The problem here is that you have ExactlyOne/All and then multiple security binding policies, so CXF interprets this as both the AsymmetricBinding and TransportBinding are required. Instead, your security policy should read something like:
ExactlyOne All AsymmetricBinding /All All TransportBinding /All /ExactlyOne Colm. On Tue, Oct 24, 2017 at 2:25 PM, pra...@tracelink.com <pra...@tracelink.com> wrote: > Hey all,cxf-bundle- 2.7.15wss4j - 1.6.18I observed something in the soap > message that its security header contains multiple entries for things like > Signature, Timestamp, EncryptedKey etc as shown below. I have basically > generated java sources using wsdl2java and the wsdl lives here: > https://ite-hub.emvs.eu:8088/IProductServiceMahV20161/ > ProductServiceMahV20161.svc?wsdl > . Have you guys ever run into such an issue? > 2017-10-24T13:08:24.583Z 2017-10-24T13:13:24.583Z > 2017-10-24T13:08:24.259Z 2017-10-24T13:13:24.259Z > 100 > 2017-10-24T13:08:24.256Z > In the code this is what I have done: 1. I have an InInterceptor which adds > things like signPropFile, encryptPropFile etc2. In addition I add WS > constants like so: Map<String, Object> ctx = > ((BindingProvider) this.port).getRequestContext(); > ctx.put(SecurityConstants.ENCRYPT_USERNAME, > this.clientInfo.getEncryptAlias()); > ctx.put(SecurityConstants.ENCRYPT_PROPERTIES, > this.propertiesLoader.loadFromFileSystem(this. > clientInfo.getEncryptPropFile())); > ctx.put(SecurityConstants.USERNAME, this.clientInfo.getWssUsername()); > ctx.put(SecurityConstants.CALLBACK_HANDLER, > MyPasswordCallback.class.getCanonicalName()); > ctx.put(SecurityConstants.SIGNATURE_PROPERTIES, > this.propertiesLoader.loadFromFileSystem(this. > clientInfo.getSignPropFile()));Let > me know if there are any thoughts?Thanks,PR > > > > -- > Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com