Thank you Glen for the elaborated answer.
I now understand the 2 approaches.
One thing you mention which i want to make sure is the client step to invoke
my service (WSS4J based):
1. Create proxy objects based on the wsdl file
2. Create a CallBack class such as:
*public class ClientPasswordCallback implements CallbackHandler {
private static String password;
static {
password = "123"; *// we agreed on that over the phone/email*
}
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
pc.setPassword(password);
}
}*
3. Invoke the Service with additional SOAP header params as follows:
*
UpdateDepositIndSvc ss = new UpdateDepositIndSvc(wsdlURL,
SERVICE_NAME);
DepositIntf port = ss.getDepositSvcPort();
Map outProps = new HashMap();
Client client = org.apache.cxf.frontend.ClientProxy.getClient(port);
Endpoint cxfEndpoint = client.getEndpoint();
* // Manual WSS4JOutInterceptor interceptor process*
outProps.put(WSHandlerConstants.ACTION,
WSHandlerConstants.USERNAME_TOKEN);
outProps.put(WSHandlerConstants.USER, "bob");
outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
ClientPasswordCallback.class.getName());
WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
cxfEndpoint.getOutInterceptors().add(wssOut);
long id = 1;
boolean ind = false;
java.lang.Boolean updateDepositIndSvc = port.updateDepositIndSvc(id,
ind);*
What if the client isn't a Java one but rather C++ or other platform?
Thanks.
--
View this message in context:
http://cxf.547215.n5.nabble.com/CXF-web-service-with-ws-security-Why-the-wsdl-doesn-t-demand-the-username-pwd-tp4566648p4569834.html
Sent from the cxf-user mailing list archive at Nabble.com.
