I'm trying to call a third party SOAP web service by using Camel & CXF. Here is an excerpt from the wsdl
<message name="setDeviceDetailsv4">
<part name="parameters" element="tns:setDeviceDetailsv4"></part>
<part name="gdspHeader" element="tns:gdspHeader"></part>
</message>
<message name="setDeviceDetailsv4Response">
<part name="result" element="tns:setDeviceDetailsv4Response"></part>
</message>
<portType name="SetDeviceDetailsv4">
<operation name="setDeviceDetailsv4" parameterOrder="parameters gdspHeader">
<input message="tns:setDeviceDetailsv4"></input>
<output message="tns:setDeviceDetailsv4Response"></output>
</operation>
</portType>
<binding name="SetDeviceDetailsv4PortBinding" type="tns:SetDeviceDetailsv4">
<soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document"></soap:binding>
<operation name="setDeviceDetailsv4">
<soap:operation soapAction=""></soap:operation>
<input>
<soap:body use="literal" parts="parameters"></soap:body>
<soap:header message="tns:setDeviceDetailsv4" part="gdspHeader" use="literal"></soap:header>
</input>
<output>
<soap:body use="literal"></soap:body>
</output>
</operation>
</binding>
<service name="SetDeviceDetailsv4Service">
<port name="SetDeviceDetailsv4Port" binding="tns:SetDeviceDetailsv4PortBinding">
<soap:address location="http://localhost:${HttpDefaultPort}/GDSPWebServices/SetDeviceDetailsv4Service"></soap:address>
</port>
</service>
As one can see, the soap body uses the "parameters" part which is mentioned in the wsdl above, related to tns:setDeviceDetailsv4.
The example client code looks like this:
System.out.println("Invoking setDeviceDetailsv4...");
SetDeviceDetailsv4_Type _setDeviceDetailsv4_parameters = null;
GdspHeader _setDeviceDetailsv4_gdspHeader = null;
SetDeviceDetailsv4Response _setDeviceDetailsv4__return = port.setDeviceDetailsv4(_setDeviceDetailsv4_parameters, _setDeviceDetailsv4_gdspHeader);
System.out.println("setDeviceDetailsv4.result=" + _setDeviceDetailsv4__return);
When I make a call through my camel route that matches the client code above, I was expecting CXF / Camel to append the "gdspHeader" to the soap header but it's not, it's sending it as a parameter to the web method. A separate developer hand coded the SOAP call and here is what he had and it works perfectly !!
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ws="http://ws.gdsp.xxxxxxx.com/">
<soapenv:Header>
<ws:gdspHeader>
<gdspCredentials>
<userId>xxxx</userId>
<password>xxxx</password>
</gdspCredentials>
</ws:gdspHeader>
</soapenv:Header>
<soapenv:Body>
<ws:setDeviceDetailsv4>
<deviceId>xxxxxx</deviceId>
<state>x</state>
</ws:setDeviceDetailsv4>
</soapenv:Body>
</soapenv:Envelope>
Yet when I make a call through Camel, here is what I get as the SOAP message:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<ns2:gdspHeader xmlns:ns2="http://ws.gdsp.xxxx.com/">
<gdspCredentials>
<password>xxxx</password>
<userId>xxxx</userId>
</gdspCredentials>
</ns2:gdspHeader>
</soap:Header>
<soap:Body>
<ns1:setDeviceDetailsv4 xmlns:ns1="http://ws.gdsp.Xxxxx.com/">
<ns2:arg0 xmlns:ns2="http://ws.gdsp.xxx.com/">
<deviceId>xxxx</deviceId>
<state>x</state>
</ns2:arg0>
<ns2:arg1 xmlns:ns2="http://ws.gdsp.xxxx.com/">
<gdspCredentials>
<password>xxxx</password>
<userId>xxxx</userId>
</gdspCredentials>
</ns2:arg1>
</ns1:setDeviceDetailsv4>
</soap:Body>
</soap:Envelope>
and it FAILS. I've tried to make the gdspCredentials NULL and that doesn't work and if I only pass in one parameter, CXF throws a soap fault stating that the method requires two parameters.
