You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by André von Deetzen <an...@vondeetzen.de> on 2015/02/02 10:58:12 UTC

Toggle signing of messages with SOAP-Messages

Hi,

we're using a soap service that wants our clients to sign their messages
via a SOAP-Policy and it is marked strict.

Is there a setting / toggle that we can use to temporarily disable the use
of the automatic configured WSS4J interceptors without changing the wsdl
and force our clients to redeploy? Or is removing the policy inside our
wsdl the only way to deal with the automatic configuration?

Thanks in advance
André

Re: Toggle signing of messages with SOAP-Messages

Posted by André von Deetzen <an...@vondeetzen.de>.

Hi Andrei,

thanks for further information. I think I will go with
PolicyConstants.POLICY_
OVERRIDE.

Best regards
André

On Mon, Feb 2, 2015 at 10:17 PM, Andrei Shakirin <as...@talend.com>
wrote:

> Hi,
>
> One option is using policy attachments (
> http://www.w3.org/TR/ws-policy-attach/ ), in this case is not necessary
> to modify WSDL - it is enough to update appropriate policy URL in
> attachment:
>
> <wsp:PolicyAttachment xmlns:wsp="http://www.w3.org/ns/ws-policy">
>     <wsp:AppliesTo>
>         <wsp:URI>
> http://cxf.apache.org/MyService#wsdl11.service(MyServiceProvider)
> </wsp:URI>
>     </wsp:AppliesTo>
>     <wsp:PolicyReference URI=" http://www.example.com/mySigningPolicy " />
> </wsp:PolicyAttachment>
>
> The second option is configure WSS4J Interceptors programmatically using
> old style Action configuration:
> http://cxf.apache.org/docs/ws-security.html.
>
> A bit more involved is applying policies dynamically without restarting
> client/service. It is possible using message context property
> PolicyConstants.POLICY_OVERRIDE:
> http://ashakirin.blogspot.de/2012/02/using-ws-policy-in-cxf-projects.html.
>
> Regards,
> Andrei.
>
> > -----Original Message-----
> > From: vondeetzen@gmail.com [mailto:vondeetzen@gmail.com] On Behalf Of
> > André von Deetzen
> > Sent: Montag, 2. Februar 2015 10:58
> > To: users@cxf.apache.org
> > Subject: Toggle signing of messages with SOAP-Messages
> >
> > Hi,
> >
> > we're using a soap service that wants our clients to sign their messages
> via a
> > SOAP-Policy and it is marked strict.
> >
> > Is there a setting / toggle that we can use to temporarily disable the
> use of the
> > automatic configured WSS4J interceptors without changing the wsdl and
> force
> > our clients to redeploy? Or is removing the policy inside our wsdl the
> only way
> > to deal with the automatic configuration?
> >
> > Thanks in advance
> > André
>



-- 
Andre von Deetzen

RE: Toggle signing of messages with SOAP-Messages

Posted by Andrei Shakirin <as...@talend.com>.

Hi,

One option is using policy attachments (http://www.w3.org/TR/ws-policy-attach/ ), in this case is not necessary to modify WSDL - it is enough to update appropriate policy URL in attachment:

<wsp:PolicyAttachment xmlns:wsp="http://www.w3.org/ns/ws-policy">
    <wsp:AppliesTo>
        <wsp:URI>http://cxf.apache.org/MyService#wsdl11.service(MyServiceProvider)</wsp:URI>
    </wsp:AppliesTo>
    <wsp:PolicyReference URI=" http://www.example.com/mySigningPolicy " />
</wsp:PolicyAttachment>

The second option is configure WSS4J Interceptors programmatically using old style Action configuration: http://cxf.apache.org/docs/ws-security.html.

A bit more involved is applying policies dynamically without restarting client/service. It is possible using message context property PolicyConstants.POLICY_OVERRIDE: http://ashakirin.blogspot.de/2012/02/using-ws-policy-in-cxf-projects.html.

Regards,
Andrei.

> -----Original Message-----
> From: vondeetzen@gmail.com [mailto:vondeetzen@gmail.com] On Behalf Of
> André von Deetzen
> Sent: Montag, 2. Februar 2015 10:58
> To: users@cxf.apache.org
> Subject: Toggle signing of messages with SOAP-Messages
> 
> Hi,
> 
> we're using a soap service that wants our clients to sign their messages via a
> SOAP-Policy and it is marked strict.
> 
> Is there a setting / toggle that we can use to temporarily disable the use of the
> automatic configured WSS4J interceptors without changing the wsdl and force
> our clients to redeploy? Or is removing the policy inside our wsdl the only way
> to deal with the automatic configuration?
> 
> Thanks in advance
> André