javaspringcxfjax-wscxf-client

how to add UsernameTokenInterceptor cxf interceptor


I'm looking for a way to add security header to my soap request.

I've found the interceptor, which will solve my problem: UsernameTokenInterceptor Could someone suggest me how to create with my arguments (password, username) this bean and correctly insert it into my jaxws client

<jaxws:client id="***" name="***" endpointName="***" serviceName="***" address="***" serviceClass="***" xmlns:tns="***">
<jaxws:outInterceptors>
    <ref bean="myInterceptor" />
</jaxws:outInterceptors>


Solution

  • The UsernameTokenInterceptor is a policy-aware interceptor that gets automatically created if your WSDL has a security policy that matches a sp:UsernameToken (with no other security binding. If so, then a different interceptor is used. UsernameTokenInterceptor is just to insert the UsernameToken). So you only need to specify the username + password as JAX-WS properties and you're done.

    If you don't have a security policy, then you want to use the WSS4JOutInterceptor instead, to manually insert a UsernameToken in the outbound security header.

    For an example of a policy which will trigger the UsernameTokenInterceptor, see the policy called "DoubleItPlaintextPolicy" here:

    https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/DoubleItUt.wsdl;h=c76294cb0f5900e363c0731e358449c93f925fe8;hb=HEAD

    If you want to use the manual approach, there is an example in the CXF docs:

    http://cxf.apache.org/docs/ws-security.html