You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by geecxf <am...@ge.com> on 2013/02/13 22:19:36 UTC

SAML authentication in OSGI continued

One problem leads to another....

I'm registering my service (that uses SamlHeaderInHandler for authentication
of SAML tokens in the HTTP authenticate header) using DOSGI. I've included
the following attributes:

serviceProps.put("ws-security.signature.properties",
"alice/alice.properties");
serviceProps.put("org.apache.cxf.rs.provider",
"org.apache.cxf.rs.security.saml.SamlHeaderInHandler");

The SamlHeaderInHandler seems to be working fine. However, in code once I
get to line 54 of org.apache.cxf.rs.security.common.CryptoLoader

        Object o = message.getContextualProperty(propKey);

(where propKey is "ws-security.signature.properties") the result is null.
The "ws-security.signature.properties" property is not in the message
contextual properties. This will probably take me at least day to figure out
stepping through code so I hope someone can point out what I might be doing
that is wrong.

Regards,

D



--
View this message in context: http://cxf.547215.n5.nabble.com/SAML-authentication-in-OSGI-continued-tp5723161.html
Sent from the cxf-user mailing list archive at Nabble.com.

Re: SAML authentication in OSGI continued

Posted by Sergey Beryozkin <sb...@gmail.com>.

On 15/02/13 15:47, geecxf wrote:
> It was just a general comment about developing with open source tools and
> frameworks. Web services and SAML are not new to me but my background is in
> developing in .NET for Microsoft platforms and the experience is smoother
> for lack of a better word. I am not suggesting one way is better than the
> other just comparing and contrasting based on my subjective experience.

Sure, no problems at all - IMHO such feedback is very valuable for the 
developers like us

> One
> thing I can say for sure is the support provided by this mailing list has
> been invaluable. Thanks again.
Sounds good - thanks too;

Cheers, Sergey

>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/SAML-authentication-in-OSGI-continued-tp5723161p5723246.html
> Sent from the cxf-user mailing list archive at Nabble.com.

Re: SAML authentication in OSGI continued

Posted by geecxf <am...@ge.com>.

It was just a general comment about developing with open source tools and
frameworks. Web services and SAML are not new to me but my background is in
developing in .NET for Microsoft platforms and the experience is smoother
for lack of a better word. I am not suggesting one way is better than the
other just comparing and contrasting based on my subjective experience. One
thing I can say for sure is the support provided by this mailing list has
been invaluable. Thanks again.



--
View this message in context: http://cxf.547215.n5.nabble.com/SAML-authentication-in-OSGI-continued-tp5723161p5723246.html
Sent from the cxf-user mailing list archive at Nabble.com.

Re: SAML authentication in OSGI continued

Posted by Sergey Beryozkin <sb...@gmail.com>.

On 14/02/13 19:21, geecxf wrote:
> The development experience wasn't exactly plug-n-play... but it works and
> there seems to be a lot of power under the hood once you start to understand
> the framework. My gut reaction to this technology is that the level of
> knowledge and skill necessary to start using it is very high. I am however
> relatively new to the world of developing using java and open source
> frameworks.
>
Are you referring to the complexity of installing the bundles into the 
OSGI container or working with SAML-based interceptors ?

Re the former, as I said one would be expected to have a plug-n-play 
experience by using features, I'm not sure why you were not able to use 
the feature, I saw you saying you ended up installing various individual 
bundles to get SAML interceptors working, perhaps the complexity is 
coming from the fact you actually use DOSGi on top of the OSGi container 
other than Karaf ?

Re the latter - agreed that supporting SAML may indeed raise the 
complexity level

Thanks, Sergey

>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/SAML-authentication-in-OSGI-continued-tp5723161p5723200.html
> Sent from the cxf-user mailing list archive at Nabble.com.

Re: SAML authentication in OSGI continued

Posted by geecxf <am...@ge.com>.

The development experience wasn't exactly plug-n-play... but it works and
there seems to be a lot of power under the hood once you start to understand
the framework. My gut reaction to this technology is that the level of
knowledge and skill necessary to start using it is very high. I am however
relatively new to the world of developing using java and open source
frameworks.



--
View this message in context: http://cxf.547215.n5.nabble.com/SAML-authentication-in-OSGI-continued-tp5723161p5723200.html
Sent from the cxf-user mailing list archive at Nabble.com.

Re: SAML authentication in OSGI continued

Posted by Sergey Beryozkin <sb...@gmail.com>.

On 14/02/13 17:27, geecxf wrote:
> Thanks Sergey, I can confirm that both those methods worked.
I have to admit the fact it worked in OSGi, given the fairly complex 
setup, from the get go, is impressive in a good way :-)

Thanks for the update

Cheers, Sergey

>
>
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/SAML-authentication-in-OSGI-continued-tp5723161p5723194.html
> Sent from the cxf-user mailing list archive at Nabble.com.

Re: SAML authentication in OSGI continued

Posted by geecxf <am...@ge.com>.

Thanks Sergey, I can confirm that both those methods worked.





--
View this message in context: http://cxf.547215.n5.nabble.com/SAML-authentication-in-OSGI-continued-tp5723161p5723194.html
Sent from the cxf-user mailing list archive at Nabble.com.

Re: SAML authentication in OSGI continued

Posted by Sergey Beryozkin <sb...@gmail.com>.

Hi
On 13/02/13 21:19, geecxf wrote:
> One problem leads to another....
>
> I'm registering my service (that uses SamlHeaderInHandler for authentication
> of SAML tokens in the HTTP authenticate header) using DOSGI. I've included
> the following attributes:
>
> serviceProps.put("ws-security.signature.properties",
> "alice/alice.properties");
> serviceProps.put("org.apache.cxf.rs.provider",
> "org.apache.cxf.rs.security.saml.SamlHeaderInHandler");
>
> The SamlHeaderInHandler seems to be working fine. However, in code once I
> get to line 54 of org.apache.cxf.rs.security.common.CryptoLoader
>
>          Object o = message.getContextualProperty(propKey);
>
> (where propKey is "ws-security.signature.properties") the result is null.
> The "ws-security.signature.properties" property is not in the message
> contextual properties. This will probably take me at least day to figure out
> stepping through code so I hope someone can point out what I might be doing
> that is wrong.
>
In latest DOSGi it is possible to pass the context properties with 
org.apache,cxf.rs.context.properties or 
org.apache,cxf.ws.context.properties, for RS & WS.

The value is Map<String, Object>.

Perhaps the alternative is to register CXF interceptor or JAXRS handler 
which runs before SamlHeaderInHandler and sets these ws-security properties.

HTH
Sergey

> Regards,
>
> D
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/SAML-authentication-in-OSGI-continued-tp5723161.html
> Sent from the cxf-user mailing list archive at Nabble.com.


-- 
Sergey Beryozkin

Talend Community Coders
http://coders.talend.com/

Blog: http://sberyozkin.blogspot.com