Here is a portion of my pom.xml file
<build>
<plugins>
<plugin>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-codegen-plugin</artifactId>
<version>2.7.7</version>
<executions>
<execution>
<id>generate-sources</id>
<phase>generate-sources</phase>
<configuration>
<wsdlOptions>
<wsdlOption>
<frontEnd>jaxws21</frontEnd>
<faultSerialVersionUID>1</faultSerialVersionUID>
<wsdl>src/main/resources/wsdl/extWebServices.wsdl</wsdl>
<extraargs>
<extraarg>-client</extraarg>
</extraargs>
</wsdlOption>
</wsdlOptions>
</configuration>
<goals>
<goal>wsdl2java</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
How can I get my Camel / CXF call to match what the other developer had done?
The wsdl didn't work out of the box for my needs. I was able to modify the wsdl to remove the "header" option and use an interceptor for handle the header portion and a processor to handle the response & request marshalling / unmarshalling.
Related
In a migration from Oracle BPEL to Apache Camel, which particular considerations should I have for migrating forEach (Oracle) to loop (Camel)?
this one is the BPEL file. How can I convert that to use Apache Camel loop? I am finding trouble in using loop tag from Apache Camel.
<sequence name="main">
<!-- Receive input from requestor. (Note: This maps to operation defined in ExemploForBPELProcess.wsdl) -->
<receive name="receiveInput" partnerLink="exemploforbpelprocess_client" portType="client:ExemploForBPELProcess" operation="process" variable="inputVariable" createInstance="yes"/>
<!-- Generate reply to synchronous request -->
<assign name="olaAssign">
<copy>
<from>'Hi:'</from>
<to>$outputVariable.payload/client:result</to>
</copy>
</assign>
<forEach parallel="no" counterName="ForEachNomeCounter" name="ForEachNome">
<startCounterValue>1</startCounterValue>
<finalCounterValue>ora:countNodes('inputVariable','payload','client:nome')</finalCounterValue>
<scope name="Scope" exitOnStandardFault="no">
<assign name="NomeAssign">
<copy>
<from>concat($outputVariable.payload/client:result,' ',$inputVariable.payload/client:nome[$ForEachNomeCounter],',')</from>
<to>$outputVariable.payload/client:result</to>
</copy>
</assign>
</scope>
</forEach>
<assign name="FimAssign">
<copy>
<from>concat($outputVariable.payload/client:result,' all fine?')</from>
<to>$outputVariable.payload/client:result</to>
</copy>
</assign>
<reply name="replyOutput" partnerLink="exemploforbpelprocess_client" portType="client:ExemploForBPELProcess" operation="process" variable="outputVariable"/>
</sequence>
</process>
Is there a way to implement sequential http requests in one scenario?
Clearly what i want: make a load test on REST API with "simulating" users behavior.
1.1. User goes to /a
1.2. Get some info
2.1. Then fo to /b with some previously taken info
2.2. ... etc
And this scenario must be executed by some amount of VU at same time.
But what i see on graphics all VU doing request 1 simultaneously multiple times then all do request 2 and so on:
requests to /a goes for 10s
then requests to /b goes for 10s
But each rout response in about 20-30ms, so its not delaying by waiting response.
That's now how users will behavior and not what i want from my test.
