You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Kaleb Walton <kd...@us.ibm.com> on 2007/08/27 21:44:25 UTC
Acegi Security with CXF
Does anyone have an example of authenticating with Acegi Security using a
Simple Server?
I'd like to pass the authentication token as easily and securely as
possible -
http://www.vorburger.ch/blog1/2006/10/propagating-acegis-security-context-in.html
suggests passing it in the SOAP headers. There is an example at that URL
as well but it is for XFire and I'm not sure how those concepts translate
over to CXF; additionally the example they use points out its own
inefficiency suggesting it should use a custom handler to read the contents
of the SOAP message via StAX.
Regards,
Kaleb
Re: Acegi Security with CXF
Posted by Fred Dushin <fr...@dushin.net>.
How's this for the outbound side:
<jaxws:client name="{http://www.apache.org}SoapPort"
createdFromAPI="true">
<jaxws:features>
<bean class="org.apache.cxf.feature.LoggingFeature"/>
</jaxws:features>
<jaxws:outInterceptors>
<bean
class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor"/>
<ref bean="UOverT_Request"/>
</jaxws:outInterceptors>
</jaxws:client>
<bean
class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"
id="UOverT_Request">
<constructor-arg>
<map>
<entry key="action" value="UsernameToken Timestamp"/>
<entry key="user" value="Alice"/>
<entry key="passwordCallbackClass"
value="demo.hw.client.UTPasswordCallback"/>
<entry key="passwordType" value="PasswordText"/>
</map>
</constructor-arg>
</bean>
-Fred
On Aug 29, 2007, at 1:31 PM, vannguyen0 wrote:
>
> Fred,
>
> Can I get a sample CFX config?
>
> Thanks,
>
> Van
>
>
> Fred Dushin-3 wrote:
>>
>>
>> I don't know a lot about acegi, but if you are only talking about
>> propagating a WS-Security UnsernameToken through a SOAP wss:Security
>> header, then yes, CXF is perfectly capable of doing this.
>>
>> Note, however, that you will need to add some code on the consuming
>> side of the message to "validate" the username and password, via
>> WSS4J callback, which you'll also need to configure through Spring.
>> Like XFire, the CXF WS-Security interceptor is based not only on the
>> WSS4J toolkit, but also on the WSS4J Handler architecture (which Axis
>> uses, as well). Not knowing much at all about XFire, I believe the
>> CXF configuration should be pretty strightforwardly mappable to CXF.
>>
>> Shout if you need a sample CXF config.
>>
>> -Fred
>>
>> On Aug 27, 2007, at 3:44 PM, Kaleb Walton wrote:
>>
>>> There is an example at that URL
>>> as well but it is for XFire and I'm not sure how those concepts
>>> translate
>>> over to CXF; additionally the example they use points out its own
>>> inefficiency suggesting it should use a custom handler to read the
>>> contents
>>> of the SOAP message via StAX.
>>
>>
>>
>
> --
> View this message in context: http://www.nabble.com/Acegi-Security-
> with-CXF-tf4337860.html#a12391936
> Sent from the cxf-user mailing list archive at Nabble.com.
>
>
Re: Acegi Security with CXF
Posted by vannguyen0 <vn...@ur.com>.
Fred,
Can I get a sample CFX config?
Thanks,
Van
Fred Dushin-3 wrote:
>
>
> I don't know a lot about acegi, but if you are only talking about
> propagating a WS-Security UnsernameToken through a SOAP wss:Security
> header, then yes, CXF is perfectly capable of doing this.
>
> Note, however, that you will need to add some code on the consuming
> side of the message to "validate" the username and password, via
> WSS4J callback, which you'll also need to configure through Spring.
> Like XFire, the CXF WS-Security interceptor is based not only on the
> WSS4J toolkit, but also on the WSS4J Handler architecture (which Axis
> uses, as well). Not knowing much at all about XFire, I believe the
> CXF configuration should be pretty strightforwardly mappable to CXF.
>
> Shout if you need a sample CXF config.
>
> -Fred
>
> On Aug 27, 2007, at 3:44 PM, Kaleb Walton wrote:
>
>> There is an example at that URL
>> as well but it is for XFire and I'm not sure how those concepts
>> translate
>> over to CXF; additionally the example they use points out its own
>> inefficiency suggesting it should use a custom handler to read the
>> contents
>> of the SOAP message via StAX.
>
>
>
--
View this message in context: http://www.nabble.com/Acegi-Security-with-CXF-tf4337860.html#a12391936
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Acegi Security with CXF
Posted by Fred Dushin <fr...@dushin.net>.
I don't know a lot about acegi, but if you are only talking about
propagating a WS-Security UnsernameToken through a SOAP wss:Security
header, then yes, CXF is perfectly capable of doing this.
Note, however, that you will need to add some code on the consuming
side of the message to "validate" the username and password, via
WSS4J callback, which you'll also need to configure through Spring.
Like XFire, the CXF WS-Security interceptor is based not only on the
WSS4J toolkit, but also on the WSS4J Handler architecture (which Axis
uses, as well). Not knowing much at all about XFire, I believe the
CXF configuration should be pretty strightforwardly mappable to CXF.
Shout if you need a sample CXF config.
-Fred
On Aug 27, 2007, at 3:44 PM, Kaleb Walton wrote:
> There is an example at that URL
> as well but it is for XFire and I'm not sure how those concepts
> translate
> over to CXF; additionally the example they use points out its own
> inefficiency suggesting it should use a custom handler to read the
> contents
> of the SOAP message via StAX.
Re: Acegi Security with CXF
Posted by Ray Krueger <ra...@gmail.com>.
This might seem like an odd answer, but you can also look at how
Spring-WS does it...
http://static.springframework.org/spring-ws/site/reference/html/security.html
On 8/27/07, Kaleb Walton <kd...@us.ibm.com> wrote:
>
>
> Does anyone have an example of authenticating with Acegi Security using a
> Simple Server?
>
> I'd like to pass the authentication token as easily and securely as
> possible -
> http://www.vorburger.ch/blog1/2006/10/propagating-acegis-security-context-in.html
> suggests passing it in the SOAP headers. There is an example at that URL
> as well but it is for XFire and I'm not sure how those concepts translate
> over to CXF; additionally the example they use points out its own
> inefficiency suggesting it should use a custom handler to read the contents
> of the SOAP message via StAX.
>
> Regards,
> Kaleb