Joe, This isn’t really a lot to go on. Does the soap endpoint that you are connecting to have a published WSDL? Does the WSDL provide a WS-Policy definition that describes the security requirements? If so, things are significantly easier than if it doesn’t. With the WS-Policy stuff, it should just be a matter of configuring properties on the client (java code, spring config, etc…) for the stuff the policy requires (keystrokes, key aliases, etc…). If the WSDL doesn’t have a policy, things are quite a bit more complex. In that case, you’d have to figure out what the security requirements are and configure in appropriate actions onto a set of WSS4J interceptors.
Anyway, start with looking at the WSDL and see what information is there and then we can figure out the next step. Dan > On Jun 15, 2016, at 1:14 PM, Joe Schaefer <[email protected]> wrote: > > Hi, > I have a business customer who needs a stand-alone web application that can > connect to a SOAP endpoint that requires support for the Oasis WSS > standards for XML encryption and signatures. > > Looking over the documentation for CXF it seems that may be the answer I'm > looking for on some level. However I am a perl guy, so I may need some > assistance braving the java world. My company will naturally compensate on > a contract basis for any coding we need done, but it should be > straightforward. > > I realize the Oasis specs cover a lot of ground, but I do not need more > than a small handset supported. We have familiarity with SOAP UI from > SoftBear which does the job, but is the wrong architecture for a > concurrent, multi-user web services based solution. > > Any advice in this area would be greatly appreciated- I can try to answer > any questions about our needs and requirements to the best of my ability, > but at this point I'm just looking to know if the CXF community can support > this type of use case. > > > TIA! -- Daniel Kulp [email protected] - http://dankulp.com/blog Talend Community Coder - http://coders.talend.com
