You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Thomas Manson <de...@gmail.com> on 2013/07/10 18:29:18 UTC
CXF client - how to dynamically set user/password at runtime
Hi,
I need to call a web service provider and specify on the fly the
username/password (and later use SAML (header & body need to be signed)).
I'm in a context of a J2EE multiuser application, and I have to call the
web service provider with the credential of the user connected to the web
application.
Later I'll have to implement SAML implementation (and X509 if I've time),
and I would like to be able to put this in the same code base, where you
switch authentication type by configuration.
Here is below the current implémentation I've and that is working,
I can see that I can use the PasswordCallback to get the password, but I've
no option to set dynamically the username.
For the password, I was planning to use ThreadLocal to retrieve the
password, If you have other suggestions, I'm eager to hear it.
I've seen related to AbstractUsernameTokenInInterceptor, but I don't have a
full example with both username & password dynamically setted.
If you have any full example, or documation to point me out, would be great
;)
Thanks,
Thomas.
*final* String password = *this*.password;
JaxWsProxyFactoryBean factory = *new* JaxWsProxyFactoryBean();
factory.setServiceClass(WorkListService.*class*);
factory.setAddress(*this*.endpoint);
//
factory.setWsdlLocation("D:/ARTIC/SOURCE/artic/trunk/webapp/src/main/webapp/WSDL/brm.wsdl");
factory.setServiceName(*new* QName("http://services.brm.n2.tibco.com",
"WorkListService"));
WorkListService workListService = (WorkListService) factory.create();
Client client = ClientProxy.*getClient*(workListService);
Map<String, Object> properties = *new* HashMap<String, Object>();
properties.put(WSHandlerConstants.*ACTION*, WSHandlerConstants.*
USERNAME_TOKEN*);
properties.put(WSHandlerConstants.*USER*, *this*.username);
properties.put(WSHandlerConstants.*PASSWORD_TYPE*, WSConstants.*PW_TEXT*
);// "PasswordDigest"
properties.put(WSHandlerConstants.*PW_CALLBACK_REF*, *new*CallbackHandler()
{
*public* *void* handle(Callback[] callbacks) *throws* IOException,
UnsupportedCallbackException
{
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
pc.setPassword(password);
}
});
client.getOutInterceptors().add(*new* WSS4JOutInterceptor(properties));
HTTPConduit conduit = (HTTPConduit) client.getConduit();
*long* timeoutMillis = timeout * 1000;
HTTPClientPolicy policy = *new* HTTPClientPolicy();
policy.setConnectionTimeout(timeoutMillis);
policy.setReceiveTimeout(timeoutMillis);
conduit.setClient(policy);
Re: CXF client - how to dynamically set user/password at runtime
Posted by Colm O hEigeartaigh <co...@apache.org>.
No, you need to reference the security policy, as well as provide any
security configuration. Here is an example:
http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/client/client.xml?view=markup
Colm.
On Thu, Oct 3, 2013 at 9:59 PM, Thomas Manson <de...@gmail.com>wrote:
> Hi Colm,
>
> I can't modify the WSDL, it's a product WSDL and modifying the WSDL will
> make us loose support from the Editor.
>
> So I guess it's all in client side that I must do something.
>
> I did try to put in the client configuration :
>
> <jaxws:properties>
>
> <entry key="passwordType"
>
> value="PasswordText" />
> I've looked the constant values of :
>
> properties.put(WSHandlerConstants.PASSWORD_TYPE , WSConstants.
> PW_TEXT);// "PasswordDigest"
>
> to do so, but with no luck.
>
>
> any suggestion to correctly apply security policye ?
>
>
> is something like the following a good direction? (I'll search tomorrow)
>
> <jaxws:properties>
>
> <entry key="ws-security.password"
> value="com.mansonthomas.MyPasswordCallBackHandlerClass"/>
>
> (or ref="MyPasswordCallBackHandlerBean"/>
>
> Thanks,
>
> Thomas.
>
>
> On Thu, Oct 3, 2013 at 10:29 AM, Colm O hEigeartaigh <co...@apache.org>wrote:
>
>>
>> The configuration looks ok, but it looks like there is no security
>> policy, and hence no security header is added to the request? There needs
>> to be either a security policy specified in the WSDL, or alternatively you
>> can reference one in your jaxws:client configuration. If you need
>> UsernameToken I suggest looking at one of the policies in the tests here:
>>
>>
>> http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/DoubleItUt.wsdl?view=markup
>>
>> Or for SAML:
>>
>>
>> http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl?view=markup
>>
>> Colm.
>>
>>
>> On Wed, Oct 2, 2013 at 12:27 PM, Thomas Manson <
>> dev.mansonthomas@gmail.com> wrote:
>>
>>> I forgot to include the webservice2.xml file :
>>>
>>>
>>>
>>> <?xml version="1.0" encoding="UTF-8"?>
>>> <beans xmlns="http://www.springframework.org/schema/beans"
>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>> xmlns:jaxws="http://cxf.apache.org/jaxws"
>>>
>>> xmlns:cxf="http://cxf.apache.org/core"
>>> xmlns:p="http://cxf.apache.org/policy"
>>>
>>> xsi:schemaLocation="
>>> http://www.springframework.org/schema/beans
>>> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
>>> http://cxf.apache.org/jaxws
>>> http://cxf.apache.org/schemas/jaxws.xsd
>>> http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
>>> ">
>>>
>>>
>>>
>>> <cxf:bus>
>>> <cxf:features>
>>> <p:policies/>
>>> <cxf:logging/>
>>> </cxf:features>
>>> </cxf:bus>
>>>
>>>
>>> <jaxws:client
>>> id="WorkListServiceProxyFactory"
>>> name="{http://services.brm.n2.tibco.com}WorkListService_EP"
>>> serviceClass="com.tibco.n2.brm.services.WorkListService"
>>> address="http://192.168.2.212:8080/amxbpm/WorkListService">
>>>
>>> <jaxws:properties>
>>> <entry key="ws-security.callback-handler"
>>>
>>> value="com.mansonthomas.amxbpm.customwebapp.services.amxbpm.security.PasswordCallbackHandler"
>>> />
>>> </jaxws:properties>
>>> </jaxws:client>
>>>
>>> </beans>
>>>
>>>
>>> On Wed, Oct 2, 2013 at 12:37 PM, Thomas Manson <
>>> dev.mansonthomas@gmail.com> wrote:
>>>
>>>> Hi Colm,
>>>>
>>>> I can't make it work while I'm exactly in the configuration you're
>>>> suggesting (and that is in the example you gave me) and I don't get what I
>>>> miss :
>>>>
>>>> So in my spring bean, I initialize as suggested the WebService :
>>>>
>>>>
>>>>
>>>> ###################################################################################
>>>> public WorkListServiceImpl2( ContextService contextService) throws
>>>> Exception
>>>> {
>>>> this.contextService = contextService;
>>>>
>>>> SpringBusFactory bf = new SpringBusFactory();
>>>> URL busFile =
>>>> this.contextService.getResource("/WEB-INF/spring/webservices2.xml");
>>>>
>>>> Bus bus = bf.createBus(busFile.toString());
>>>> SpringBusFactory.setDefaultBus(bus);
>>>> SpringBusFactory.setThreadDefaultBus(bus);
>>>>
>>>> URL wsdl =
>>>> this.contextService.getResource("/wsdl/brm.wsdl");
>>>> Service service = Service.create(wsdl, new QName("
>>>> http://services.brm.n2.tibco.com","WorkListService"));
>>>> QName portQName = new QName("http://services.brm.n2.tibco.com",
>>>> "WorkListService_EP");
>>>>
>>>> this.workListService = service.getPort(portQName,
>>>> WorkListService.class);
>>>>
>>>> }
>>>>
>>>> ###################################################################################
>>>>
>>>> I use afterPropertySet() of Spring to call the webservice right after
>>>> Spring init.
