I still hold to my recommendation. Attaching policy with Java first is
not portable and not defined in any spec (not to say messier and more
complex than just directly storing the security in the WSDL.) Java-first
is usually the "training wheels" way of implementing web services, once
you're ready to move to WS-Policy you should first become comfortable
with WSDLs, and if you're not comfortable with the latter IMO you're not
ready to be implementing secure solutions with SOAP.
Glen
On Thu, Oct 18, 2012 at 11:45 AM, <[email protected]> wrote:
Actually java first in cxf supports ws-policy very nicely. I have been
contributing some additional work in this area and I don't think you need to
go to the trouble of having to manually manipulate a wsdl post gen.
With 2.7.1 snapshot I have added additional work to ensure that even if you
want to use external ws policy attachments you can have them applied at the
binding operation level.
Or you can annotate the web service interface with either a classpath
reference to a policy file or you can use a #id to refer to q policy
embedded in spring context. You can use spring imports to import a policy
file but it will need to be embedded in a spring bean xml tag.
I have been very happy with all these approaches and performed a lot of
testing and it works very well in 2.7 onwards. 2.7.1 just has one
enhancement to include policies ij wsdl that have been applied at the op
message level.
Happy to provide additional info about all this
Sent from my Galaxy S2
On Oct 18, 2012 8:38 AM, "Glen Mazza"<[email protected]> wrote:
I'd recommend building a Java-first web service in order to auto-generate
a WSDL[1, link 3][2], then with WSDL in hand switch to a WSDL-first
implementation where you can do whatever security options you want [1, links
11-21, also the CXF WS-* samples].
Glen
[1]http://www.jroller.com/gmazza/entry/blog_article_index (link 3)
[2]
http://cxf.apache.org/docs/defining-contract-first-webservices-with-wsdl-generation-from-java.html
On 10/17/2012 03:04 AM, Flavio Campana wrote:
Hi everyone,
i was looking for some example of implementing a web service with CXF
wich used WS-Security and WS-SecurityPolicy using a code first approach.
Do you know if there are any?
Thanks.
--
Glen Mazza
Talend Community Coders - coders.talend.com
blog:www.jroller.com/gmazza
--
Glen Mazza
Talend Community Coders - coders.talend.com
blog: www.jroller.com/gmazza
