[jbossws-users] [JBossWS] - Re: Specify WS-Security Handler using JEE standards

I've been looking for the same sollution and found this workaround: I replaced standard client conf with secure one so everything in your app will be under WS-Security. (If you dont need everything encrypted use the wiki instructions) Write your own "endpoint-config" and place it in war META-INF/standard-jaxws-endpoint-config.xml: | <?xml version="1.0" encoding="UTF-8"?> | <jaxws-config xmlns="urn:jboss:jaxws-config:2.0" | xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | xmlns:javaee="http://java.sun.com/xml/ns/javaee" | xsi:schemaLocation="urn:jboss:jaxws-config:2.0 jaxws-config_2_0.xsd"> | | <endpoint-config> | <config-name>Standard Endpoint</config-name> | <post-handler-chains> | <javaee:handler-chain> | <javaee:protocol-bindings>##SOAP11_HTTP ##SOAP11_HTTP_MTOM</javaee:protocol-bindings> | <javaee:handler> | <javaee:handler-name>WSSecurity Handler</javaee:handler-name> | <javaee:handler-class>org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerServer</javaee:handler-class> | </javaee:handler> | <javaee:handler> | <javaee:handler-name>Recording Handler</javaee:handler-name> | <javaee:handler-class>org.jboss.wsf.framework.invocation.RecordingServerHandler</javaee:handler-class> | </javaee:handler> | <javaee:handler> | <!-- YOUR OWN HANDLERS IN POST CHAIN --> | <javaee:handler-name>Encrypted Request Logger</javaee:handler-name> | <javaee:handler-class>org.dropchop.mpg.ws.RequestLogger</javaee:handler-class> | </javaee:handler> | </javaee:handler-chain> | </post-handler-chains> | </endpoint-config> | | </jaxws-config> | and client side .jar (or just in class path) META-INF/standard-jaxws-client-config.xml: | <?xml version="1.0" encoding="UTF-8"?> | <jaxws-config xmlns="urn:jboss:jaxws-config:2.0" | xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | xmlns:javaee="http://java.sun.com/xml/ns/javaee" | xsi:schemaLocation="urn:jboss:jaxws-config:2.0 jaxws-config_2_0.xsd"> | | <client-config> | <config-name>Standard Client</config-name> | <post-handler-chains> | <javaee:handler-chain> | <javaee:protocol-bindings>##SOAP11_HTTP ##SOAP11_HTTP_MTOM</javaee:protocol-bindings> | <javaee:handler> | <javaee:handler-name>WSSecurityHandlerOutbound</javaee:handler-name> | <javaee:handler-class>org.jboss.ws.extensions.security.jaxws.WSSecurityHandlerClient</javaee:handler-class> | </javaee:handler> | </javaee:handler-chain> | </post-handler-chains> | <property> | <property-name>http://org.jboss.ws/http#chunksize</property-name> | <property-value>2048</property-value> | </property> | </client-config> | </jaxws-config> | Your files will be loaded before the ones from jboss libs and you can delete all references to jboss libs from your source code. I guess its a hack, but in my humble opinion after reading a spec (JAX-WS 2.1), user of native stack should be able to add his(hers) processing logic before SOAP protocol handling. With current jbossws (in AS 5.0.0GA) this is imposible since POST chains are delgated to execution before ENDPOINT. I tested it so it works for me. (use it at your own risk since I'm not sure its ok)... View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4226230#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...