>>>>
>>>>
>>>> ###################################################################################
>>>> public List<WorkItemFwk> getWorkListItems(String username,
>>>> WorkListItemQuery workListItemQuery)
>>>> {
>>>> //... init this object : getWorkListItems
>>>> try
>>>> {
>>>>
>>>> ((BindingProvider)this.workListService).getRequestContext().put("thread.local.request.context",
>>>> "true");
>>>>
>>>> ((BindingProvider)this.workListService).getRequestContext().put(SecurityConstants.USERNAME,
>>>> username);
>>>>
>>>> getWorkListItemsResponse =
>>>> this.workListService.getWorkListItems(getWorkListItems);
>>>> }
>>>> catch(Exception e)
>>>> {
>>>> logger.error("Error while getting worklistItems for
>>>> "+workListItemQuery.toString(),e);
>>>> }
>>>>
>>>> ###################################################################################
>>>>
>>>> And yet there's no SOAP header set in the request:
>>>>
>>>>
>>>> oct. 02, 2013 12:28:11 PM
>>>> org.apache.cxf.services.WorkListService.WorkListService_EP.WorkListService
>>>> INFO: Outbound Message
>>>> ---------------------------
>>>> ID: 1
>>>> Address: http://192.168.2.212:8080/amxbpm/WorkListService
>>>> Encoding: UTF-8
>>>> Http-Method: POST
>>>> Content-Type: text/xml
>>>> Headers: {Accept=[*/*], SOAPAction=["getWorkListItems"]}
>>>> Payload: <soap:Envelope xmlns:soap="
>>>> http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><ns2:getWorkListItems
>>>> xmlns:ns2="http://api.brm.n2.tibco.com" xmlns:ns3="
>>>> http://exception.api.brm.n2.tibco.com" xmlns:ns4="
>>>> http://exception.api.common.n2.tibco.com" xmlns:ns5="
>>>> http://www.tibco.com/XPD/ScriptDescriptor/" xmlns:ns6="
>>>> http://exception.api.de.n2.tibco.com" startPosition="0"
>>>> numberOfItems="10" getTotalCount="true"><entityID entity-type="RESOURCE"
>>>> guid="tibco-admin"
>>>> model-version="-1"/><orderFilterCriteria/></ns2:getWorkListItems></soap:Body></soap:Envelope>
>>>> --------------------------------------
>>>>
>>>> So I get the following expection :
>>>>
>>>> javax.xml.ws.soap.SOAPFaultException: Authentication Failed.
>>>> AuthNSAML20Principal set in Subject is null or empty.
>>>>
>>>>
>>>> oct. 02, 2013 12:28:11 PM
>>>> org.apache.cxf.services.WorkListService.WorkListService_EP.WorkListService
>>>> INFO: Inbound Message
>>>> ----------------------------
>>>> ID: 1
>>>> Response-Code: 500
>>>> Encoding: UTF-8
>>>> Content-Type: text/xml; charset=utf-8
>>>> Headers: {Content-Length=[605], content-type=[text/xml; charset=utf-8],
>>>> Date=[Wed, 02 Oct 2013 10:27:43 GMT], Expires=[Thu, 01 Jan 1970 00:00:00
>>>> GMT],
>>>> Set-Cookie=[JSESSIONID=1houdu4luwh4caof40jy2d8x6;Path=/amxbpm;HttpOnly]}
>>>> Payload: <?xml version="1.0" encoding="UTF-8"?>
>>>> <SOAP-ENV:Envelope xmlns:SOAP-ENV="
>>>> http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode>SOAP-ENV:Server</faultcode><faultstring>Authentication
>>>> Failed. AuthNSAML20Principal set in Subject is null or
>>>> empty.</faultstring><faultactor>DefaultRole</faultactor><detail><tibco:myFaultDetail
>>>> xmlns:tibco="http://tibcouri/">com.tibco.amf.spline.api.context.SplineMessagingException:
>>>> Authentication Failed. AuthNSAML20Principal set in Subject is null or empty.
>>>>
>>>> </tibco:myFaultDetail></detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>
>>>> --------------------------------------
>>>>
>>>>
>>>>
>>>>
>>>> Any idea before I jump through the window ? ;)
>>>>
>>>> Thanks,
>>>> Thomas.
>>>>
>>>>
>>>>
>>>>
>>>> On Thu, Sep 26, 2013 at 4:36 PM, Thomas Manson <
>>>> dev.mansonthomas@gmail.com> wrote:
>>>>
>>>>> Hi Colm,
>>>>>
>>>>> I know I'm probably exasperating you with my dumb questions, but I
>>>>> really need help...
>>>>>
>>>>>
>>>>> So reading the FAQ, I understand that we're thread safe if we use :
>>>>>
>>>>> ((BindingProvider)proxy).getRequestContext().put(
>>>>> "thread.local.request.context", "true");
>>>>>
>>>>> before calling
>>>>>
>>>>> ((BindingProvider)*this*.workListService
>>>>> ).getRequestContext().put(SecurityConstants.*USERNAME*, "Alice");
>>>>>
>>>>> Right ?
>>>>>
>>>>>
>>>>> With the JaxWSClient, I've tried to use
>>>>>
>>>>>
>>>>> ((BindingProvider)utPort).getRequestContext().put(SecurityConstants.USERNAME,
>>>>> "Alice");
>>>>>
>>>>> and it didn't had any effect... (I was making subsequent call, and
>>>>> changing the username)
>>>>>
>>>>> The web service response was the same for the two user, while one
>>>>> should have replied an empty response.
>>>>>
>>>>> * try
>>>>> * {
>>>>> ((BindingProvider)*this*.workListService
>>>>> ).getRequestContext().put(SecurityConstants.*USERNAME*, username);
>>>>>
>>>>> getWorkListItemsResponse = *this*.workListService
>>>>> .getWorkListItems(getWorkListItems);
>>>>> }
>>>>> *catch*(Exception e)
>>>>> {
>>>>> *logger*.error("Error while getting worklistItems for "
>>>>> +workListItemQuery.toString());
>>>>> }
>>>>>
>>>>> Did I miss somehting ?
