Hi, I have been trying to use UsernameToken WS-SecurityPolicy assertion, but I do not see the SOAP headers in the payload. Hence I keep getting the following exception on the server side:
org.apache.cxf.ws.policy.PolicyException: These policy alternatives can not be satisfied: {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802}SupportingTokens {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802}UsernameToken at org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(AssertionInfoMap.java:179) I am using CXF 2.7.11 and following are the relevant client side configurations. Spring config has following entries: <cxf:bus> <cxf:features> <p:policies/> </cxf:features> </cxf:bus> <jaxws:client id="endpoint" serviceClass="com.company.EndpointClassName" </jaxws:client> WSDL refers to policy as follows: <wsp:Policy wsu:Id="DoubleItPlaintextPolicy"> <sp:SupportingTokens> <wsp:Policy> <sp:UsernameToken sp:IncludeToken=" http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient "> <wsp:Policy/> </sp:UsernameToken> </wsp:Policy> </sp:SupportingTokens> </wsp:Policy> …. <wsdl:binding name="xyz_Binding" type="tns:XYZ_PortType"> <wsp:PolicyReference URI="#DoubleItPlaintextPolicy"/> ... The client has cxf-rt-ws-security and cxf-rt-ws-policy dependencies in the classpath. I am using cxf-codegen-plugin to generate the source classes using the WSDL. The serviceClass attribute of jaxws:client element above points to the generated endpoint interface. I am unable to get to the root cause of why SOAP headers are absent in the request, could someone please help me with it? Thanks, Giriraj.