WS-SecureConversation

WS-SecureConversation support in CXF builds upon the WS-SecurityPolicy implementation to handle the SecureConverstationToken SecureConversationToken policy assertions that could be found in the WS-SecurityPolicy fragment.

...

One of the "problems" of WS-Security is that the use of strong encryption keys for all communication extracts a hefty performance penalty on the communication. WS-SecureConversation helps to aleviate alleviate that somewhat by allowing the client and service to use the strong encryption at the start to negotiatate a set of new security keys that will be used for furthur communication. This can be a huge benefit if the client needs to send many requests to the service. However, if the client only needs to send a single request and then is discarded, WS-SecureConversation is actually slower as the key negotiation requires and an extra request/response to the server.

With WS-SecureConversation, there are two Security policies that come into affecteffect:

1. The "outer" policy that describes the security requirements for interacting with the actual endpoint. This will contain a SecureConversationToken in it someplace.
2. The "bootstrap" policy that is contained in the SecureConverstationTokenSecureConversationToken. This policy is the policy in affect when the client is negotiating the SecureConversation keys.

...

<jaxws:client name="{http://InteropBaseAddress/interop}XDC-SEES_IPingService" 
    createdFromAPI="true">
    <jaxws:properties>
        <!-- properties for the external policy -->
        <entry key="ws-security.username" value="abcd"/>

        <!-- properties for the SecureConversationToken bootstrap policy -->
        <entry key="ws-security.username.sct" value="efgh"/>
        <entry key="ws-security.callback-handler.sct" 
               value="interop.client.KeystorePasswordCallback"/>
        <entry key="ws-security.encryption.properties.sct" 
               value="etc/bob.properties"/> 
    </jaxws:properties>
</jaxws:client>   

...