>>>>>
>>>>>
>>>>>
>>>>> One other thing I did understand in the meantime, is that, by using
>>>>>
>>>>> JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
>>>>> factory.setServiceClass(WorkListService.class);
>>>>> factory.setAddress(this.endpoint);
>>>>> //
>>>>> factory.setWsdlLocation("D:/ARTIC/SOURCE/artic/trunk/webapp/src/main/webapp/WSDL/brm.wsdl");
>>>>> factory.setServiceName(new QName("http://services.brm.n2.tibco.com
>>>>> ", "WorkListService"));
>>>>>
>>>>> Or
>>>>>
>>>>> SpringBusFactory bf = new SpringBusFactory();
>>>>> URL busFile = WorkListServiceImpl2.class.getResource("client.xml"
>>>>> );
>>>>>
>>>>> Bus bus = bf.createBus(busFile.toString());
>>>>> SpringBusFactory.setDefaultBus(bus);
>>>>> SpringBusFactory.setThreadDefaultBus(bus);
>>>>>
>>>>> URL wsdl = WorkListServiceImpl2.class.getResource(
>>>>> "/Users/tmanson/Dropbox/crf/AMXBPM-2.1-WS-Client/src/main/resources/brm.wsdl"
>>>>> );
>>>>> Service service = Service.create(wsdl, new QName("
>>>>> http://api.brm.n2.tibco.com", "WorkListService"));
>>>>> QName portQName = new QName("http://services.brm.n2.tibco.com",
>>>>> "WorkListService_EP");
>>>>> this.workListService =
>>>>> service.getPort(portQName, WorkListService.class);
>>>>>
>>>>> etc...
>>>>>
>>>>> we ask CXF to generate on the fly the WS Client, is it correct?
>>>>>
>>>>>
>>>>> Now I've already generated a client (with CXF/Ant), which I want to
>>>>> invoke instead with this code :
>>>>>
>>>>> WorkListService_Service proxy = *new* WorkListService_Service(*new*URL(
>>>>> "http://localhost:8080/amxbpm-web/wsdl/brm.wsdl"),
>>>>> *new* QName("http://services.brm.n2.tibco.com",
>>>>> "WorkListService"));
>>>>> *this*.workListService = proxy.getPort( *new* QName("
>>>>> http://services.brm.n2.tibco.com", "WorkListService_EP"),
>>>>> WorkListService.*class*);
>>>>>
>>>>> I wonder how it can be used in conjonction with this code, and How
>>>>> should I handle the authentication part...:
>>>>>
>>>>> SpringBusFactory bf = *new* SpringBusFactory();
>>>>> URL busFile = WorkListServiceImpl2.*class*.getResource("client.xml");
>>>>> Bus bus = bf.createBus(busFile.toString());
>>>>> SpringBusFactory.*setDefaultBus*(bus);
>>>>> SpringBusFactory.*setThreadDefaultBus*(bus);
>>>>>
>>>>>
>>>>> I still dont get what file should I put instead of client.xml as I'm
>>>>> already in a spring context, should I specify the file where I define my
>>>>> bean already ?
>>>>> it's quite confusing...
>>>>>
>>>>>
>>>>> Thomas.
>>>>>
>>>>>
>>>>> On Wed, Sep 25, 2013 at 3:36 PM, Colm O hEigeartaigh <
>>>>> coheigea@apache.org> wrote:
>>>>>
>>>>>> > Is it thread safe ?
>>>>>>
>>>>>> http://cxf.apache.org/faq.html#FAQ-AreJAXWSclientproxiesthreadsafe%3F
>>>>>>
>>>>>> All you need is a JAX-WS client proxy, how you obtain one or set up
>>>>>> your
>>>>>> project is up to you...
>>>>>>
>>>>>> Colm.
>>>>>>
>>>>>>
>>>>>> On Tue, Sep 24, 2013 at 2:07 PM, Thomas Manson
>>>>>> <de...@gmail.com>wrote:
>>>>>>
>>>>>> > Hi Colm,
>>>>>> >
>>>>>> > I'm starting to understand that it's another way to configure the
>>>>>> client.
>>>>>> >
>>>>>> > I've two questions :
>>>>>> >
>>>>>> > - Is it thread safe ?
>>>>>> > I guess that it is as I see that the ServiceBus specify a Thread.
>>>>>> > In a J2EE context, should I specify something else than
>>>>>> > SpringBusFactory.setThreadDefaultBus(bus); ?
>>>>>> >
>>>>>> >
>>>>>> > - I'm a bit puzzled by the configuration:
>>>>>> >
>>>>>> >
>>>>>> > SpringBusFactory bf = new SpringBusFactory();
>>>>>> > URL busFile =
>>>>>> UsernameTokenTest.class.getResource("client/client.xml");
>>>>>> >
>>>>>> >
>>>>>> > This code load a Spring configuration file, while I already have
>>>>>> mine +
>>>>>> > the client.xml configuration has some cxf:bus definition (is it the
>>>>>> same
>>>>>> > thing ? SringBusFactory & cxf:bus ?).
>>>>>> >
>>>>>> > So I wonder I can't just use this code in an existing spring
>>>>>> context, How
>>>>>> > should I transpose this within an existing spring context?
>>>>>> >
>>>>>> >
>>>>>> > How I think it would work is :
>>>>>> >
>>>>>> >
>>>>>> > - Use your way to setup SpringBus and the Client
>>>>>> > - Have a Spring class X that has the WS Client as dependency
>>>>>> > - X implement each method of the WS(+some additional business
>>>>>> logic)
>>>>>> > and set the username dynamically <= I still don't know how to do
>>>>>> this...
>>>>>> >
>>>>>> > Is it the correct way ?
>>>>>> >
>>>>>> > Thomas.
>>>>>> >
>>>>>> > Here is my current work in progress spring file
>>>>>> >
>>>>>> > <beans xmlns="http://www.springframework.org/schema/beans"
>>>>>> >
>>>>>> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:cxf="
>>>>>> > http://cxf.apache.org/core"
>>>>>> > xsi:schemaLocation="
>>>>>> > http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
>>>>>> > http://www.springframework.org/schema/beans
>>>>>> > http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
>>>>>> >
>>>>>> >
>>>>>> > <cxf:bus>
>>>>>> > <cxf:features>
>>>>>> > <cxf:logging />
>>>>>> > </cxf:features>
>>>>>> > </cxf:bus>
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>> > <!--
>>>>>> >
>>>>>> /Users/tmanson/Dropbox/crf/AMXBPM-2.1-WS-Client/src/main/resources/de.wsdl
>>>>>> > -->
>>>>>> > <jaxws:client
>>>>>> > name="{http://services.brm.n2.tibco.com
>>>>>> }EntityResolverService"
>>>>>> >
>>>>>> >
>>>>>> wsdlLocation="/Users/tmanson/Dropbox/crf/AMXBPM-2.1-WS-Client/src/main/resources/de.wsdl"
>>>>>> > serviceClass="com.tibco.n2.de.services.EntityResolverService"
>>>>>> > address="
>>>>>> http://192.168.2.202:8080/amxbpm/EntityResolverService"
>>>>>> > createdFromAPI="true">
>>>>>> > <jaxws:properties>
>>>>>> > <entry key="ws-security.callback-handler"
>>>>>> >
>>>>>> >
>>>>>> value="com.mansonthomas.amxbpm.customwebapp.services.amxbpm.security.PasswordCallbackHandler"
>>>>>> > />
>>>>>> > </jaxws:properties>
>>>>>> > </jaxws:client>
>>>>>> >
>>>>>> > </beans>
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>> > On Tue, Sep 24, 2013 at 11:41 AM, Colm O hEigeartaigh <
>>>>>> coheigea@apache.org
>>>>>> > > wrote:
>>>>>> >
>>>>>> >> Look at the last test here:
>>>>>> >>
>>>>>> >>
>>>>>> >>
>>>>>> http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java?view=markup
>>>>>> >>
>>>>>> >>
>>>>>> >>
>>>>>> ((BindingProvider)utPort).getRequestContext().put(SecurityConstants.USERNAME,
>>>>>> >> "Alice");
>>>>>> >>
>>>>>> >> Colm.
