Hi, Additionally to Dan answer, you can look into Policy Interceptor Providers (http://cxf.apache.org/using-ws-policy-in-cxf-projects.html , http://cxf.apache.org/docs/ws-policy-framework-overview.html ). You can register your own interceptor(s) associated with specified policy assertion using this mechanism. For example, if policy contains IssuedToken assertion, your interceptor will activated before the WSS4J ones and dynamically prepare security properties like ws-security.encryption.username, ws-security.callback-handler, etc. I have used this mechanism and some custom projects and that works pretty well.
Regards, Andrei. > -----Original Message----- > From: Raagu [mailto:[email protected]] > Sent: Donnerstag, 12. Dezember 2013 09:48 > To: [email protected] > Subject: How to parse wsdl policies in java > > I have a java application, in which I have used jaxws-ri library, to make > webservice calls to different webservice application. In order to make > webservice clients, I have used dispatch APIs. Now I'm making my code to > handle ws-security as well, if the webservice application exposes security > considerations interms of wsdl policies. To handle ws-security, since jaxws-ri > (reference implementation) does not support that,I have explored other > libraries and found Apache CXF does support that. I have tried running > sample client program using Apache CXF (doubleit services) and was able to > invoke webservice which has different policy assertion (STS, Encryption, > Addressing, Signature and so on). The sample snippet I tried are as follows. > > URL wsdlURL = new > URL("http://localhost:8080/doubleit/services/doubleit?wsdl";); > Service service = Service.create(wsdlURL, new > QName("http://www.example.org/contract/DoubleIt","DoubleItService";)); > Dispatch<SOAPMessage> disp = service.createDispatch(new > QName("http://www.example.org/contract/DoubleIt","DoubleItPort";), > SOAPMessage.class, Service.Mode.MESSAGE); > > MessageFactory factory = MessageFactory.newInstance(); > SOAPMessage loginRequestSOAPMesage = factory.createMessage(); > > SOAPPart requestSoapPart = loginRequestSOAPMesage.getSOAPPart(); > SOAPEnvelope requestEnvelope = requestSoapPart.getEnvelope(); > SOAPBody requestBody = requestEnvelope.getBody(); > SOAPBodyElement element = > requestBody.addBodyElement(requestEnvelope.createName("DoubleIt", > "ser", "http://www.example.org/schema/DoubleIt";)); > element.addChildElement("numberToDouble").addTextNode("222"); > > disp.getRequestContext().put("ws-security.encryption.username", > "mystskey"); > disp.getRequestContext().put("ws-security.encryption.properties", > "clientKeystore.properties"); > disp.getRequestContext().put("ws-security.callback-handler", > "client.ClientCallbackHandler"); > disp.getRequestContext().put("ws-security.username", "alice"); > > SOAPMessage response = disp.invoke(loginRequestSOAPMesage); > > In the above code, I had hard coded some of the ws-security properties with > values to make sure all the required values are present in the > requestContext based on the policy assertions in the wsdl. But my question > is how to make it generic ? Are there any APIs using which we can parse all > the policies from wsdl, pragmatically in Java, and based on the policies > present in the wsdl, we get required values and set to proper ws-security > properties ? I had googled for it in many places but I did not get relevant > topics of my interest ? > > > > -- > View this message in context: http://cxf.547215.n5.nabble.com/How-to- > parse-wsdl-policies-in-java-tp5737761.html > Sent from the cxf-user mailing list archive at Nabble.com.
