Versions Compared

Old Version 28

changes.mady.by.user Glen Mazza

Saved on

compared with

New Version 29

changes.mady.by.user Glen Mazza

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Better clarified when Spring config vs. API config used for WS-Security

...

To enable WS-Security within CXF for a server or a client, you'll need to set up the WSS4J interceptors. You can either do this via the API for standalone web services or via Spring XML configuration for servlet-hosted ones. This section will provide an overview of how to do this, and the following sections will go into more detail about configuring the interceptors for specific security actions.

...

  1. If you are using CXF 2.0.x, you must add the SAAJ(In/Out)Interceptors if you're using WS-Security. (This is done automatically for you with CXF 2.1) These enable creation of a DOM tree for each request/response. The support libraries for WS-Security require DOM trees.
  2. You The web service provider may not need both in and out WS-Security interceptors. For instance, if you are just requiring signatures on incoming messages, you'll the web service provider will just need the incoming interceptorsan incoming WSS4J interceptor and only the SOAP client will need an outgoing one.

Adding the interceptors via the API

...

If you're using Spring to build endpoints (e.g., web services running on a servlet container such as Tomcat), you can easily integrate accomplish the above in using your bean definitions as wellinstead.

Code Block
xml
xml
<import resource="classpath:META-INF/cxf/cxf.xml" />
<import resource="classpath*:META-INF/cxf/cxf-extension-*.xml" />

<jaxws:endpoint id="myService"
  implementor="com.acme.MyServiceImpl"
  address="http://localhost:9001/MyService">
  <jaxws:inInterceptors>
     <!-- SAAJ Interceptor explicitly needed only for 2.0.x --> 
     <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"/>
     <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
       <constructor-arg>
         <map>
           <entry key="action" value="UsernameToken"/>
           <entry key="passwordType" value="PasswordDigest"/>
           <entry key="signaturePropFile" value="..."/>
           ...
         </map>
       </constructor-arg>
     </bean>
  </jaxws:inInterceptors>
</jaxws:endpoint>

...

The USER that is specified is the key alias that you used when creating your keys. The password callback class is responsible for providing the key's password.

Tip
titleTip

If you have multiple actions, e.g. UsernameToken with Signature, just space-separate them in the ACTION property as follows:

Code Block
java
java

outProps.put(WSHandlerConstants.ACTION, "UsernameToken Signature");

Our client_sign.properties file contains several settings to configure WSS4J:

...