>>>>>> >>
>>>>>> >>
>>>>>> >> On Tue, Sep 24, 2013 at 10:33 AM, Thomas Manson
>>>>>> >> <de...@gmail.com>wrote:
>>>>>> >>
>>>>>> >> > Hi Colm,
>>>>>> >> >
>>>>>> >> > I'm back working on this subject (was on pause as I was
>>>>>> working for
>>>>>> >> other
>>>>>> >> > clients)
>>>>>> >> >
>>>>>> >> > I've checked out the SVN repo you gave me, and I've looked
>>>>>> through the
>>>>>> >> > samples configurations (client.xml) and I can't find anything
>>>>>> >> appropriate.
>>>>>> >> >
>>>>>> >> > In the UT (Username Token I guess), the username is always
>>>>>> provided in
>>>>>> >> the
>>>>>> >> > configuration file.
>>>>>> >> > The saml/x509 configuration still refers to Alice.properties...
>>>>>> >> >
>>>>>> >> >
>>>>>> >> > In my case, the username shouldn't appear in the configuration
>>>>>> files,
>>>>>> >> as
>>>>>> >> > I need to use the J2EE Principal as login, and call the
>>>>>> webservice to
>>>>>> >> > authenticate the user.
>>>>>> >> >
>>>>>> >> > Could you point me to the right direction ?
>>>>>> >> >
>>>>>> >> > Thomas.
>>>>>> >> >
>>>>>> >> >
>>>>>> >> >
>>>>>> >> >
>>>>>> >> >
>>>>>> >> > On Sat, Jul 13, 2013 at 1:45 AM, Thomas Manson
>>>>>> >> > <de...@gmail.com>wrote:
>>>>>> >> >
>>>>>> >> > > Thanks, it will surely help a lot :)
>>>>>> >> > >
>>>>>> >> > > Thomas.
>>>>>> >> > >
>>>>>> >> > >
>>>>>> >> > > On Fri, Jul 12, 2013 at 6:05 PM, Colm O hEigeartaigh <
>>>>>> >> > coheigea@apache.org>wrote:
>>>>>> >> > >
>>>>>> >> > >> Please take a look at the tests here:
>>>>>> >> > >>
>>>>>> >> > >>
>>>>>> >> > >>
>>>>>> >> >
>>>>>> >>
>>>>>> http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security-examples/
>>>>>> >> > >>
>>>>>> >> > >> Colm.
>>>>>> >> > >>
>>>>>> >> > >>
>>>>>> >> > >> On Fri, Jul 12, 2013 at 4:22 PM, Thomas Manson
>>>>>> >> > >> <de...@gmail.com>wrote:
>>>>>> >> > >>
>>>>>> >> > >> > Do you have any other pointer that this page :
>>>>>> >> > >> >
>>>>>> >> > >> > cxf.apache.org/docs/ws-securitypolicy.html
>>>>>> >> > >> >
>>>>>> >> > >> > it's way to short for me as documentation to build
>>>>>> something that
>>>>>> >> > work.
>>>>>> >> > >> > When I read the properties described, I feel there's a mix
>>>>>> between
>>>>>> >> > >> server
>>>>>> >> > >> > side properties (which I'm not interested as I'm just
>>>>>> implementing
>>>>>> >> a
>>>>>> >> > >> > client)... + it starts with extra properties... where are
>>>>>> the basic
>>>>>> >> > >> ones?
>>>>>> >> > >> >
>>>>>> >> > >> > what would help is a full example of the code of a client.
>>>>>> >> > >> >
>>>>>> >> > >> > I'm quite lost ;)
>>>>>> >> > >> >
>>>>>> >> > >> >
>>>>>> >> > >> >
>>>>>> >> > >> >
>>>>>> >> > >> > On Fri, Jul 12, 2013 at 5:09 PM, Colm O hEigeartaigh <
>>>>>> >> > >> coheigea@apache.org
>>>>>> >> > >> > >wrote:
>>>>>> >> > >> >
>>>>>> >> > >> > >
>>>>>> >> > >> > > If you follow the WS-SecurityPolicy approach then it will
>>>>>> work,
>>>>>> >> as
>>>>>> >> > >> all of
>>>>>> >> > >> > > the configuration is taken from the context rather than a
>>>>>> >> properties
>>>>>> >> > >> Map.
>>>>>> >> > >> > >
>>>>>> >> > >> > > Colm.
>>>>>> >> > >> > >
>>>>>> >> > >> > >
>>>>>> >> > >> > > On Fri, Jul 12, 2013 at 4:01 PM, Thomas Manson <
>>>>>> >> > >> > dev.mansonthomas@gmail.com
>>>>>> >> > >> > > > wrote:
>>>>>> >> > >> > >
>>>>>> >> > >> > >> I already does what you say as follow, but it mean one
>>>>>> >> instance of
>>>>>> >> > >> the
>>>>>> >> > >> > >> client per user connected.
>>>>>> >> > >> > >>
>>>>>> >> > >> > >>
>>>>>> >> > >> > >> I've search quite some time dans didn't find a way to set
>>>>>> >> something
>>>>>> >> > >> like
>>>>>> >> > >> > >> the password callback handler.
>>>>>> >> > >> > >>
>>>>>> >> > >> > >>
>>>>>> >> > >> > >>
>>>>>> >> > >> > >> JaxWsProxyFactoryBean factory = new
>>>>>> JaxWsProxyFactoryBean();
>>>>>> >> > >> > >>
>>>>>> >> > >> > >> factory.setServiceClass(WorkListService.class);
>>>>>> >> > >> > >>
>>>>>> >> > >> > >> factory.setAddress(this.endpoint);
>>>>>> >> > >> > >>
>>>>>> >> > >> > >> //
>>>>>> >> > >> > >>
>>>>>> >> > >> >
>>>>>> >> > >>
>>>>>> >> >
>>>>>> >>
>>>>>> factory.setWsdlLocation("D:/ARTIC/SOURCE/artic/trunk/webapp/src/main/webapp/WSDL/brm.wsdl");
>>>>>> >> > >> > >>
>>>>>> >> > >> > >> factory.setServiceName(new QName("
>>>>>> >> > >> http://services.brm.n2.tibco.com
>>>>>> >> > >> > ",
>>>>>> >> > >> > >> "WorkListService"));
>>>>>> >> > >> > >>
>>>>>> >> > >> > >> WorkListService workListService = (WorkListService)
>>>>>> >> > >> > factory.create();
>>>>>> >> > >> > >>
>>>>>> >> > >> > >>
>>>>>> >> > >> > >> Client client =
>>>>>> ClientProxy.getClient(workListService);
>>>>>> >> > >> > >>
>>>>>> >> > >> > >>
>>>>>> >> > >> > >> Map<String, Object> properties = new HashMap<String,
>>>>>> >> Object>();
>>>>>> >> > >> > >>
>>>>>> >> > >> > >> properties.put(WSHandlerConstants.ACTION ,
>>>>>> >> > >> > >> WSHandlerConstants.USERNAME_TOKEN);
>>>>>> >> > >> > >>
>>>>>> >> > >> > >> properties.put(WSHandlerConstants.USER ,
>>>>>> >> > >> this.username);
>>>>>> >> > >> > >>
>>>>>> >> > >> > >> properties.put(WSHandlerConstants.PASSWORD_TYPE ,
>>>>>> >> > WSConstants.
