www.kaleconsultants.com
>
> -=-=-=-=-=-=-=-=-=-
--
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog
Disclaimer: This email (including any attachments) is intended for the sole
use of the recipient/s and may contain material that is CONFIDENTIAL. Any
unauthorized disclosure / copying / distribution or forwarding of this message
or part is STRICTLY PROHIBITED. If you have erroneously received this message,
please delete it immediately and notify the sender. No liability is assumed for
any errors and/or omissions in the contents of this message. Information in
this message that does not relate to the official business of this Company
shall be understood as neither given nor endorsed by it. If verification is
required please request a hard-copy version.
To know more about Kale Consultants, visit www.kaleconsultants.com
-=-=-=-=-=-=-=-=-=-
Re: WS-Security policy in wsdl for java first approach
Posted by Daniel Kulp <dk...@apache.org>.
Yea, for java first, the only option is the stuff on trunk for 2.3. If you
want to experiment with it, you can look at the tests at:
http://svn.apache.org/repos/asf/cxf/trunk/rt/ws/policy/src/test/java/org/apache/cxf/ws/policy/
Specifically the PolicyAnnotationTest.java
It uses some annotations to associate some policy fragments with the
endpoint/operations. Those fragments would be included in the generated
WSDL.
Dan
On Wednesday 24 March 2010 2:11:39 am Bhushan Bhangale wrote:
> Hi,
>
>
>
> I have used Java first approach with Apache CXF version 2.2.4. Following is
> my configuration to implement WS-Security for my service. I am able to send
> WS-Security header from my client and get access of the service. The issue
> is with the WSDL as I am not able to define the Security policy in my
> generated WSDL, due to which consumers of my client don't get clear picture
> from the WSDL and need to read a supporting document. I have googled and
> found that it cannot be done in Java First approach. Is this correct? Is
> there no way I can achieve? Somewhere I read the 2.3 version have this
> facility but I am unable to find any example or how to do it? Please help.
>
>
>
> <jaxws:endpoint id="apexProrationService"
>
> implementor="com.GreetServiceImpl"
>
> address="/GreetService">
>
> <jaxws:properties>
>
> <entry key="mtom-enabled" value="true"
> />
>
> </jaxws:properties>
>
> <jaxws:inInterceptors>
>
> <ref bean="sAAJInInterceptor" />
>
> <ref bean="wSS4JInInterceptor" />
>
> </jaxws:inInterceptors>
>
> </jaxws:endpoint>
>
>
>
> <bean id="sAAJInInterceptor"
> class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" />
>
> <bean id="wSS4JInInterceptor"
> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
>
> <constructor-arg>
>
> <map>
>
> <entry key="action"
> value="UsernameToken" />
>
> <entry key="passwordType"
> value="PasswordText" />
>
> <entry
> key="passwordCallbackRef">
>
> <ref
> bean="serverPasswordCallback" />
>
> </entry>
>
> </map>
>
> </constructor-arg>
>
> </bean>
>
>
>
> Thanks
>
> Bhushan
>
>
>
>
> Disclaimer: This email (including any attachments) is intended for the sole
> use of the recipient/s and may contain material that is CONFIDENTIAL. Any
> unauthorized disclosure / copying / distribution or forwarding of this
> message or part is STRICTLY PROHIBITED. If you have erroneously received
> this message, please delete it immediately and notify the sender. No
> liability is assumed for any errors and/or omissions in the contents of
> this message. Information in this message that does not relate to the
> official business of this Company shall be understood as neither given nor
> endorsed by it. If verification is required please request a hard-copy
> version.
>
> To know more about Kale Consultants, visit www.kaleconsultants.com
>
> -=-=-=-=-=-=-=-=-=-
--
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog