I think I forgot a :-) or two in that last tongue in cheek response. I actually used to strongly prefer contract first over java, as it is definately easy to get your contract exactly how you want it and guarantee interop between languages. However with some careful crafting of the jaxws and jaxb stuff you can still achieve that java first, but you definately have to be more careful and keep checking your ?wsdl to ensure its still as you expect it.
CXF support for java first is excellent however and I would encourage its use with Glen's cautions taken into consideration. Happy to assist the OP if I can, as I have lived and breathed java first cxf for 3 years now. On Thu, Oct 18, 2012 at 10:07 PM, Jason Pell <[email protected]> wrote: > Hi, > > I think you just insulted a whole bunch of people who work with java > first every day - me included. And I have years and years of contract > first experience to fall back on, but I prefer java first for my > current product work as it just makes sense. > > Each to their own I say > > Cheers > Jason > > On Thu, Oct 18, 2012 at 10:00 PM, Glen Mazza <[email protected]> wrote: >> I still hold to my recommendation. Attaching policy with Java first is not >> portable and not defined in any spec (not to say messier and more complex >> than just directly storing the security in the WSDL.) Java-first is usually >> the "training wheels" way of implementing web services, once you're ready to >> move to WS-Policy you should first become comfortable with WSDLs, and if >> you're not comfortable with the latter IMO you're not ready to be >> implementing secure solutions with SOAP. >> >> Glen >> >> >> On Thu, Oct 18, 2012 at 11:45 AM, <[email protected]> wrote: >>>>> >>>>> Actually java first in cxf supports ws-policy very nicely. I have been >>>>> contributing some additional work in this area and I don't think you >>>>> need to >>>>> go to the trouble of having to manually manipulate a wsdl post gen. >>>>> >>>>> With 2.7.1 snapshot I have added additional work to ensure that even if >>>>> you >>>>> want to use external ws policy attachments you can have them applied at >>>>> the >>>>> binding operation level. >>>>> >>>>> Or you can annotate the web service interface with either a classpath >>>>> reference to a policy file or you can use a #id to refer to q policy >>>>> embedded in spring context. You can use spring imports to import a >>>>> policy >>>>> file but it will need to be embedded in a spring bean xml tag. >>>>> >>>>> I have been very happy with all these approaches and performed a lot of >>>>> testing and it works very well in 2.7 onwards. 2.7.1 just has one >>>>> enhancement to include policies ij wsdl that have been applied at the op >>>>> message level. >>>>> >>>>> Happy to provide additional info about all this >>>>> >>>>> Sent from my Galaxy S2 >>>>> >>>>> On Oct 18, 2012 8:38 AM, "Glen Mazza"<[email protected]> wrote: >>>>>> >>>>>> I'd recommend building a Java-first web service in order to >>>>>> auto-generate >>>>>> a WSDL[1, link 3][2], then with WSDL in hand switch to a WSDL-first >>>>>> implementation where you can do whatever security options you want [1, >>>>>> links >>>>>> 11-21, also the CXF WS-* samples]. >>>>>> >>>>>> Glen >>>>>> >>>>>> [1]http://www.jroller.com/gmazza/entry/blog_article_index (link 3) >>>>>> [2] >>>>>> >>>>>> http://cxf.apache.org/docs/defining-contract-first-webservices-with-wsdl-generation-from-java.html >>>>>> >>>>>> On 10/17/2012 03:04 AM, Flavio Campana wrote: >>>>>>> >>>>>>> Hi everyone, >>>>>>> i was looking for some example of implementing a web service with CXF >>>>>>> wich used WS-Security and WS-SecurityPolicy using a code first >>>>>>> approach. >>>>>>> Do you know if there are any? >>>>>>> >>>>>>> Thanks. >>>>>> >>>>>> >>>>>> -- >>>>>> Glen Mazza >>>>>> Talend Community Coders - coders.talend.com >>>>>> blog:www.jroller.com/gmazza >>>>>> >>> >> >> >> -- >> Glen Mazza >> Talend Community Coders - coders.talend.com >> blog: www.jroller.com/gmazza >>