>>>>>> >> > >> > >> PW_TEXT);// "PasswordDigest"
>>>>>> >> > >> > >>
>>>>>> >> > >> > >> properties.put(WSHandlerConstants.PW_CALLBACK_REF ,
>>>>>> >> > >> > newPasswordCallbackHandler(
>>>>>> >> > >> > >> this.username, password, "password"));
>>>>>> >> > >> > >>
>>>>>> >> > >> > >>
>>>>>> >> > >> > >> client.getOutInterceptors().add(new
>>>>>> >> > >> > WSS4JOutInterceptor(properties));
>>>>>> >> > >> > >>
>>>>>> >> > >> > >>
>>>>>> >> > >> > >> On Fri, Jul 12, 2013 at 4:36 PM, Colm O hEigeartaigh <
>>>>>> >> > >> > coheigea@apache.org
>>>>>> >> > >> > >> > wrote:
>>>>>> >> > >> > >>
>>>>>> >> > >> > >>> ou could create a CXF interceptor that sets the
>>>>>> username on the
>>>>>> >> > fly,
>>>>>> >> > >> > >>> before the WSS4JOutInterceptor is called.
>>>>>> >> > >> > >>
>>>>>> >> > >> > >>
>>>>>> >> > >> > >>
>>>>>> >> > >> > >>
>>>>>> >> > >> > >
>>>>>> >> > >> > >
>>>>>> >> > >> > > --
>>>>>> >> > >> > > Colm O hEigeartaigh
>>>>>> >> > >> > >
>>>>>> >> > >> > > Talend Community Coder
>>>>>> >> > >> > > http://coders.talend.com
>>>>>> >> > >> > >
>>>>>> >> > >> >
>>>>>> >> > >>
>>>>>> >> > >>
>>>>>> >> > >>
>>>>>> >> > >> --
>>>>>> >> > >> Colm O hEigeartaigh
>>>>>> >> > >>
>>>>>> >> > >> Talend Community Coder
>>>>>> >> > >> http://coders.talend.com
>>>>>> >> > >>
>>>>>> >> > >
>>>>>> >> > >
>>>>>> >> >
>>>>>> >>
>>>>>> >>
>>>>>> >>
>>>>>> >> --
>>>>>> >> Colm O hEigeartaigh
>>>>>> >>
>>>>>> >> Talend Community Coder
>>>>>> >> http://coders.talend.com
>>>>>> >>
>>>>>> >
>>>>>> >
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Colm O hEigeartaigh
>>>>>>
>>>>>> Talend Community Coder
>>>>>> http://coders.talend.com
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>>
>> --
>> Colm O hEigeartaigh
>>
>> Talend Community Coder
>> http://coders.talend.com
>>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: CXF client - how to dynamically set user/password at runtime
Posted by Thomas Manson <de...@gmail.com>.
Hi Daniel,
thanks for your reply.
If I look for the string "policy" inside the wsdl, I find nothing, so I
guess no security policy is defined in the WSDL right ?
(if you want to have a look:
https://docs.tibco.com/pub//activematrix_bpm/2.1.0_february_2013/doc/html/BPM%20Developers%20Guide/public_api/public_api.zip)
For support consideration, I can't modify the WSDL.
For now, I've been able to convert the Client initialization to a spring
configuration (see below) and it works as expected for a single user.
Do you think it is possible to set dynamically username & password from
this kind of configuration, or it's hopeless?
If you can point me to some sample, would help a lot.
If I remember well, I've been told that it's possible to implement an
interceptor to set the username. (any doc ? which interface to implement ?)
And also, would it be thread safe?
Regards,
Thomas.
<?xml version=*"1.0"* encoding=*"UTF-8"*?>
<beans xmlns=*"http://www.springframework.org/schema/beans"*
xmlns:xsi=*"http://www.w3.org/2001/XMLSchema-instance"* xmlns:jaxws=*
"http://cxf.apache.org/jaxws"*
xmlns:cxf=*"http://cxf.apache.org/core"* xmlns:p=*"
http://cxf.apache.org/policy"*
xsi:schemaLocation=*"*
* http://www.springframework.org/schema/beans*
* http://www.springframework.org/schema/beans/spring-beans-2.0.xsd*
* http://cxf.apache.org/jaxws*
* http://cxf.apache.org/schemas/jaxws.xsd*
* http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd*
* "*>
<cxf:bus>
<cxf:features>
<p:policies />
<cxf:logging />
</cxf:features>
</cxf:bus>
<bean class=*"org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"*
id=*"outbound-security"*>
<constructor-arg>
<map>
<entry key=*"action"* value=*"UsernameToken"*
/>
<entry key=*"user"* value=*"tibco-admin"* />
<entry key=*"passwordType"* value=*
"PasswordText"* />
<entry key=*"passwordCallbackClass"*
value=*
"com.tibco.cts.amxbpm.fwk.security.PasswordCallbackHandler"* />
</map>
</constructor-arg>
</bean>
<jaxws:client id=*"WorkListServiceProxyFactory"*
name=*"{http://services.brm.n2.tibco.com}WorkListService_EP"*
serviceClass=*"com.tibco.n2.brm.services.WorkListService"*
address=*"http://192.168.2.213:8080/amxbpm/WorkListService"*>
<jaxws:outInterceptors>
<ref bean=*"outbound-security"* />
</jaxws:outInterceptors>
</jaxws:client>
On Tue, Oct 15, 2013 at 4:39 PM, Daniel Kulp <dk...@apache.org> wrote:
>
> >
> > <jaxws:client id="WorkListServiceProxyFactory"
> >
> > name="{http://services.brm.n2.tibco.com}WorkListService_EP"
> >
> > serviceClass="com.tibco.n2.brm.services.WorkListService" address="
> > http://192.168.2.213:8080/amxbpm/WorkListService">
> >
> >
> > <jaxws:properties>
> >
> >
> > <entry key="ws-security.username" value="tibco-admin" />
> >
> > <entry key="ws-security.callback-handler"
> >
> > value=
> >
> "com.mansonthomas.amxbpm.customwebapp.services.amxbpm.security.PasswordCallbackHandler"
> > />
> >
> > </jaxws:properties>
> >
> > </jaxws:client>
> >
> > </beans>
> >
> > and no soap headers:
>
>
> This configuration will ONLY work if your WSDL contains a ws-security
> policy fragment that defines a username token policy in it. In addition,
> you would NEED to add a wsdlLocation item onto the jaxws:client for the
> wsdl to be picked up. Right now, with that configuration, it doesn't know
> to even apply any security stuff at all.
