Migrating CXF WS-Security to the Liberty profile is easy
and straightforward. The migration work includes migrating the Spring
or Spring-like configuration to the server.xml file.
If a CallbackHandler is required, you must also package and install
a password CallbackHandler as a Liberty user feature.
Before you begin
Ensure that you have a working knowledge of CXF WS-Security
enabled web services outside the Liberty profile.
About this task
To protect your web service application with WS-Security,
your JAX-WS application must contain a wsdl that has an embedded WS-Security
policy. There must be a PolicyReference to the embedded WS-Security
policy in either the wsdl:binding or wsdl:operation sections
or both. After you migrate your web service to the Liberty profile,
you can enable a WS-Security policy-driven WS-Security configuration.
This task describes how you can migrate an Apache CXF WS-Security
configuration to the Liberty profile.
Procedure
- Add the wsSecurity-1.1 feature to the server.xml file
to enable WS-Security in the Liberty profile.
- Add the WS-Security configuration to the server.xml file. CXF WS-Security in the Liberty profile does not support the
Spring configuration file, or its equivalent configuration file from
other vendors. You must migrate extra configurations that are defined
outside the policy from the Spring or its equivalent configuration
file to the server.xml file in the Liberty profile.
Create
the <wsSecurityClient> element to hold the client-side configuration,
and the <wsSecurityProvider> element to hold the server-side configuration.
All configuration property name and value pairs from CXF and WSS4J
must be preserved. You can use the same name and value pairs from
the Spring or equivalent configuration files. For crypto properties,
you must create the <signatureProperties> and <encryptionProperties>
subelements to hold all the required properties. For more information,
see Web services security
default configuration.
- Package your password callback handler as a Liberty profile
user feature if you have a password callback handler in your Spring
configuration files. For more information about the password
CallbackHandler, see Developing
a password callback handler for WS-Security.
Results
You migrated a WSDL-first web service to the Liberty profile.