What i am doing in my project:
pom.xml:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>a</groupId>
<artifactId>b</artifactId>
<version>1.0.0</version> <!-- build_version -->
<properties>
<java.version>1.8</java.version>
<scala.version>2.12</scala.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<scala.maven.plagin.version>4.4.0</scala.maven.plagin.version>
<gatling.maven.plagin.version>3.0.5</gatling.maven.plagin.version>
<gatling.version>3.3.1</gatling.version>
</properties>
<dependencies>
<dependency>
<groupId>io.gatling.highcharts</groupId>
<artifactId>gatling-charts-highcharts</artifactId>
<version>${gatling.version}</version>
<scope>test</scope>
</dependency>
</dependencies>
<repositories>
<repository>
<id>sonatype</id>
<url>https://oss.sonatype.org/content/repositories/releases/</url>
</repository>
</repositories>
<build>
<sourceDirectory>src/main/scala</sourceDirectory>
<testSourceDirectory>src/test/scala</testSourceDirectory>
<plugins>
<plugin>
<groupId>io.gatling</groupId>
<artifactId>gatling-maven-plugin</artifactId>
<version>${gatling.maven.plagin.version}</version>
<executions>
<execution>
<goals>
<goal>test</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>net.alchim31.maven</groupId>
<artifactId>scala-maven-plugin</artifactId>
<version>${scala.maven.plagin.version}</version>
<configuration>
<jvmArgs>
<jvmArg>-Xss100M</jvmArg>
</jvmArgs>
<args>
<arg>-target:jvm-${java.version}</arg>
<arg>-deprecation</arg>
<arg>-feature</arg>
<arg>-unchecked</arg>
<arg>-language:implicitConversions</arg>
<arg>-language:postfixOps</arg>
</args>
</configuration>
<executions>
<execution>
<goals>
<goal>compile</goal>
<goal>testCompile</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>
.scala file:
import io.gatling.core.Predef._
import io.gatling.core.structure.ScenarioBuilder
import io.gatling.http.Predef._
import io.gatling.http.protocol.HttpProtocolBuilder
import scala.concurrent.duration._
class SimpleScenario extends Simulation {
val users = 200
val maxRPS = 200
val rampUp: FiniteDuration = 1 minutes
val duration: FiniteDuration = 1 minutes
val httpProtocol: HttpProtocolBuilder = http
.baseUrl("http://some.site")
val scn0: ScenarioBuilder = scenario("ASimulation")
.exec(
Seq(
exec(
http("a")
.post("/a")
.body(StringBody("""{"username": "a", "password": "b"}"""))
.check(status.is(200))
)
.exec(
http("b")
.get("/b")
.check(status.is(200))
)
// ... and so on
)
)
setUp(
scn0
.inject(
constantConcurrentUsers(users) during(rampUp + duration)
)
.throttle(
reachRps(maxRPS) in (rampUp),
holdFor(duration)
)
).protocols(httpProtocol)
}
Command that i run to execute test:
mvn gatling:test
And i am tryed already:
.repeat(1)
.exec without Seq
chain of .exec's outside of one
so its not delaying by waiting response
Yes it is. Each virtual user will wait for response "a" before sending request "b".
Please help me out with this:
Have used Maven and tried loading Ontology file using OWL API..
Getting errors while running the file:
1st Error :
No implementation for
java.util.Set was
bound. while locating
java.util.Set
for parameter 0 at uk.ac.manchester.cs.owl.owlapi.OWLOntologyManagerImpl.setOntologyStorers(OWLOntologyManagerImpl.java:1279)
at
uk.ac.manchester.cs.owl.owlapi.OWLOntologyManagerImpl.setOntologyStorers(OWLOntologyManagerImpl.java:1279)
at uk.ac.manchester.cs.owl.owlapi.OWLAPIImplModule.configure(Unknown
Source)
2nd Error :
An exception was caught and reported. Message:
org.semanticweb.owlapi.manchestersyntax.parser.ManchesterOWLSyntaxOntologyParserFactory
cannot be cast to javax.inject.Provider at
org.semanticweb.owlapi.OWLAPIServiceLoaderModule.configure(Unknown
Source)
