WSIT client and multiple WS policy alternatives
I have some questions/thoughts on WSIT client ability to handle multiple WS policy alternatives.
So suppose I have a system with WS API that accepts SAML tokens for authentication. There are 2 major alternatives: a Holder-of-key token (that requires also XML dig signature for the request) and a Bearer token (no signature required). Now my API WSDL contains WS-SecurityPolicy assertions for the 2 cases, organized as 1 main policy with 2 alternatives.
Now a JAX-WS based client of the API, is using Metro/WSIT to consume that API WSDL and login to the API (understand the security policies, generates the WS request, put a SAML token inside, sign if needed - all that is for clarity, it's not the important point).
The important point is how the WSIT client chooses the WS policy alternative to use (HoK or Bearer). I did some investigation (testing, source/doc reading, etc.) and realized the WSIT client uses internal, non-configurable mechanism that bacisally chooses "arbitrary" one of the alternatives that is evaluated as supported by WSIT. I.e. it is not possible for the client to somehow choose which alternative is desired. This Metro 2.1 source code is at
Question 1: Am I misreading this? Is there a way to customize/configure the policy selection logic?
Question 2: Is someone aware if ability for client to choose which alternative to use is on Metro roadmap/plans. (I'm using Metro 2.1 currently).
Metro documentation suggests that the only way to handle multiple alternatives is to make a copy of the server WSDL and manually edit it removing all but 1 of the alternatives. Then use this WSDL only (and do not use the original server one at all). This works, of course, but opens another issue that it is very difficult to switch the policy alternative in use at runtime (though possible, you need 1 copy of the WSDL for every alternative, and then playing with thread context classloader to change between them - quite ugly and very hard to maintain).
Question 3: Could someone suggest another approach for hanling multiple alternatives?