I'm trying to develop a secure CXF web service with a java-first approach (java2ws). All is fine until I try to define a "IssuedToken" policy as shown, for example, here.
The problem is, of course, that the WSDL is generated, so I can't insert the policy in the WSDL. I tried with the @Policy annotation and managed to generate a proper WSDL file, only to find that the policy is ignored by the service, which doesn't even show it in the "online" WSDL.
So how do I go about implementing a secure web service with a bottom-up approach? Can it be done?
P.S. I'm going to deploy the service in fuse
I think it's not possible this way. As per WS-Thrust Note: Because the WS-IssuedToken support builds on the WS-SecurityPolicy support, this is currently only available to "wsdl first" projects.