You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by geecxf <am...@ge.com> on 2013/02/13 22:19:36 UTC
SAML authentication in OSGI continued
One problem leads to another....
I'm registering my service (that uses SamlHeaderInHandler for authentication
of SAML tokens in the HTTP authenticate header) using DOSGI. I've included
the following attributes:
serviceProps.put("ws-security.signature.properties",
"alice/alice.properties");
serviceProps.put("org.apache.cxf.rs.provider",
"org.apache.cxf.rs.security.saml.SamlHeaderInHandler");
The SamlHeaderInHandler seems to be working fine. However, in code once I
get to line 54 of org.apache.cxf.rs.security.common.CryptoLoader
Object o = message.getContextualProperty(propKey);
(where propKey is "ws-security.signature.properties") the result is null.
The "ws-security.signature.properties" property is not in the message
contextual properties. This will probably take me at least day to figure out
stepping through code so I hope someone can point out what I might be doing
that is wrong.
Regards,
D
--
View this message in context: http://cxf.547215.n5.nabble.com/SAML-authentication-in-OSGI-continued-tp5723161.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: SAML authentication in OSGI continued
Posted by Sergey Beryozkin <sb...@gmail.com>.
On 15/02/13 15:47, geecxf wrote:
> It was just a general comment about developing with open source tools and
> frameworks. Web services and SAML are not new to me but my background is in
> developing in .NET for Microsoft platforms and the experience is smoother
> for lack of a better word. I am not suggesting one way is better than the
> other just comparing and contrasting based on my subjective experience.
Sure, no problems at all - IMHO such feedback is very valuable for the
developers like us
> One
> thing I can say for sure is the support provided by this mailing list has
> been invaluable. Thanks again.
Sounds good - thanks too;
Cheers, Sergey
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/SAML-authentication-in-OSGI-continued-tp5723161p5723246.html
> Sent from the cxf-user mailing list archive at Nabble.com.
Re: SAML authentication in OSGI continued
Posted by geecxf <am...@ge.com>.
It was just a general comment about developing with open source tools and
frameworks. Web services and SAML are not new to me but my background is in
developing in .NET for Microsoft platforms and the experience is smoother
for lack of a better word. I am not suggesting one way is better than the
other just comparing and contrasting based on my subjective experience. One
thing I can say for sure is the support provided by this mailing list has
been invaluable. Thanks again.
--
View this message in context: http://cxf.547215.n5.nabble.com/SAML-authentication-in-OSGI-continued-tp5723161p5723246.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: SAML authentication in OSGI continued
Posted by Sergey Beryozkin <sb...@gmail.com>.
On 14/02/13 19:21, geecxf wrote:
> The development experience wasn't exactly plug-n-play... but it works and
> there seems to be a lot of power under the hood once you start to understand
> the framework. My gut reaction to this technology is that the level of
> knowledge and skill necessary to start using it is very high. I am however
> relatively new to the world of developing using java and open source
> frameworks.
>
Are you referring to the complexity of installing the bundles into the
OSGI container or working with SAML-based interceptors ?
Re the former, as I said one would be expected to have a plug-n-play
experience by using features, I'm not sure why you were not able to use
the feature, I saw you saying you ended up installing various individual
bundles to get SAML interceptors working, perhaps the complexity is
coming from the fact you actually use DOSGi on top of the OSGi container
other than Karaf ?
Re the latter - agreed that supporting SAML may indeed raise the
complexity level
Thanks, Sergey
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/SAML-authentication-in-OSGI-continued-tp5723161p5723200.html
> Sent from the cxf-user mailing list archive at Nabble.com.
Re: SAML authentication in OSGI continued
Posted by geecxf <am...@ge.com>.
The development experience wasn't exactly plug-n-play... but it works and
there seems to be a lot of power under the hood once you start to understand
the framework. My gut reaction to this technology is that the level of
knowledge and skill necessary to start using it is very high. I am however
relatively new to the world of developing using java and open source
frameworks.
--
View this message in context: http://cxf.547215.n5.nabble.com/SAML-authentication-in-OSGI-continued-tp5723161p5723200.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: SAML authentication in OSGI continued
Posted by Sergey Beryozkin <sb...@gmail.com>.
On 14/02/13 17:27, geecxf wrote:
> Thanks Sergey, I can confirm that both those methods worked.
I have to admit the fact it worked in OSGi, given the fairly complex
setup, from the get go, is impressive in a good way :-)
Thanks for the update
Cheers, Sergey
>
>
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/SAML-authentication-in-OSGI-continued-tp5723161p5723194.html
> Sent from the cxf-user mailing list archive at Nabble.com.
Re: SAML authentication in OSGI continued
Posted by geecxf <am...@ge.com>.
Thanks Sergey, I can confirm that both those methods worked.
--
View this message in context: http://cxf.547215.n5.nabble.com/SAML-authentication-in-OSGI-continued-tp5723161p5723194.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: SAML authentication in OSGI continued
Posted by Sergey Beryozkin <sb...@gmail.com>.
Hi
On 13/02/13 21:19, geecxf wrote:
> One problem leads to another....
>
> I'm registering my service (that uses SamlHeaderInHandler for authentication
> of SAML tokens in the HTTP authenticate header) using DOSGI. I've included
> the following attributes:
>
> serviceProps.put("ws-security.signature.properties",
> "alice/alice.properties");
> serviceProps.put("org.apache.cxf.rs.provider",
> "org.apache.cxf.rs.security.saml.SamlHeaderInHandler");
>
> The SamlHeaderInHandler seems to be working fine. However, in code once I
> get to line 54 of org.apache.cxf.rs.security.common.CryptoLoader
>
> Object o = message.getContextualProperty(propKey);
>
> (where propKey is "ws-security.signature.properties") the result is null.
> The "ws-security.signature.properties" property is not in the message
> contextual properties. This will probably take me at least day to figure out
> stepping through code so I hope someone can point out what I might be doing
> that is wrong.
>
In latest DOSGi it is possible to pass the context properties with
org.apache,cxf.rs.context.properties or
org.apache,cxf.ws.context.properties, for RS & WS.
The value is Map<String, Object>.
Perhaps the alternative is to register CXF interceptor or JAXRS handler
which runs before SamlHeaderInHandler and sets these ws-security properties.
HTH
Sergey
> Regards,
>
> D
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/SAML-authentication-in-OSGI-continued-tp5723161.html
> Sent from the cxf-user mailing list archive at Nabble.com.
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com