CXF With UsernameToken (WS-Security Policy) explains about step by step details of securing a Web service using UsernameToken Profile
WS-SecurityPolicy is the binding and/or operation used in the wsdl, a WS-Policy fragment that describes the basic security requirements for interacting consumer.
Here we are implementing security policy by CXF UsernameToken
CXF gives two different techniques for adding UsernameToken 1) WS-SecurityPolicy -> In WS-SecurityPolicy, we are applying on WSDL level, Here we are defining WS-SecurityPolicy elements on WSDL and implement the security mechanism. This could be the best approach because client can able to understand which security mechanism is implemented and client can able to proceed accordingly. 2) Using CXF interceptors -> Here we are manually adding security mechanism to CXF interceptors,the problem on this approach client cant able to understand which security mechanism is implemented because it is not available on wsdl
You need to download
Following jar must be in ClassPath
CXF With UsernameToken(WS-security policy) Example
I am creating a sample web service project that pass Student object and return with some changes on that object. The service is using simple POJO (Plain Old Java Object) bean.
Firstly create a Dynamic Web Project (File->New->Dynamic Web Project) named "CXFTutorial" according to following screenshot