Re: CXF web service with sw security - Why the wsdl doesn't demand the username/pwd?

Sun, 10 Jul 2011 19:19:27 -0700

CXF has only a Java interface. If you're using C++, python, perl, etc., or another Java web service stack besides CXF--everything below is irrelevant. If somebody doesn't want to use CXF for the SOAP client, that person needs to go that language and/or framework--google it--and find out how to create a SOAP client that supports WS-Security with the UsernameToken method. (I wouldn't personally know, so I can't answer your question.) The CXF web service provider will still work with it, as long as the incoming XML is correct. The WSS4J that you mention won't be used with most non-Java alternatives--but something else in that competitor language that does the same thing would be.
I can only explain CXF and Metro clients (the latter in another forum). If the SOAP client solution you're looking at is so poorly documented that it doesn't explain what you want to do with it, has no framework, or forum, etc., again, I would recommend switching to a solution that *is* documented--CXF, Metro, .NET, Spring Web Services--rather than ask people on those forums how to create a solution for an undocumented competitor. 

Glen

On 07/10/2011 03:51 PM, liav.ezer wrote:

Yes, i understand that the request is SOAP hence pure xml but what about the
*Callback *object&  what about the java *interceptor *which need to be
overloaded with the map properties as below?
What about the *cxf client*?

         *Client client =
org.apache.cxf.frontend.ClientProxy.getClient(port);
         Endpoint cxfEndpoint = client.getEndpoint();

         // Manual WSS4JOutInterceptor interceptor process
         outProps.put(WSHandlerConstants.ACTION,
WSHandlerConstants.USERNAME_TOKEN);
         outProps.put(WSHandlerConstants.USER, "cellact");
         outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
         outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
ClientPasswordCallback.class.getName());

         WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
         cxfEndpoint.getOutInterceptors().add(wssOut);*

How will a C++ client (for example) comply to this techniques? Isn't that
the reason it is called WSS4 Java?
Thanks.

--
View this message in context: 
http://cxf.547215.n5.nabble.com/CXF-web-service-with-ws-security-Why-the-wsdl-doesn-t-demand-the-username-pwd-tp4566648p4572319.html
Sent from the cxf-user mailing list archive at Nabble.com.



--
Glen Mazza
Application Integration Division
Talend (http://www.talend.com/ai)
blog: http://www.jroller.com/gmazza
























					Reply via email to