You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@camel.apache.org by ext2 <xu...@tongtech.com> on 2011/06/14 04:37:26 UTC
Bean Processor cause WS Security Failure
Hi:
Following is a simple sayHello Webservice implemented by camel.
<from uri="cxf:endpointHello:..."/>
<bean ref=".." method="..."/>
The webservice's request is configured to decrypt by server
certificate and response is configured to encrypt by client certificate.
If I use a bean as following, every thing is ok
helloBean{
void sayHello(Exchange ex){
ex.getOut().setBody("hello");
}
}
;
But using following bean , response encryption will failed.
HelloBean{
String sayHello(String greet){
return "hello";
}
}
the reason is the second bean will propagate headers(also include
security header) from cxf request, it is conflicted with response security.
But the first bean doesn't propagate headers;
Is it issue of bean processor? cxf component? Or just a document FAQ
to caution the user to filter the security header by himself?
Re: Bean Processor cause WS Security Failure
Posted by ext2 <xu...@tongtech.com>.
Thanks Willem
It's the WS-Security header;
//soap 12
QName wsseQName = new QName(WSConstants.WSSE_NS, WSConstants.WSSE_LN);
//soap 11
QName wsse11QName = new QName(WSConstants.WSSE11_NS, WSConstants.WSSE_LN);
When security is enabled, we filter it. Then everything is ok.
> -----original -----
> Sender: Willem Jiang [mailto:willem.jiang@gmail.com]
> Date: 2011年6月14日 11:31
> Receiver: users@camel.apache.org
> Subject: Re: Bean Processor cause WS Security Failure
>
> What's request security header name ?
> Maybe we can consider to filter the security header of the CXF message
> in CxfHeaderFilterStrategy.
> You can configure your own HeaderFilterStrategy by extends the
> CxfHeaderFilterStrategy.
>
>
> On 6/14/11 10:37 AM, ext2 wrote:
> >
> > Hi:
> >
> > Following is a simple sayHello Webservice implemented by camel.
> > <from uri="cxf:endpointHello:..."/>
> > <bean ref=".." method="..."/>
> > The webservice's request is configured to decrypt by server
> > certificate and response is configured to encrypt by client certificate.
> >
> > If I use a bean as following, every thing is ok
> > helloBean{
> > void sayHello(Exchange ex){
> > ex.getOut().setBody("hello");
> > }
> > }
> > ;
> >
> > But using following bean , response encryption will failed.
> > HelloBean{
> > String sayHello(String greet){
> > return "hello";
> > }
> > }
> >
> > the reason is the second bean will propagate headers(also include
> > security header) from cxf request, it is conflicted with response
security.
> > But the first bean doesn't propagate headers;
> >
> > Is it issue of bean processor? cxf component? Or just a document FAQ
> > to caution the user to filter the security header by himself?
> >
> >
> >
> >
>
>
> --
> Willem
> ----------------------------------
> FuseSource
> Web: http://www.fusesource.com
> Blog: http://willemjiang.blogspot.com (English)
> http://jnn.javaeye.com (Chinese)
> Twitter: willemjiang
> Weibo: willemjiang
Re: Bean Processor cause WS Security Failure
Posted by Willem Jiang <wi...@gmail.com>.
What's request security header name ?
Maybe we can consider to filter the security header of the CXF message
in CxfHeaderFilterStrategy.
You can configure your own HeaderFilterStrategy by extends the
CxfHeaderFilterStrategy.
On 6/14/11 10:37 AM, ext2 wrote:
>
> Hi:
>
> Following is a simple sayHello Webservice implemented by camel.
> <from uri="cxf:endpointHello:..."/>
> <bean ref=".." method="..."/>
> The webservice's request is configured to decrypt by server
> certificate and response is configured to encrypt by client certificate.
>
> If I use a bean as following, every thing is ok
> helloBean{
> void sayHello(Exchange ex){
> ex.getOut().setBody("hello");
> }
> }
> ;
>
> But using following bean , response encryption will failed.
> HelloBean{
> String sayHello(String greet){
> return "hello";
> }
> }
>
> the reason is the second bean will propagate headers(also include
> security header) from cxf request, it is conflicted with response security.
> But the first bean doesn't propagate headers;
>
> Is it issue of bean processor? cxf component? Or just a document FAQ
> to caution the user to filter the security header by himself?
>
>
>
>
--
Willem
----------------------------------
FuseSource
Web: http://www.fusesource.com
Blog: http://willemjiang.blogspot.com (English)
http://jnn.javaeye.com (Chinese)
Twitter: willemjiang
Weibo: willemjiang