I'm writing a code-first web service using Jboss EAP 7 and need to implement WS-Security for username token validation... For this I'm using Apache CXF policies, I managed to make everything work on a contract-first perspective and right now the only thing I need to make it work as a code-first perspective is to include the policy into the generated wsdl... For that I'm using the @org.apache.cxf.annotations.Policy but the code snippet for the policy is not added into the final generated wsdl from Jboss.
here is my code:
...
@WebService(serviceName = "ExampleService", portName = "ExampleService",
endpointInterface = "com.company.webservice.ExampleService",
targetNamespace = "https://service.company.com/company-ws/ExampleService")
@EndpointConfig(configFile = "WEB-INF/jaxws-endpoint-config.xml",
configName = "Custom WS-Security Endpoint")
@Policy(uri = "WEB-INF/company-username-token-policy.xml")
public class ExampleServiceImpl implements ExampleService { ...
here is the WEB-INF/company-username-token-policy.xml
<?xml version="1.0" encoding="UTF-8" ?>
<wsp:Policy wsu:Id="UsernameTokenPolicy" xmlns:wsp="http://www.w3.org/ns/ws-policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsp:ExactlyOne>
<wsp:All>
<sp:SupportingTokens
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssUsernameToken11 />
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SupportingTokens>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
my jboss-deployment-structure.xml has these entries already:
<module name="org.apache.ws.security" export="true" />
<module name="org.apache.cxf" export="true" />
<module name="org.apache.cxf.impl" export="true" />
What am I missing here?
