The services can be accessed using WS-Security, with full permissions of the system user. An example WSSUtil class can bind the session to a service object:

public class WSSUtil implements CallbackHandler {
   private static String keyAlias = "testkey";
   private static String keyPassword = "Password1";
   private static String userCompanyUuid = "058fc186-be30-4828-83db-c909e24954b1";
   public void setWSS(Object clientOb) {
      Client client = org.apache.cxf.frontend.ClientProxy.getClient(clientOb);
      Endpoint cxfEndpoint = client.getEndpoint();
      Map<String, Object> outProps = new HashMap<String, Object>();
      outProps.put("action", "UsernameToken Signature");
      outProps.put("passwordType", "PasswordNone");
      outProps.put("passwordCallbackClass", WSSUtil.class.getName());
      outProps.put("user", userCompanyUuid);
      outProps.put("signatureUser", keyAlias);
      outProps.put("signaturePropFile", "client_sign.properties");
      outProps.put("signatureKeyIdentifier", "DirectReference");
   }
   WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
   cxfEndpoint.getOutInterceptors().add(wssOut);
}
@Override
public void handle(Callback[] callbacks) throws IOException,
   UnsupportedCallbackException {
   WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
   pc.setPassword(keyPassword);
CODE


The clientsign.properties file contains configuration information and is included on the classpath.  The private store key must be generated using the command prompt and navigating to where the keytool file is.  This file is normally under Program Files > Java > JDK > bin, while in that folder in the command prompt run:

keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360.
CODE


This will create a public key that should download to your Users > user folder named “keystore.jks” this key must be placed in your project with the clientsign.properties file.

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=Password
org.apache.ws.security.crypto.merlin.keystore.alias=testkey
org.apache.ws.security.crypto.merlin.keystore.file=privatestore.jks
CODE


The services can then be bound:

NovatusCompanyService companyService = new 
CompanyService().getNovatusCompanyServicePort();
new WSSUtil().setWSS(companyService);
CODE


It is important to note that anyone authenticated will have default System Admin permissions which cannot be changed.  Any changes made to the system with this method will be done as “SYSTEM ACCOUNT”.

For more information on configuring WS-Security, see http://cxf.apache.org/docs/ws-security.html.