Not sure if this is the official way or not, but this is how I do it : AccountWsService service = new AccountWsService("...")); port = service.getAccountWsPort();
Client cxfClient = ClientProxy.getClient(port); cxfClient.getOutInterceptors().add(new AuthenticationOutWSS4JInterceptor(user, password)); where AuthenticationOutWSS4JInterceptor looks a little like : public class AuthenticationOutWSS4JInterceptor extends WSS4JOutInterceptor implements CallbackHandler { private String password = null; /** * @param user can be userId or userName, all depends on what the received requires * @param password can be password or securityToken, all depends on what the received requires */ public AuthenticationOutWSS4JInterceptor(Object user, String password) { this.password = password; HashMap<String, Object> properties = new HashMap<String, Object>(); properties.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN); properties.put(WSHandlerConstants.USER, user.toString()); properties.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT); properties.put(WSHandlerConstants.PW_CALLBACK_REF, this); setProperties(properties); } @Override public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (Callback callback : callbacks) { if (callback instanceof WSPasswordCallback) { WSPasswordCallback wsPasswordCallback = (WSPasswordCallback)callback; wsPasswordCallback.setPassword(password); } } } } On 5/14/13, Ted Roeloffzen <ted.roeloff...@gmail.com> wrote: > Good day all, > > At this moment I'm working on a webservice-client that has to use > WS-Security, but i can't seem to figure out how configure CXF that it fills > the SOAP-header in the correct way. > We don't use Spring for the configuration, so everything has to be > configured via the API. > > We need to have a timestamp, a signature and also a binary security token. > The Canonicalization-algorithm is xml-exc-c14 > The signature-algorithm is RSA-SHA256 > > can someone point me in the right direction for this? > > I've already created a WSS4JInInterceptor and a WSS4JOutInterceptor. > Both with a properties-map containing an Action = Timestap Signature, > signatureAlgorithm = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" > and signatureDigestAlgorithm = "http://www.w3.org/2001/04/xmlenc#sha256" > > do I need to configure anymore other than adding a certificate to the > keystore? > > thanks in advance. > > kind regards, > > Ted > -- Ted.