You could use the WS-SecurityPolicy based configuration instead of the WSS4J interceptor approach!
For this create a .wsdl file from your "java first" webservice and extend it with the and part and put it anywhere in your project. (f.e. /WEB-INF/wsdl)
...
<binding name="SecurityServicePortBinding" type="tns:ServiceIface">
<wsp:PolicyReference URI="#SecurityServiceBindingPolicy"/>
....
</binding>
<service name="SecurityService">
<port name="SecurityServicePort" binding="tns:SecurityServicePortBinding">
<soap:address location="https://localhost:8443/jaxws-samples-wsse-policy-username"/>
</port>
</service>
<wsp:Policy wsu:Id="SecurityServiceBindingPolicy">
<wsp:ExactlyOne>
<wsp:All>
<wsaw:UsingAddressing
xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
wsp:Optional="true" />
<sp:TransportBinding>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken
RequireClientCertificate="false" />
</wsp:Policy>
</sp:TransportToken>
<sp:Layout>
<wsp:Policy>
<sp:Lax />
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128 />
</wsp:Policy>
</sp:AlgorithmSuite>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens>
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssUsernameToken10 />
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SignedSupportingTokens>
<sp:Wss11 />
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
</definitions>
Define the wsdlLocation parameter within the @Webservice annotation and use the @EndpointConfig annotation not @EndpointProperties.
@Stateless
@WebService
(
portName = "SecurityServicePort",
serviceName = "SecurityService",
wsdlLocation = "WEB-INF/wsdl/SecurityService.wsdl",
targetNamespace = "http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy",
endpointInterface = "org.jboss.test.ws.jaxws.samples.wsse.policy.wsdl.ServiceIface"
)
@EndpointConfig(configFile = "WEB-INF/jaxws-endpoint-config.xml", configName = "Custom WS-Security Endpoint")
public class ServiceImpl implements ServiceIface
{
public String sayHello()
{
return helloservice.sayHello();
}
}
Define your ws-security.callback-handler within the WEB-INF/jaxws-endpoint-config.xml.
<?xml version="1.0" encoding="UTF-8"?>
<jaxws-config xmlns="urn:jboss:jbossws-jaxws-config:4.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:javaee="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="urn:jboss:jbossws-jaxws-config:4.0 schema/jbossws-jaxws-config_4_0.xsd">
<endpoint-config>
<config-name>Custom WS-Security Endpoint</config-name>
<property>
<property-name>ws-security.callback-handler</property-name>
<property-value>org.jboss.test.ws.jaxws.samples.wsse.policy.basic.UsernamePasswordCallback</property-value>
</property>
</endpoint-config>
</jaxws-config>
mvn dependencies:
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-ws-security</artifactId>
<version>${cxf.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.jboss.ws.native</groupId>
<artifactId>jbossws-native-core</artifactId>
<version>4.1.1.Final</version>
<scope>provided</scope>
</dependency>
Load the org.apache.ws.security JBOSS module: WEB-INF/jboss-depoyment-structure.xml:
<?xml version="1.0" encoding="UTF-8"?>
<jboss-deployment-structure>
<deployment>
<dependencies>
<module name="org.apache.ws.security"/>
</dependencies>
</deployment>
</jboss-deployment-structure>
I implemented a helloworld projekt: https://github.com/matyig/wsse-policy-username
If you'd like using a Non-WS-SecurityPolicy approach, you could use the spring xml configuration way. You find a good tutorial here:
http://www.jroller.com/gmazza/entry/cxf_usernametoken_profile