>
>
>
>
> Dan
>
>
>
>
>
> On Oct 15, 2013, at 5:17 AM, Thomas Manson <de...@gmail.com>
> wrote:
>
> > Colm,
> >
> > honestly i'm really getting mad and sick of this security stuff.
> > I'm blocked on this for sooo long now and don't work on the actual
> stuff I
> > should do.
> >
> > I was pushing CXF as I did had good experience on it before, but I'm now
> > considering to move to something else... I really need to get the thing
> > done, anyhow.
> >
> >
> >> If you have a WS-SecurityPolicy in operation
> > I don't understand this.
> > if you mean that the wsdl should contain some stuff, I don't think so,
> > maybe beacuse it allow username token, SAML (sendervoucher) and X509 and
> > that all samples I've tried do not work.
> >
> > the only actual code that did send the SOAP header is
> >
> > this code :
> >
> >
> ###############################################################################################
> >
> > JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
> >
> > factory.setServiceClass(WorkListService.class);
> >
> > factory.setAddress(this.endpoint);
> >
> > //
> >
> factory.setWsdlLocation("D:/ARTIC/SOURCE/artic/trunk/webapp/src/main/webapp/WSDL/brm.wsdl");
> >
> > factory.setServiceName(new QName("http://services.brm.n2.tibco.com",
> > "WorkListService"));
> >
> > this.workListService = (WorkListService) factory.create();
> >
> >
> > Client client = ClientProxy.getClient(this.workListService);
> >
> >
> > Map<String, Object> properties = new HashMap<String, Object>();
> >
> > properties.put(WSHandlerConstants.ACTION ,
> WSHandlerConstants.
> > USERNAME_TOKEN);
> >
> > properties.put(WSHandlerConstants.USER , this.username);
> >
> > properties.put(WSHandlerConstants.PASSWORD_TYPE ,
> WSConstants.PW_TEXT
> > );// "PasswordDigest"
> >
> > properties.put(WSHandlerConstants.PW_CALLBACK_REF ,
> > newPasswordCallbackHandler(
> > "secret"));
> >
> >
> > client.getOutInterceptors().add(new WSS4JOutInterceptor(properties));
> >
> >
> > HTTPConduit conduit = (HTTPConduit) client.getConduit();
> >
> >
> > long timeoutMillis = this.timeout * 1000;
> >
> >
> > HTTPClientPolicy policy = new HTTPClientPolicy();
> >
> > policy.setConnectionTimeout(timeoutMillis);
> >
> > policy.setReceiveTimeout(timeoutMillis);
> >
> >
> > conduit.setClient(policy);
> >
> ###############################################################################################
> >
> >
> > I'm just trying to get the basic thing to work :
> >
> > Configure the client with spring, inject it into another bean and use it
> > and even that do not work.
> >
> >
> > I'm just having the same spring code in all samples, I can't get why it
> > doesn't send the security headers.
> >
> >
> >
> >
> >
> >
> >
> > <?xml version="1.0" encoding="UTF-8"?>
> >
> > <beans xmlns="http://www.springframework.org/schema/beans"
> >
> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="
> > http://cxf.apache.org/jaxws"
> >
> >
> > xmlns:cxf="http://cxf.apache.org/core" xmlns:p="
> > http://cxf.apache.org/policy"
> >
> >
> > xsi:schemaLocation="
> >
> > http://www.springframework.org/schema/beans
> >
> > http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
> >
> > http://cxf.apache.org/jaxws
> >
> > http://cxf.apache.org/schemas/jaxws.xsd
> >
> > http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
> >
> > ">
> >
> >
> >
> >
> > <cxf:bus>
> >
> > <cxf:features>
> >
> > <p:policies />
> >
> > <cxf:logging />
> >
> > </cxf:features>
> >
> > </cxf:bus>
> >
> >
> >
> >
> > <jaxws:client id="WorkListServiceProxyFactory"
> >
> > name="{http://services.brm.n2.tibco.com}WorkListService_EP"
> >
> > serviceClass="com.tibco.n2.brm.services.WorkListService" address="
> > http://192.168.2.213:8080/amxbpm/WorkListService">
> >
> >
> > <jaxws:properties>
> >
> >
> > <entry key="ws-security.username" value="tibco-admin" />
> >
> > <entry key="ws-security.callback-handler"
> >
> > value=
> >
> "com.mansonthomas.amxbpm.customwebapp.services.amxbpm.security.PasswordCallbackHandler"
> > />
> >
> > </jaxws:properties>
> >
> > </jaxws:client>
> >
> > </beans>
> >
> > and no soap headers:
> >
> >
> > INFO: Creating Service {http://services.brm.n2.tibco.com
> }WorkListServiceService
> > from class com.tibco.n2.brm.services.WorkListService
> >
> > oct. 15, 2013 10:52:41 AM
> >
> org.apache.cxf.services.WorkListServiceService.WorkListServicePort.WorkListService
> >
> > INFO: Outbound Message
> >
> > ---------------------------
> >
> > ID: 1
> >
> > Address: http://192.168.2.213:8080/amxbpm/WorkListService
> >
> > Encoding: UTF-8
> >
> > Http-Method: POST
> >
> > Content-Type: text/xml
> >
> > Headers: {Accept=[*/*], SOAPAction=["getWorkListItems"]}
> >
> > Payload: <soap:Envelope xmlns:soap="
> > http://schemas.xmlsoap.org/soap/envelope/
> "><soap:Body><ns2:getWorkListItems
> > xmlns:ns2="http://api.brm.n2.tibco.com" xmlns:ns3="
> > http://exception.api.brm.n2.tibco.com" xmlns:ns4="
> > http://exception.api.common.n2.tibco.com" xmlns:ns5="
> > http://exception.api.de.n2.tibco.com" xmlns:ns6="
> > http://www.tibco.com/XPD/ScriptDescriptor/" startPosition="0"
> > numberOfItems="10" getTotalCount="true"><entityID entity-type="RESOURCE"
> > guid="tibco-admin"
> >
> model-version="-1"/><orderFilterCriteria/></ns2:getWorkListItems></soap:Body></soap:Envelope>
> >
> > --------------------------------------
> >
> > oct. 15, 2013 10:52:41 AM
> >
> org.apache.cxf.services.WorkListServiceService.WorkListServicePort.WorkListService
> >
> > INFO: Inbound Message
> >
> > ----------------------------
> >
> > ID: 1
> >
> > Response-Code: 500
> >
> > Encoding: UTF-8
> >
> > Content-Type: text/xml; charset=utf-8
> >
> > Headers: {Content-Length=[605], content-type=[text/xml; charset=utf-8],
> > Date=[Tue, 15 Oct 2013 14:50:18 GMT], Expires=[Thu, 01 Jan 1970 00:00:00
> > GMT],
> Set-Cookie=[JSESSIONID=eflukkvn7glfvw8s53n2228;Path=/amxbpm;HttpOnly]}
> >
> > Payload: <?xml version="1.0" encoding="UTF-8"?>
> >
> > <SOAP-ENV:Envelope
> > xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/
> "><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode>SOAP-ENV:Server</faultcode><faultstring>Authentication
> > Failed. AuthNSAML20Principal set in Subject is null or
> >
> empty.</faultstring><faultactor>DefaultRole</faultactor><detail><tibco:myFaultDetail
> > xmlns:tibco="http://tibcouri/
> > ">com.tibco.amf.spline.api.context.SplineMessagingException:
> Authentication
> > Failed. AuthNSAML20Principal set in Subject is null or empty.
