I am trying to enable the addition of a WS-Security username token to outbound client calls of a service that is defined in the service's WS-Policy file as required. The header should be like this:
<soapenv:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsse:UsernameToken> <wsse:Username>username</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">65468476846346847631sdfasdfa</wsse:Password> </wsse:UsernameToken> </wsse:Security> </soapenv:Header>
I believe it should be possible to do this for a specific endpoint by configuring the JBoss application container (I am using EAP 6.4). I am confused because the examples in the Wildfly and JbossWS cxf 4.3.2 (which I believe is the implementation used in EAP 6.4) suggest that adding these details is done in code using the RequestContext. However this post implies that it can be done using jboss-wsse-client.xml packaged inside my war file in the WEB-INF directory.
Can someone help me with how I should set this up:
Any advice would be much appreciated.