My code looks like:
File selectedFile = new File("E:\\Pallavi\\Ontology\\Food.owl");
OWLOntologyManager m = OWLManager.createOWLOntologyManager();
IRI inputDocumentIRI = IRI.create(selectedFile);
/* Load an ontology from a document IRI */
OWLOntology ontology = m.loadOntologyFromOntologyDocument(inputDocumentIRI);
/* Report information about the ontology */
System.out.println("Ontology Loaded...");
System.out.println("Document IRI: " + inputDocumentIRI);
System.out.println("Logical IRI : " + ontology.getOntologyID());
System.out.println("Format : " + m.getOntologyFormat(ontology));
m.removeOntology(ontology);
System.out.println("Done");
My pom.xml looks like:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.mycompany</groupId>
<artifactId>TestOWL</artifactId>
<version>1.0-SNAPSHOT</version>
<packaging>jar</packaging>
<build>
<plugins>
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
<version>2.5.3</version>
<extensions>true</extensions>
<configuration>
<instructions>
<Implementation-Title>${project.name}</Implementation-Title>
<Implementation-Vendor>${project.organization.name}</Implementation-Vendor>
<Implementation-Version>${project.version}.${maven.build.timestamp}</Implementation-Version>
<Bundle-SymbolicName>org.semanticweb.owl.owlapi</Bundle-SymbolicName>
<Bundle-Version>${project.version}</Bundle-Version>
<excludeDependencies>groupId=com.google.guava;scope=compile|runtime|provided,
groupId=com.google.inject*;scope=compile|runtime|provided,
groupId=org.slf4j*;scope=compile|runtime|provided</excludeDependencies>
</instructions>
</configuration>
</plugin>
<plugin>
<artifactId>maven-shade-plugin</artifactId>
<version>2.3</version>
<executions>
<execution>
<phase>package</phase>
<configuration>
<artifactSet>
<excludes>
<exclude>org.apache.felix:org.osgi.core</exclude>
<exclude>org.openrdf.sesame:*</exclude>
<exclude>com.fasterxml.jackson.core:*</exclude>
<exclude>com.github.jsonld-java:*</exclude>
<exclude>com.fasterxml.jackson.core:*</exclude>
<exclude>org.apache.httpcomponents:*</exclude>
<exclude>commons-codec:commons-codec:*</exclude>
<exclude>org.slf4j:*</exclude>
<exclude>org.semarglproject:*</exclude>
<exclude>com.google.guava:*</exclude>
<exclude>com.google.inject:*</exclude>
<exclude>javax.inject:*</exclude>
<exclude>aopalliance:*</exclude>
<exclude>com.google.inject.extensions:*</exclude>
<exclude>com.google.code.findbugs:*</exclude>
<exclude>org.slf4j:slf4j-api</exclude>
<exclude>commons-io:*</exclude>
<exclude>org.tukaani:*</exclude>
<exclude>net.sf.trove4j:*</exclude>
</excludes>
</artifactSet>
<transformers>
<transformer/>
</transformers>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
<dependencies>
<dependency>
<groupId>com.github.ansell.owlapi</groupId>
<artifactId>owlapi-api</artifactId>
<version>3.4.6.2-ansell</version>
</dependency>
<dependency>
<groupId>net.sourceforge.owlapi</groupId>
<artifactId>owlapi-apibinding</artifactId>
<version>5.0.5</version>
</dependency>
<dependency>
<groupId>net.sourceforge.owlapi</groupId>
<artifactId>owlapi-osgidistribution</artifactId>
<version>5.0.5</version>
</dependency>
</dependencies>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
</properties>
</project>
Please help me to get rid of these errors
You are excluding necessary dependencies for owlapi, which explains all the injection related errors.
On top of that, you're using owlapi 5 and the Ansell fork of owlapi 3. These will conflict in many areas.
If you are not using OSGi (seems no) drop all dependencies except owlapi-apibinding for 5.0.5 and remove all exclusions. If that does not solve the problem, update the question with the new state of affairs.
