You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by joesam <sa...@gmail.com> on 2015/12/04 02:22:25 UTC

SamlTokenInterceptor

Hi all,

I am new to CXF. I am using v3.0.4.
I have a requirement to read SAML token from a incoming SOAP header request
and store the token for other purposes.

I want to use SamlTokenInterceptor. Do I need to extend this class and
override processToken method?

Also, in <jaxws:server> configuration, do I pass this class as
<jaxws:provider> or <jaxws:inInterceptors>?

Example of the configuration is highly appreciated.

Thanks in advance.





--
View this message in context: http://cxf.547215.n5.nabble.com/SamlTokenInterceptor-tp5763598.html
Sent from the cxf-user mailing list archive at Nabble.com.

Re: SamlTokenInterceptor

Posted by Colm O hEigeartaigh <co...@apache.org>.

SamlTokenInterceptor is designed to be used with WS-SecurityPolicy, when
you have a SupportingToken policy with no security binding, just a
SamlToken policy. For example, see the "DoubleItBearerPolicy" policy here:

https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl;h=70c2233daadec104fd5adf41251f016bd309061d;hb=HEAD

You could try adding the interceptor manually to the inInterceptor chain,
I'm not sure if it will work though without a security policy. The normal
way of reading SAML without WS-SecurityPolicy, is to use the "action"
approach with WSS4J, where you tell the WSS4JInInterceptor that a SAML
Token is required.

Colm.

On Fri, Dec 4, 2015 at 1:22 AM, joesam <sa...@gmail.com> wrote:

> Hi all,
>
> I am new to CXF. I am using v3.0.4.
> I have a requirement to read SAML token from a incoming SOAP header request
> and store the token for other purposes.
>
> I want to use SamlTokenInterceptor. Do I need to extend this class and
> override processToken method?
>
> Also, in <jaxws:server> configuration, do I pass this class as
> <jaxws:provider> or <jaxws:inInterceptors>?
>
> Example of the configuration is highly appreciated.
>
> Thanks in advance.
>
>
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/SamlTokenInterceptor-tp5763598.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>

-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com