Re: Policy Alternatives not handled properly on client side

Thu, 12 Jul 2012 14:04:37 -0700 

If you grab the PolicyEngine off the bus, you can set the 
AlternativeSelector that is used.   

bus.getExtension(PolicyEngine.class).setAlternativeSelector(...);

by default, we use a "MinimalAlternativeSelector" which finds the 
alternative with the least number of policies to enforce.   You can easily 
write your own that would provide smarter alternative selection mechanisms.

Dan


On Wednesday, July 11, 2012 05:48:27 AM Yoann wrote:
> I have a WSDL with the following policy:
> 
> <wsp:Policy wsu:Id="SecurityPolicy">
>       <wsp:ExactlyOne>
>               <wsp:All>
>                       <wsp:PolicyReference 
> URI="#TransportSecurityBindingPolicy"/>
>               </wsp:All>
>               <wsp:All>
>                       <wsp:PolicyReference 
> URI="#TransportSecurityBindingPolicy"/>
>                       <wsp:PolicyReference 
> URI="#MessageSecurityBindingPolicy"/>
>               </wsp:All>
>       </wsp:ExactlyOne>
> </wsp:Policy>
> 
> The MessageSecurityBindingPolicy mandates usage of a UsernameToken.
> 
> The policy is equivalent to:
> 
> <wsp:Policy wsu:Id="SecurityPolicy">
>       <wsp:PolicyReference URI="#TransportSecurityBindingPolicy" />
>       <wsp:PolicyReference URI="#MessageSecurityBindingPolicy"
> wsp:Optional="true" />
> </wsp:Policy>
> 
> The policy means the UsernameToken is optional.
> 
> My code relies on the support of WS-SecurityPolicy in CXF and is as
> follows:
> 
> mContext.put("ws-security.username", "USER");
> mContext.put("ws-security.callback-handler",
> "test.ClientPasswordCallback");
> 
> The output message contains the WS-Security and verifies the second
> alternative.
> 
> With the following:
> 
> mContext.remove("ws-security.username");
> mContext.remove("ws-security.callback-handler");
> 
> The output message doesn't contain the WS-Security whereas it verifies the
> first alternative.
> 
> Is there a way to force the alternative or could CXF check the username
> properties are set (which is applicable as per policy definition) and set
> the WS-Security according to the policy.
> 
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/Policy-Alternatives-not-handled-properly-
> on-client-side-tp5710882.html Sent from the cxf-user mailing list archive
> at Nabble.com.
-- 
Daniel Kulp
[email protected] - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com

Reply via email to