Alessio Soldano [http://community.jboss.org/people/alessio.soldano%40jboss.com] created the discussion "Re: WS-Security on JBoss 6 (with CXF)" To view the discussion, visit: http://community.jboss.org/message/585113#585113 -------------------------------------------------------------- If you want to use the full WS-Security facilities coming with Apache CXF and hence JBossWS-CXF, you need to go through the Spring configuration, which covers the stack specific aspect of configuring the security engine, similarly to what you did with the jboss-wsse-endpoint.xml on JBossWS-Native stack. The documentation on WS-Security w/ JBossWS-CXF is at http://community.jboss.org/docs/DOC-13562 http://community.jboss.org/wiki/JBossWS-StackCXFUserGuide#WSSecurity . Please also consider taking a look at the mentioned Apache CXF doc there. On the countrary, if you just want to implement and home brew solution for checking some of the WS-Security headers, you can avoid setting up security at all and install your custom handlers / interceptors. Handlers configuration is covered by standard specs and hence can be done in a stack agnostic way (see the @HandlerChain annotation). Alternatively, you can use CXF interceptors, declared through @InInterceptor/@OutInterceptor/.. (see Apache CXF doc on that). -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/585113#585113] Start a new discussion in JBoss Web Services at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&...]

vlad bujoreanu [http://community.jboss.org/people/vlad.bujoreanu] created the discussion "Re: WS-Security on JBoss 6 (with CXF)" To view the discussion, visit: http://community.jboss.org/message/596134#596134 -------------------------------------------------------------- Hello, I am trying to migrate to the cxf stack an application that wa previously using the jboss-wsse-endpoint.xml on JBossWS-Native stack to implement username token authentication. I have installed the spring deployer and used the jbossw-cxf.xml file to define username token authentication as in http://community.jboss.org/docs/DOC-13562 http://community.jboss.org/wiki/JBossWS-StackCXFUserGuide#WSSecurity What i want to ask is how to do this part that is indicated there : "Authentication and authorization will simply be delegated to the security domain configured for the endpoint. Of course you can specify the login module you prefer for that security domain (refer the application server / security documentation for that)." How do I do that ? I mean, is if sufficient to annotate my endpoint with @SecurityDomain and specify the application policy in login-config.xml ? -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/596134#596134] Start a new discussion in JBoss Web Services at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&...]