Hi, thank you for the quick reply. I'm using wss4j interceptors to enforce username token via ws security. My question basically is to understand the concept. If my client want to invoke the service, I need to supply him with the wsdl file. Then he will generate a client & should be able to invoke the service. But according to your article, this approach (wss4j interceptors) doesn't reflect the need for username nor password to invoke the service. So how will the client know the needs & apply a proper request to the service? Thanks.
Liav ב-9 ביול 2011, בשעה 23:11, "Glen Mazza-3 [via CXF]"<[email protected]> כתב/ה: > At least in my mail client I'm not seeing any configuration, just > whitespaces, in your question below. If you're using UsernameToken, > that information will be added by CXF in the soap:header. See: > http://www.jroller.com/gmazza/entry/cxf_usernametoken_profile for more > detail. > > If you using basic auth with SSL, that's normally enforced by the > web.xml in the WAR hosting your web service provider, although I think > at least part of that can be additionally declared in policy statements > as well. > > Glen > > On 07/08/2011 05:04 PM, liav.ezer wrote: > > > Hello, > > > > I've wrote a CXF based service& added ws security (wss4j 1.5.1) through > > Spring xml. > > > > This is the end point configuration: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > This is part of the client configuration: > > > > > > > > > > > > > > > > > > > > > > > > > > The service is working with the security policy (username-password). > > My question is regarding the wsdl file. > > > > I don't understand how the service wsdl doesn't enforce the ws security > > policy. > > How does the service client will be able to know where& how to add the > > user > > name password. > > > > Thanks. > > > > > > -- > > View this message in context: > > http://cxf.547215.n5.nabble.com/CXF-web-service-with-sw-security-Why-the-wsdl-doesn-t-demand-the-username-pwd-tp4566648p4566648.html > > Sent from the cxf-user mailing list archive at Nabble.com. > > > -- > Glen Mazza > Application Integration Division > Talend (http://www.talend.com/ai) > blog: http://www.jroller.com/gmazza > > > > > If you reply to this email, your message will be added to the discussion > below: > http://cxf.547215.n5.nabble.com/CXF-web-service-with-ws-security-Why-the-wsdl-doesn-t-demand-the-username-pwd-tp4566648p4568867.html > To unsubscribe from CXF web service with ws security - Why the wsdl doesn't > demand the username/pwd?, click here. -- View this message in context: http://cxf.547215.n5.nabble.com/CXF-web-service-with-ws-security-Why-the-wsdl-doesn-t-demand-the-username-pwd-tp4566648p4568888.html Sent from the cxf-user mailing list archive at Nabble.com.
