I have a problem using WS-SecurityPolicy in the WSDL. I want to use authentication with username token
and have declared that using ws-policy in the WSDL file.
in the jbossws-cxf.xml file I have declared properties for a callback validating the password.
When calling the web service with the correct username and password the callback is called,
but I still get thhe fault:
<soap:Fault>
<faultcode>soap:Server</faultcode>
<faultstring>These policy alternatives can not be satisfied:
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SupportingTokens
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken</faultstring>
</soap:Fault>
The following policy is used:
<wsp:Policy wsu:Id="servicePolicy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SupportingTokens>
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssUsernameToken10/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SupportingTokens>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
and this is the endpoint declaration:
<jaxws:endpoint id="TestServiceImpl"
address="/services/Organization/TestService"
implementor="com.ebuilder.service.Test.TestServiceImpl"
wsdlLocation="META-INF/wsdl/TestService.wsdl">
<jaxws:properties>
<entry key="action" value="UsernameToken"/>
<entry key="passwordType" value="PasswordText"/>
<entry key="ws-security.callback-handler" value="com.mycompany.ws.wsse.ServerPasswordCallback">
</entry>
</jaxws:properties>
<jaxws:invoker>
<bean class='org.jboss.wsf.stack.cxf.InvokerEJB3'/>
</jaxws:invoker>
<jaxws:features>
<bean class="org.apache.cxf.feature.LoggingFeature"/>
</jaxws:features>
</jaxws:endpoint >
/Mikael