There are basically 3 main possibilities to define WS-Policy in CXF projects:

  1. WSDL Policy attachment
  2. Spring configuration
  3. Dynamically via message context property

Let look into them in details.

WSDL Policy attachment

WS-Policies can be attached and referenced in WSDL elements. Web Services Policy 1.5 - Attachment standard describes all possible alternatives. WS-Policies can be placed inside WSDL itself or referenced as external documents. CXF will automatically recognize, read and use policies defined or referenced in WSDL. Sample of attached policy is shown below:

Spring configuration

It is possible to define policies directly in Spring configuration of client and service as jaxws feature. CXF will recognize and use configured WS-Policies:
Client:

Service:

Dynamically via message property

Sometimes policies cannot be configured statically, because they are obtained or calculated dynamically for concrete message (for example using Policy Server or Service Registry). For such cases CXF provide a possibility to load policy dynamically and set it into the message context property. It can be done for example in custom interceptor that fulfils the following:

  1. Get policy from external location and build it for current message.
  2. Parse WS-Policy XML using Neethi library.
  3. Store result Policy object into PolicyConstants.POLICY_OVERRIDE message content property.
    Important is that this custom policy interceptor is called before CXF PolicyInInterceptor or PolicyOutInterceptor. Than CXF will automatically recognize Policy stored into this property and use it with highest priority.