I use mule CE 3.3.0. My project has the following:
<mule xmlns:http="http://www.mulesoft.org/schema/mule/http"
xmlns:cxf="http://www.mulesoft.org/schema/mule/cxf" xmlns:scripting="http://www.mulesoft.org/schema/mule/scripting"
xmlns="http://www.mulesoft.org/schema/mule/core" xmlns:doc="http://www.mulesoft.org/schema/mule/documentation"
xmlns:mule-ss="http://www.mulesoft.org/schema/mule/spring-security"
xmlns:ss="http://www.springframework.org/schema/security"
xmlns:spring="http://www.springframework.org/schema/beans" version="CE-3.3.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.mulesoft.org/schema/mule/http http://www.mulesoft.org/schema/mule/http/current/mule-http.xsd
http://www.mulesoft.org/schema/mule/cxf http://www.mulesoft.org/schema/mule/cxf/current/mule-cxf.xsd
http://www.mulesoft.org/schema/mule/spring-security http://www.mulesoft.org/schema/mule/spring-security/3.3/mule-spring-security.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-current.xsd
http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/current/mule.xsd
http://www.mulesoft.org/schema/mule/scripting http://www.mulesoft.org/schema/mule/scripting/current/mule-scripting.xsd ">
<global-property name="allowed" value="192.168.3.76,192.168.3.74,192.168.3.75" />
<configuration>
<expression-language>
<global-functions>
def parseIp(fullIp) {
return fullIp.substring(fullIp.indexOf('/') + 1, fullIp.indexOf(':'))
}
</global-functions>
</expression-language>
</configuration>
<http:connector name="httpConnector" doc:name="HTTP\HTTPS">
<service-overrides sessionHandler="org.mule.session.NullSessionHandler" />
</http:connector>
<mule-ss:security-manager>
<mule-ss:delegate-security-provider
name="memory-dao" delegate-ref="authenticationManager" />
</mule-ss:security-manager>
<spring:beans>
<ss:authentication-manager
xmlns:ss="http://www.springframework.org/schema/security" alias="authenticationManager">
<ss:authentication-provider>
<ss:user-service id="userService">
<ss:user name="weather" password="weather" authorities="ROLE_ADMIN" />
</ss:user-service>
</ss:authentication-provider>
</ss:authentication-manager>
</spring:beans>
<flow name="OML_News" doc:name="OML_News">
<http:inbound-endpoint host="localhost" port="9091"
path="iran/oml_news" exchange-pattern="request-response" doc:name="HTTP">
<mule-ss:http-security-filter realm="mule-realm" />
</http:inbound-endpoint>
<expression-filter
expression="#['${allowed}'.contains(parseIp(message.inboundProperties['MULE_REMOTE_CLIENT_ADDRESS']))]"
doc:name="Expression" />
<cxf:proxy-service
service="Weather"
wsdlLocation="http://wsf.cdyne.com/WeatherWS/Weather.asmx?wsdl"
namespace="http://ws.cdyne.com/WeatherWS/"
validationEnabled="true" doc:name="SOAP">
</cxf:proxy-service>
<copy-properties propertyName="SOAPAction" doc:name="Property" />
<cxf:proxy-client doc:name="SOAP" />
<outbound-endpoint
address="http://wsf.cdyne.com/WeatherWS/Weather.asmx"
exchange-pattern="request-response" doc:name="Generic">
</outbound-endpoint>
</flow>
I launch a cxf service. There are some customers who use wsdl address in my cxf service and they implemented web services. Now I want that will be possible to determine how many users are using my wsdl address and each of them how many requests do send to my server? In fact, I want create a report system.
There are several ways you can do this, for example you can add a wiretap after your http inbound endpoint and invoke either a custom component that gather statistics in a database or more elegantly call a flow that does this.
<http:inbound-endpoint address="http://yourendpointaddress:8080/path" />
<wire-tap>
<vm:outbound-endpoint path="stats" />
</wire-tap>
And then
<flow name="statsFlow">
<vm:inbound-endpoint path="stats" />
<!-- gather stats from the headers -->
<jdbc:outbound-endpoint queryKey="insertStatsIntoDB" />
</flow>
This should gather statistics without affecting performance.
I was wondering if it is possible to build a cxf-bc with WS-SecurityPolicy instead of just the WS-Security. WS-SecurityPolicy seems to be a more elegant solution since everything is in the WSDL. Examples welcome. :)
Well with David's help I got the CXF-BC to install and running on the ESB, but I can't seem to test it. It keeps coming back with:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<soap:Fault>
<faultcode>soap:Server</faultcode>
<faultstring>These policy alternatives can not be satisfied:
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken</faultstring>
</soap:Fault>
</soap:Body>
</soap:Envelope>
My msg:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:typ="http://nwec.faa.gov/wxrec/UserAccount/types">
<soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-25" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>bob</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">bobspassword</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
<wsa:Action>http://nwec.faa.gov/wxrec/UserAccount/UserAccountPortType/ApproveDenyAccountRequest</wsa:Action>
</soapenv:Header>
<soapenv:Body>
...