> >
> >
> </tibco:myFaultDetail></detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>
> >
> > --------------------------------------
> >
> > 2013-10-15 10:52:41,915 - ERROR - localhost-startStop-1 (
> > WorkListServiceImpl4.java:81) - Error while getting worklistItems for
> > WorkListItemQuery [username=tibco-admin, userGUID=tibco-admin, start=0,
> > numberOfItems=10, filter=null, order=null]
> >
> > javax.xml.ws.soap.SOAPFaultException: Authentication Failed.
> > AuthNSAML20Principal set in Subject is null or empty.
> >
> > at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:156)
> >
> > at com.sun.proxy.$Proxy57.getWorkListItems(Unknown Source)
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > On Tue, Oct 15, 2013 at 11:04 AM, Colm O hEigeartaigh
> > <co...@apache.org>wrote:
> >
> >> If you have a WS-SecurityPolicy in operation, it will take care of
> adding
> >> the correct headers, once you supply it with the correct information
> >> (username, password, etc.). Please take a look at the
> ws-security-examples
> >> systests to see how it all works.
> >>
> >> Colm.
> >>
> >>
> >> On Mon, Oct 14, 2013 at 10:27 PM, Thomas Manson <
> >> dev.mansonthomas@gmail.com> wrote:
> >>
> >>> Hi Colm,
> >>>
> >>> I will resume work on this subject tomorrow.
> >>>
> >>> So I'm in a situation where there's no soap header setted, and the
> >>> spring configuraiton seems to be ignored (which would be quite logical
> as
> >>> we don't use it in the java code, just rebuiling all ourselves.)
> >>>
> >>> So how can I make sure the soap header is setted in my request? How
> can I
> >>> set the authentication type (username/password plain) ?
> >>>
> >>> Thanks,
> >>> Thomas.
> >>>
> >>>
> >>> On Mon, Oct 7, 2013 at 11:23 AM, Thomas Manson <
> >>> dev.mansonthomas@gmail.com> wrote:
> >>>
> >>>> Hi Colm,
> >>>>
> >>>> If I remove the <jaxws:client element, it still work as before, so I
> >>>> guess this client xml declaration is not taken into account as we're
> just
> >>>> programmatically re-doing what the spring configuration does...
> >>>>
> >>>> As I stated earlier, I'm already in a spring context (J2EE Spring MVC
> >>>> application), that's why I don't understand the BusFactory need to be
> given
> >>>> the spring xml file.
> >>>>
> >>>> I've understood that while seeing that the endpoint was not taken into
> >>>> account (thanks to my Virtual machine that changes of IP each time I
> resume
> >>>> my mac).
> >>>>
> >>>> So I'll focus to make it work programmatically first, then figure out
> >>>> how to use the spring XML configurations files and finally try to use
> my
> >>>> own generated WS Client instead of generating it on the fly.
> >>>>
> >>>>
> >>>> For now, I'm still blocked on enabling a security policy on the client
> >>>> side programmatically.
> >>>> For instance, my password callback handler is not taken into account,
> >>>> as it's not called at all.
> >>>>
> >>>> (the method public void handle(Callback[] callbacks)
> throwsIOException, UnsupportedCallbackException is not called)
> >>>>
> >>>>
> >>>> I programmatically specify it as follow (full code at the end of the
> >>>> mail):
> >>>>
> >>>> *this*.workListService = service.getPort(portQName, WorkListService.*
> >>>> class*);
> >>>>
> >>>> ((BindingProvider)*this*.workListService
> >>>>
> ).getRequestContext().put(BindingProvider.*ENDPOINT_ADDRESS_PROPERTY*, "
> >>>> http://192.168.2.213:8080/amxbpm/WorkListService");
> >>>>
> >>>> //I've also tryed by just specificying a class name, but don't work
> >>>> either.
> >>>>
> >>>> PasswordCallbackHandler passwordCallbackHandler =
> *new*PasswordCallbackHandler(
> >>>> "secret");
> >>>> ((BindingProvider)*this*.workListService
> >>>> ).getRequestContext().put(SecurityConstants.*CALLBACK_HANDLER*,
> >>>> passwordCallbackHandler);
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> In the CXF samples, it's done like this:
> >>>>
> >>>> <jaxws:client name=*"{
> >>>>
> http://www.example.org/contract/DoubleIt}DoubleItPlaintextPrincipalPort"
> >>>> *
> >>>> createdFromAPI=*"true"*>
> >>>> <jaxws:properties>
> >>>> <entry key=*"ws-security.callback-handler"
> >>>> *
> >>>> value=*
> >>>> "org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback"*/>
> >>>> </jaxws:properties>
> >>>> </jaxws:client>
> >>>>
> >>>>
> >>>> So I wonder what I miss...
> >>>>
> >>>> Thomas.
> >>>>
> >>>>
> >>>> package com.mansonthomas.amxbpm.customwebapp.services.amxbpm;
> >>>>
> >>>> import java.net.URL;
> >>>> import java.util.ArrayList;
> >>>> import java.util.List;
> >>>>
> >>>> import javax.xml.namespace.QName;
> >>>> import javax.xml.transform.Source;
> >>>> import javax.xml.ws.BindingProvider;
> >>>> import javax.xml.ws.EndpointReference;
> >>>> import javax.xml.ws.Service;
> >>>> import javax.xml.ws.WebServiceFeature;
> >>>> import javax.xml.ws.wsaddressing.W3CEndpointReference;
> >>>> import javax.xml.ws.wsaddressing.W3CEndpointReferenceBuilder;
> >>>>
> >>>> import org.apache.commons.logging.Log;
> >>>> import org.apache.commons.logging.LogFactory;
> >>>> import org.apache.cxf.Bus;
> >>>> import org.apache.cxf.bus.spring.SpringBusFactory;
> >>>> import org.apache.cxf.endpoint.Client;
> >>>> import org.apache.cxf.ws.security.SecurityConstants;
> >>>> import org.springframework.beans.factory.InitializingBean;
> >>>>
> >>>> import com.mansonthomas.amxbpm.customwebapp.model.WorkItemFwk;
> >>>> import com.mansonthomas.amxbpm.customwebapp.model.WorkListItemQuery;
> >>>> import
> >>>>
> com.mansonthomas.amxbpm.customwebapp.services.amxbpm.context.ContextService;
> >>>> import
> >>>>
> com.mansonthomas.amxbpm.customwebapp.services.amxbpm.mapper.WorkItemMapper;
> >>>> import
> >>>>
> com.mansonthomas.amxbpm.customwebapp.services.amxbpm.security.PasswordCallbackHandler;
> >>>> import com.tibco.n2.brm.api.GetWorkListItems;
> >>>> import com.tibco.n2.brm.api.GetWorkListItemsResponse;
> >>>> import com.tibco.n2.brm.api.OrderFilterCriteria;
> >>>> import com.tibco.n2.brm.api.WorkItem;
> >>>> import com.tibco.n2.brm.services.WorkListService;
