Yes it's possible to add headers and sign and encrypt them. There is a test which demonstrates how to do this for encryption, although Signature works as well:
https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java;h=55b8298aa93bed4622c3f2f283a04b8294725aad;hb=HEAD See "testKeyIdentifier2". The header is added with: List<Header> headers = new ArrayList<Header>(); Header dummyHeader = new Header(new QName("uri:org.apache.cxf", "dummy"), "dummy-header", new JAXBDataBinding(String.class)); headers.add(dummyHeader); ((BindingProvider)x509Port).getRequestContext().put(Header.HEADER_LIST, headers); The WSDL is here. You can see that the header is added to the encryption parts for the "DoubleIt2" operation: https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItOperations.wsdl;h=836f02e0c4c7ae851f4f475ca84a17724dbf2236;hb=HEAD On Mon, Oct 24, 2016 at 10:19 AM, Martin Fernau <martin.fer...@fernausoft.de > wrote: > No one? > > Is it not possible with CXF or is it an unusual demand? > I need to consume this webservice. If its not possible with CXF I need to > find another way but I'd like to stick with CXF. > > Thanks > Martin > > > Am 20.10.2016 um 10:00 schrieb Martin Fernau: > >> Hi, >> >> is it possible to call a webservice with the following ws-security >> content: >> --cut >> <wsp:Policy wsu:Id="CustomBinding_IService >> Customer_InsertCustomer_Input_policy"> >> <wsp:ExactlyOne> >> <wsp:All> >> <sp:SignedParts xmlns:sp="http://schemas.xmlso >> ap.org/ws/2005/07/securitypolicy"> >> <sp:Body/> >> <sp:Header Name="FfeHeader" Namespace=" >> http://tempuri.org/"/> >> <sp:Header Name="To" Namespace="http://www.w3.org/2 >> 005/08/addressing"/> >> <sp:Header Name="From" Namespace="http://www.w3.org/2 >> 005/08/addressing"/> >> <sp:Header Name="FaultTo" Namespace=" >> http://www.w3.org/2005/08/addressing"/> >> <sp:Header Name="ReplyTo" Namespace=" >> http://www.w3.org/2005/08/addressing"/> >> <sp:Header Name="MessageID" Namespace=" >> http://www.w3.org/2005/08/addressing"/> >> <sp:Header Name="RelatesTo" Namespace=" >> http://www.w3.org/2005/08/addressing"/> >> <sp:Header Name="Action" Namespace=" >> http://www.w3.org/2005/08/addressing"/> >> </sp:SignedParts> >> <sp:EncryptedParts xmlns:sp="http://schemas.xmlso >> ap.org/ws/2005/07/securitypolicy"> >> <sp:Body/> >> <sp:Header Name="FfeHeader" Namespace=" >> http://tempuri.org/"/> >> </sp:EncryptedParts> >> </wsp:All> >> </wsp:ExactlyOne> >> </wsp:Policy> >> --cut >> >> The problematic part is the "FfeHeader" which needs to be encrypted and >> signed. >> All the other parts are working (as far as I can tell). >> If I use wsdl2java a class file for the FfeHeader-Type is generated but I >> can find a way how to add it to my request. Thus the resulting request >> contains no such header and therefore the server fails to understand my >> request: >> --cut >> Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: Object >> reference not set to an instance of an object. >> --cut >> >> I only know the following way to add a custom header to my request: >> --cut >> ObjectFactory of = new ObjectFactory(); >> List<Header> headersList = new ArrayList<Header>(); >> // HeaderType is the generated class for FfeHeader >> HeaderType type = of.createHeaderType(); >> // call several setters on 'type' >> [...] >> >> Header ffeHeader = new Header(new QName("http://tempuri.org", >> "FfeHeader"), type, new JAXBDataBinding(HeaderType.class)); >> headersList.add(ffeHeader); >> client.getRequestContext().put(Header.HEADER_LIST, headersList); >> --cut >> But this way the FfeHeader is neither signed nor encrypted and the call >> fails with exact the same error message. >> >> I would appreciate any kind of help. >> >> Thanks >> Martin >> > > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com