</soapenv:Body>
Here's the policy in the wsdl:
<wsp:Policy wsu:Id="UserAccountBindingPolicy" xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:ExactlyOne>
<wsp:All>
<wsaw:UsingAddressing xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" wsp:Optional="true" />
<wsp:Policy >
<sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
<wsp:Policy>
<sp:WssUsernameToken10 />
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
As of the resolution of https://issues.apache.org/activemq/browse/SMXCOMP-711 and https://issues.apache.org/activemq/browse/SMXCOMP-712 (servicemix-cxf-bc-2010.01) it should be possible and easy to do.
See http://fisheye6.atlassian.com/browse/servicemix/components/bindings/servicemix-cxf-bc/trunk/src/test/java/org/apache/servicemix/cxfbc/ws/security/CxfBcSecurityJAASTest.java?r=HEAD for an example. Specifically the testJAASPolicy method.
As for the error relating to asserting the UsernameToken assertion, you may want to try putting the UsernameToken assertion inside of a SupportingToken or binding assertion depending on what you want to do with the token. It looks like you just want a username and password to be passed in the message without any other security such as a cryptographic binding of the token to the message or encryption so a supporting token will likely fit your needs.
I also urge you to consider the following additional precautions when using a UsernameToken:
Cryptographically bind the token to the message using a signature.
Use a nonce and created timestamp and cache the token on the server to prevent replay
Consider encrypting the token (before signing if you also sign) using XML enc
Using TLS either in lieu of or in addition to the above suggestions
With david's and Freeman over at the servicemix-user mailing-list. I was able finally get the correct configuration to implement WS-Security Policy.
Here's my final beans.xml for the my BC
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:cxfbc="http://servicemix.apache.org/cxfbc/1.0" xmlns:util="http://www.springframework.org/schema/util"
xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:sec="http://cxf.apache.org/configuration/security"
xmlns:person="http://www.mycompany.com/ws-sec-proto"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util.xsd
http://servicemix.apache.org/cxfbc/1.0
http://repo2.maven.org/maven2/org/apache/servicemix/servicemix-cxf-bc/2010.01/servicemix-cxf-bc-2010.01.xsd
http://cxf.apache.org/transports/http-jetty/configuration
http://cxf.apache.org/schemas/configuration/http-jetty.xsd
http://cxf.apache.oarg/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd">
<import resource="classpath:META-INF/cxf/cxf.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-http.xml" />
<import resource="classpath:META-INF/cxf/osgi/cxf-extension-osgi.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-policy.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-ws-security.xml" />
<bean id="myPasswordCallback" class="com.mycompany.ServerPasswordCallback" />
<cxfbc:consumer wsdl="classpath:wsdl/person.wsdl"
targetService="person:PersonService" targetInterface="person:Person"
properties="#properties" delegateToJaas="false" >
<!-- not important for ws-security
<cxfbc:inInterceptors>
<bean class="com.mycompany.SaveSubjectInterceptor" />
<bean class="org.apache.cxf.interceptor.LoggingInInterceptor" />
</cxfbc:inInterceptors>
-->
</cxfbc:consumer>
<util:map id="properties">
<entry>
<key>
<util:constant
static-field="org.apache.cxf.ws.security.SecurityConstants.CALLBACK_HANDLER" />
</key>
<ref bean="myPasswordCallback" />
</entry>
</util:map>
<httpj:engine-factory bus="cxf">
<httpj:engine port="9001">
<httpj:tlsServerParameters>
<sec:keyManagers keyPassword="password">
<sec:keyStore type="JKS" password="password" resource="certs/cherry.jks" />
</sec:keyManagers>
<sec:cipherSuitesFilter>
<sec:include>.*_WITH_3DES_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:exclude>.*_WITH_NULL_.*</sec:exclude>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
<sec:clientAuthentication want="false"
required="false" />
</httpj:tlsServerParameters>
</httpj:engine>
</httpj:engine-factory>
<bean id="cxf" class="org.apache.cxf.bus.CXFBusImpl" />
<bean class="org.apache.servicemix.common.osgi.EndpointExporter" />
</beans>
Full example can be found here but it may not be there after a while.