Hi, You could take a look at the following code for a UsernameToken:
https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/UsernameTokenInterceptorProvider.java;h=9b3381a6e0483d2da8a0928d204a706dd5674efd;hb=HEAD https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java;h=4325ad9951626e66501974246d0c8a868fe52eb6;hb=HEAD Colm. On Thu, Oct 23, 2014 at 4:25 PM, Christofer Steingrefer < [email protected]> wrote: > Okay, thank you, i will try. > > But i'm new in cxf, do you have any advices or a tutorial / simple example > for me, how to write and integrate it? > > I have a jax-ws endpoint. Should i add the interceptor as InInterceptor in > my configuration xml? > > Thanks, > Chris > > 2014-10-23 16:12 GMT+02:00 Colm O hEigeartaigh <[email protected]>: > > > CXF does not support "SecureConversationTokens" when they are defined as > a > > "SupportingToken" with no accompanying security binding. If the sole > > use-case of your service is just to check that the SecurityContextToken > is > > in the security header of the request, then it is pretty easy to write > your > > own CXF interceptor to check this and assert the appropriate policies. > > > > Colm. > > > > On Thu, Oct 23, 2014 at 2:16 PM, Christofer Steingrefer < > > [email protected]> wrote: > > > > > Hey, > > > > > > i have some problems, hope you can help me. > > > > > > I'm trying to implement my Business Service with cxf, but have some > > > problems with policies. > > > > > > This is the policy definition from my wsdl: > > > <wsp:Policy wsu:Id="AuthSecurityPolicy"> > > > <wsp:ExactlyOne> > > > <wsp:All> > > > <sp:SupportingTokens> > > > <wsp:Policy> > > > <sp:SecureConversationToken > > > sp:IncludeToken=" > > > > > > > > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient > > > "> > > > <sp:Issuer> > > > <wsa:Address>http://localhost:8080/STS > > > </wsa:Address> > > > </sp:Issuer> > > > </sp:SecureConversationToken> > > > </wsp:Policy> > > > </sp:SupportingTokens> > > > </wsp:All> > > > </wsp:ExactlyOne> > > > </wsp:Policy> > > > > > > and this is my Soap-Request: > > > <soapenv:Envelope xmlns:soapenv=" > > http://schemas.xmlsoap.org/soap/envelope/ > > > " > > > xmlns:doub="http://www.example.org/schema/DoubleIt";> > > > <soapenv:Header> > > > <wsse:Security xmlns:wsse=" > > > > > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > > > "> > > > <wsc:SecurityContextToken > wsu:Id="sctId-C369774BE974CD565514139821204088" > > > xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc"; xmlns:wsu=" > > > > > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > > > "> > > > > > > <wsc:Identifier>bipro:C369774BE974CD565514139821204087</wsc:Identifier> > > > </wsc:SecurityContextToken> > > > </wsse:Security> > > > </soapenv:Header> > > > <soapenv:Body> > > > .................. > > > </soapenv:Body> > > > </soapenv:Envelope> > > > > > > I always get a Soap-Fault back: > > > <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";> > > > <soap:Body> > > > <soap:Fault> > > > <faultcode>soap:Server</faultcode> > > > <faultstring>These policy alternatives can not be satisfied: > > > { > > > > > > > > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient}SupportingTokens > > > { > > > > > > > > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient}SecureConversationToken > > > </faultstring> > > > </soap:Fault> > > > </soap:Body> > > > </soap:Envelope> > > > > > > Do you know why? > > > I'm using cxf with version 2.7.11. > > > > > > Thanks, > > > Chris > > > > > > > > > > > -- > > Colm O hEigeartaigh > > > > Talend Community Coder > > http://coders.talend.com > > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
