Re: WS Security - how to implement without defining any element in the WSDL

Thu, 07 Nov 2013 12:48:38 -0800 

Hi Sara,
You can define the properties in a cxf.xml file in the root directory of your class path. See this page for details: http://cxf.apache.org/docs/configuration.html Here's a sample used for configuring WS-Security signing, by way of example: 

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans";
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
    xmlns:jaxws="http://cxf.apache.org/jaxws";
    xmlns:soap="http://cxf.apache.org/bindings/soap";
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
      http://cxf.apache.org/jaxws
      http://cxf.apache.org/schemas/jaxws.xsd";>


  <jaxws:endpoint 
implementor="com.sosnoski.ws.cxfrm.rspdemo.MirrorImplSigned">


    <jaxws:properties>

      <entry key="ws-security.signature.properties" 
value="server-crypto.properties"/>

      <entry key="ws-security.signature.username" value="serverkey"/>
      <entry key="ws-security.encryption.username" value="useReqSigCert"/>
      <entry key="ws-security.callback-handler"
value="com.sosnoski.ws.cxfrm.rspdemo.ServerCallback"/>
    </jaxws:properties>

  </jaxws:endpoint>

</beans>

Dennis M. Sosnoski
Java SOA and Web Services Consulting <http://www.sosnoski.com/consult.html>

CXF and Web Services Security Training 
<http://www.sosnoski.com/training.html>

Web Services Jump-Start <http://www.sosnoski.com/jumpstart.html>

On 11/08/2013 05:01 AM, Sara wrote:

Hi ,

I am very new with Java , and especially CXF.

Trying to implement server side of a web service with WS-SecurityPolicy
(username and password)
but without defining security elements in the WSDL.
from reading some articles like:
http://www.jroller.com/gmazza/entry/cxf_usernametoken_profile
<http://www.jroller.com/gmazza/entry/cxf_usernametoken_profile>

I understand that, to support WS security, the steps are:
1. implementing the CallbackHandler
2. adding a property to servlet.xml

is it correct ? am I missing something ?

Now, for #2, I don't use the cxf servlet, so I added the property through
the code :

         
         ...

         Map<String, Object> properties = new java.util.HashMap<String,
Object>();
         properties.put("ws-security.callback-handler",
                        "ServerCallback");//my CallbackHandler

         Endpoint a =   Endpoint.create(address,implementor);
         a.setProperties(properties);
         a.publish(address, implementor);

but it doesn't get to my CallbackHandler when debugging.

Is it totally wrong ?  please help

in short, no definition in WSDL, no servlet.xml, what are the steps to
support WS security ?


Thanks in advance
Sara






--
View this message in context: 
http://cxf.547215.n5.nabble.com/WS-Security-how-to-implement-without-defining-any-element-in-the-WSDL-tp5736101.html
Sent from the cxf-user mailing list archive at Nabble.com.

























					Reply via email to