How do you add security policy wsp:Policy
in wsdl
document that I am trying to create for my SOAP web service?
<wsp:Policy wsu:Id="UserNameWSTrustBinding_IWSTrust13Async_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>...</wsp:Policy>
</sp:TransportBinding>
<sp:SignedEncryptedSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>...</wsp:Policy>
</sp:SignedEncryptedSupportingTokens>
<sp:EndorsingSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>...</wsp:Policy>
</sp:EndorsingSupportingTokens>
<sp:Wss11 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">...</sp:Wss11>
<sp:Trust13 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">...</sp:Trust13>
<wsaw:UsingAddressing/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
I am using JAX-WS along with Spring for building the SOAP web service. Part of service is also to provide metadata which is mostly I am building by writing WSDL definition using WSDL4J
API. Something like below:
WSDLFactory wsdlFactory = WSDLFactory.newInstance();
Definition definition = wsdlFactory.newDefinition();
// Namespaces
setNamespaces(definition);
// Policy
setPolicy(definition);
// Messages - Input
setInputMessageForWSDLDefinition(definition);
// Messages - Output
setOutputMessageForWSDLDefinition(definition);
// PortType
setPortTypeForWSDLDefinition(definition);
// Binding
setBindingForWSDLDefinition(definition);
// Service
setServiceForWSDLDefinition(definition, singleSignOnService);
This is how I added policy to wsdl
@Policies(
{ @Policy(uri = "classpath:SecurityPolicy.xml") })
apache-cxf
provides this facility to add policy to wsdl