Migrating CXF WS-Security to Liberty is easy and straightforward. The migration work
includes migrating the Spring or Spring-like configuration to the server.xml
file. If a CallbackHandler is required, you must also package and install a password CallbackHandler
as a Liberty user feature.
Before you begin
Ensure that you have a working knowledge of CXF WS-Security enabled web services outside
Liberty.
About this task
To protect your web service application with WS-Security, your JAX-WS application must contain a
wsdl that has an embedded WS-Security policy. There must be a PolicyReference to the embedded
WS-Security policy in either the wsdl:binding or wsdl:operation
sections or both. After you migrate your web service to Liberty, you can enable a WS-Security
policy-driven WS-Security configuration. This task describes how you can migrate an Apache CXF
WS-Security configuration to Liberty.
Procedure
- Add the wsSecurity-1.1 feature to the server.xml file to
enable WS-Security in Liberty.
- Add the WS-Security configuration to the server.xml file. CXF WS-Security in Liberty does not support the Spring configuration file, or its equivalent
configuration file from other vendors. You must migrate extra configurations that are defined
outside the policy from the Spring or its equivalent configuration file to the
server.xml file in Liberty.
Create the <wsSecurityClient> element to hold
the client-side configuration, and the <wsSecurityProvider> element to hold the server-side
configuration. All configuration property name and value pairs from CXF and WSS4J must be preserved.
You can use the same name and value pairs from the Spring or equivalent configuration files. For
crypto properties, you must create the <signatureProperties> and <encryptionProperties>
subelements to hold all the required properties. For more information, see Web services security default configuration.
- Package your password callback handler as a Liberty user feature if you have a password callback handler in your Spring configuration files. For more information about the password CallbackHandler, see Developing a password callback handler for WS-Security.
Results
You migrated a WSDL-first web service to Liberty.