Ok, honestly then I do not understand where I have a mistake. I use the following policy for WS-SecureConversation:
<wsp:Policy xmlns:wssp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"; wsu:Id="AuthSecurityPolicy"> <wsp:ExactlyOne> <wsp:All> <wssp:TransportBinding> <wsp:Policy> <wssp:TransportToken> <wsp:Policy> <wssp:HttpsToken RequireClientCertificate="false"> </wssp:HttpsToken> </wsp:Policy> </wssp:TransportToken> </wsp:Policy> </wssp:TransportBinding> <wssp:SupportingTokens> <wsp:Policy> <wssp:SecureConversationToken wssp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";> <wssp:Issuer> <wsa:Address>https://localhost:8443/soap-own/SecurityTokenService-2.6.0.1.0</wsa:Address> </wssp:Issuer> </wssp:SecureConversationToken> </wsp:Policy> </wssp:SupportingTokens> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> Furthermore I send a request from a java client with the following code: JaxWsProxyFactoryBean jaxWsproxyFactory = new JaxWsProxyFactoryBean(); jaxWsproxyFactory.setServiceClass(TransferServicePortType.class); jaxWsproxyFactory.setAddress("https://localhost:8443/soap-own/TransferService-2.6.0.1.0?wsdl";); Map<String,Object> props = new HashMap<String, Object>(); props.put("mtom-enabled", Boolean.TRUE); jaxWsproxyFactory.setProperties(props); TransferServicePortType client = (TransferServicePortType) jaxWsproxyFactory.create(); Client clientNew = ClientProxy.getClient(client); clientNew.getRequestContext().put("ws-security.username.sct", "anna"); clientNew.getRequestContext().put("ws-security.password.sct", "anna123"); /*SOAPFactory sf = SOAPFactory.newInstance(); SOAPElement sequenceElement = sf.createElement(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd","wsse:Security";)); SOAPElement identifierElement = sf.createElement(new QName("http://schemas.xmlsoap.org/ws/2005/02/sc","wsc:SecurityContextToken";)); SOAPElement messageNumberElement = sf.createElement(new QName("http://schemas.xmlsoap.org/ws/2005/02/sc","wsc:Identifier";)); messageNumberElement.addTextNode("test:bdaa9e53-3685-4b81-9b9c-9f7f4a0c0d99"); identifierElement.addChildElement(messageNumberElement); sequenceElement.addChildElement(identifierElement); SoapHeader tokenHeader = new SoapHeader(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd","wsse:Security";), sequenceElement); List<Header> headersList = new ArrayList<Header>(); headersList.add(tokenHeader); clientNew.getRequestContext().put(Header.HEADER_LIST, headersList);*/ CTListShipments request = new CTListShipments(); QName qualifiedName = new QName("http://www.test.net/namespace/nachrichten";, "ConsumerID"); JAXBElement<String> ConsumerID = new JAXBElement<>(qualifiedName,String.class,null,"VR-8889991"); QName qualifiedName1 = new QName("http://www.test.net/namespace/transfer";, "KategorieDerLieferung"); JAXBElement<String> KategorieDerLieferung = new JAXBElement<>(qualifiedName1,String.class,null,"130"); request.setConsumerID(ConsumerID); request.setKategorieDerLieferung(KategorieDerLieferung); client.listShipments(request); I enable WS-SecureConversation with the policy definition in the wsdl. On the server side I think that I do not have to do anything more. I hope, my implemented client is ok. The client works if I disable the WS-SecureConversation policy in the wsdl. Maybe I miss something else to get the policy working. Regards, Patrick -- View this message in context: http://cxf.547215.n5.nabble.com/WS-SecureConversation-MTOM-Policy-cannot-be-satisfied-tp5780524p5780788.html Sent from the cxf-user mailing list archive at Nabble.com.
