Migrating CXF WS-Security to Liberty is easy and straightforward. The migration work includes migrating the Spring or Spring-like
configuration to the server.xml file. If a CallbackHandler is required, you
must also package and install a password CallbackHandler as a Liberty user feature.
Before you begin
Ensure that you have a working knowledge of CXF WS-Security enabled web services outside
Liberty.
About this task
To protect your web service application with WS-Security, your JAX-WS application must contain a
wsdl that has an embedded WS-Security policy. There must be a PolicyReference to the embedded
WS-Security policy in either the wsdl:binding or wsdl:operation
sections or both. After you migrate your web service to Liberty, you can enable a WS-Security
policy-driven WS-Security configuration. This task describes how you can migrate an Apache CXF
WS-Security configuration to Liberty.
Procedure
- Add the wsSecurity-1.1 feature to the server.xml file to
enable WS-Security in Liberty.
- Add the WS-Security configuration to the server.xml file. CXF WS-Security in Liberty does not
support the Spring configuration file, or its equivalent configuration file from other vendors. You
must migrate extra configurations that are defined outside the policy from the Spring or its
equivalent configuration file to the server.xml file in Liberty.
Create the <wsSecurityClient>
element to hold the client-side configuration, and the <wsSecurityProvider> element to hold the
server-side configuration. All configuration property name and value pairs from CXF and WSS4J must
be preserved. You can use the same name and value pairs from the Spring or equivalent configuration
files. For crypto properties, you must create the <signatureProperties> and
<encryptionProperties> subelements to hold all the required properties. For more information, see
Web services security default
configuration.
- Package your password callback handler as a Liberty user feature if you have a password
callback handler in your Spring configuration files. For more information about the password CallbackHandler, see Developing a password callback handler for
WS-Security.
Results
You migrated a WSDL-first web service to
Liberty.