Hi all,

I am trying to enable the addition of a WS-Security username token to outbound client calls of a service that is defined in the service's WS-Policy file as required. The header should be like this:

<soapenv:Header>
   <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
   <wsse:UsernameToken>
   <wsse:Username>username</wsse:Username>
   <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">65468476846346847631sdfasdfa</wsse:Password>
   </wsse:UsernameToken>
   </wsse:Security>
</soapenv:Header>

I believe it should be possible to do this for a specific endpoint by configuring the JBoss application container (I am using EAP 6.4). I am confused because the examples in the Wildfly and JbossWS cxf 4.3.2 (which I believe is the implementation used in EAP 6.4) suggest that adding these details is done in code using the RequestContext. However this post implies that it can be done using jboss-wsse-client.xml packaged inside my war file in the WEB-INF directory.

Can someone help me with how I should set this up:

• Can these headers be added through configuration of the application container only / xml files or do I need to implement this in code?
• Can I apply these headers only to client calls of the specific web service I need?

Any advice would be much appreciated.