CXF With UsernameToken (WS-Security Policy)

CXF With UsernameToken (WS-Security Policy) explains about step by step details of securing a Web service using UsernameToken Profile

WS-SecurityPolicy  is the binding and/or operation used in the wsdl, a WS-Policy fragment that describes the basic security requirements for interacting consumer.

Here we are implementing security policy by CXF UsernameToken

 

CXF gives two different techniques for adding UsernameToken

1) WS-SecurityPolicy -> In WS-SecurityPolicy, we are applying on WSDL 
level, Here we are defining WS-SecurityPolicy elements on WSDL and 
implement the security mechanism. This could be the best approach 
because client can able to understand which security mechanism is 
implemented and client can able to proceed accordingly.

2) Using CXF interceptors -> Here we are manually adding security 
mechanism to CXF interceptors,the problem on this approach client 
cant able to understand which security mechanism is implemented 
because it is not available on wsdl

CXF With UsernameToken (Interceptor)

CXF With UsernameToken (Interceptor) explains about step by step details of securing a Web service using UsernameToken Interceptor

CXF gives two different techniques for adding UsernameToken

1) WS-SecurityPolicy -> In WS-SecurityPolicy, we are applying on WSDL 
level, Here we are defining WS-SecurityPolicy elements on WSDL and 
implement the security mechanism. This could be the best approach 
because client can able to understand which security mechanism is 
implemented and client can able to proceed accordingly.

2) Using CXF interceptors -> Here we are manually adding security 
mechanism to CXF interceptors,the problem on this approach client 
cant able to understand which security mechanism is implemented 
because it is not available on wsdl