> >>>> import com.tibco.n2.common.organisation.api.OrganisationalEntityType;
> >>>> import com.tibco.n2.common.organisation.api.XmlModelEntityId;
> >>>>
> >>>> public class WorkListServiceImpl2 implements WorkListFwkService,
> >>>> InitializingBean
> >>>> {
> >>>>
> >>>> private static final Log logger =
> >>>> LogFactory.getLog(WorkListServiceImpl2.class);
> >>>>
> >>>>
> >>>>
> >>>> private WorkListService workListService = null;
> >>>> private ContextService contextService = null;
> >>>>
> >>>> public WorkListServiceImpl2( ContextService contextService) throws
> >>>> Exception
> >>>> {
> >>>> this.contextService = contextService;
> >>>>
> >>>> SpringBusFactory bf = new SpringBusFactory();
> >>>> URL busFile =
> >>>> this.contextService.getResource("/WEB-INF/spring/webservices2.xml");
> >>>>
> >>>> Bus bus = bf.createBus(busFile.toString());
> >>>> SpringBusFactory.setDefaultBus(bus);
> >>>> SpringBusFactory.setThreadDefaultBus(bus);
> >>>>
> >>>> URL wsdl =
> >>>> this.contextService.getResource("/wsdl/brm.wsdl");
> >>>>
> >>>> Service service = Service.create(wsdl, new QName("
> >>>> http://services.brm.n2.tibco.com","WorkListService"));
> >>>>
> >>>> QName portQName = new QName("http://services.brm.n2.tibco.com",
> >>>> "WorkListService_EP");
> >>>>
> >>>> this.workListService = service.getPort(portQName,
> >>>> WorkListService.class);
> >>>>
> >>>>
> >>>>
> ((BindingProvider)this.workListService).getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
> >>>> "http://192.168.2.213:8080/amxbpm/WorkListService");
> >>>>
> >>>> PasswordCallbackHandler passwordCallbackHandler = new
> >>>> PasswordCallbackHandler("secret");
> >>>>
> >>>>
> >>>>
> ((BindingProvider)this.workListService).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER,
> >>>> passwordCallbackHandler);
> >>>>
> >>>>
> >>>> }
> >>>>
> >>>> public List<WorkItemFwk> getWorkListItems(String username,
> >>>> WorkListItemQuery workListItemQuery)
> >>>> {
> >>>> XmlModelEntityId entityId = new XmlModelEntityId();
> >>>> entityId.setGuid(workListItemQuery.getUserGUID());
> >>>> entityId.setEntityType(OrganisationalEntityType.RESOURCE);
> >>>> entityId.setModelVersion(-1);
> >>>>
> >>>> GetWorkListItems getWorkListItems = new GetWorkListItems();
> >>>>
> >>>> getWorkListItems.setGetTotalCount (true);
> >>>> getWorkListItems.setEntityID (entityId);
> >>>> getWorkListItems.setStartPosition
> >>>> (workListItemQuery.getStart());
> >>>> getWorkListItems.setNumberOfItems
> >>>> (workListItemQuery.getNumberOfItems());
> >>>> getWorkListItems.setOrderFilterCriteria (new
> OrderFilterCriteria());
> >>>>
> >>>> GetWorkListItemsResponse getWorkListItemsResponse = null;
> >>>>
> >>>> try
> >>>> {
> >>>>
> >>>>
> ((BindingProvider)this.workListService).getRequestContext().put("thread.local.request.context",
> >>>> "true");
> >>>>
> >>>>
> ((BindingProvider)this.workListService).getRequestContext().put(SecurityConstants.USERNAME,
> >>>> username);
> >>>>
> >>>> getWorkListItemsResponse =
> >>>> this.workListService.getWorkListItems(getWorkListItems);
> >>>> }
> >>>> catch(Exception e)
> >>>> {
> >>>> logger.error("Error while getting worklistItems for
> >>>> "+workListItemQuery.toString(),e);
> >>>> }
> >>>>
> >>>>
> >>>>
> >>>> if(getWorkListItemsResponse == null)
> >>>> {
> >>>> logger.error("recieve a null response while getting worklistItems
> >>>> for "+workListItemQuery.toString());
> >>>> return new ArrayList<WorkItemFwk>(0);
> >>>> }
> >>>>
> >>>> List<WorkItem> workitems =
> >>>> getWorkListItemsResponse.getWorkItems();
> >>>> List<WorkItemFwk> workListItemFwk = new
> >>>> ArrayList<WorkItemFwk>(workitems.size());
> >>>>
> >>>>
> >>>> int i = 0;
> >>>> for (WorkItem workItem : workitems)
> >>>> {
> >>>> workListItemFwk.add(WorkItemMapper.map(workItem, i++));
> >>>> }
> >>>> return workListItemFwk;
> >>>> }
> >>>>
> >>>> @Override
> >>>> public void afterPropertiesSet() throws Exception
> >>>> {
> >>>>
> >>>> WorkListItemQuery workListItemQuery = new WorkListItemQuery();
> >>>>
> >>>> workListItemQuery.setStart(0l);
> >>>> workListItemQuery.setNumberOfItems(10l);
> >>>> workListItemQuery.setUsername("tibco-admin");
> >>>> workListItemQuery.setUserGUID("tibco-admin");
> >>>>
> >>>> this.getWorkListItems("tibc-admin", workListItemQuery);
> >>>>
> >>>> }
> >>>>
> >>>> }
> >>>>
> >>>>
> >>>>
> >>>>
> >>>
> >>
> >>
> >> --
> >> Colm O hEigeartaigh
> >>
> >> Talend Community Coder
> >> http://coders.talend.com
> >>
>
> --
> Daniel Kulp
> dkulp@apache.org - http://dankulp.com/blog
> Talend Community Coder - http://coders.talend.com
>
>
Re: CXF client - how to dynamically set user/password at runtime
Posted by Daniel Kulp <dk...@apache.org>.
>
> <jaxws:client id="WorkListServiceProxyFactory"
>
> name="{http://services.brm.n2.tibco.com}WorkListService_EP"
>
> serviceClass="com.tibco.n2.brm.services.WorkListService" address="
> http://192.168.2.213:8080/amxbpm/WorkListService">
>
>
> <jaxws:properties>
>
>
> <entry key="ws-security.username" value="tibco-admin" />
>
> <entry key="ws-security.callback-handler"
>
> value=
> "com.mansonthomas.amxbpm.customwebapp.services.amxbpm.security.PasswordCallbackHandler"
> />
>
> </jaxws:properties>
>
> </jaxws:client>
>
> </beans>
>
> and no soap headers:
This configuration will ONLY work if your WSDL contains a ws-security policy fragment that defines a username token policy in it. In addition, you would NEED to add a wsdlLocation item onto the jaxws:client for the wsdl to be picked up. Right now, with that configuration, it doesn't know to even apply any security stuff at all.
Dan
On Oct 15, 2013, at 5:17 AM, Thomas Manson <de...@gmail.com> wrote:
> Colm,
>
> honestly i'm really getting mad and sick of this security stuff.
> I'm blocked on this for sooo long now and don't work on the actual stuff I
> should do.
>
> I was pushing CXF as I did had good experience on it before, but I'm now
> considering to move to something else... I really need to get the thing
> done, anyhow.
>
>
>> If you have a WS-SecurityPolicy in operation
> I don't understand this.
> if you mean that the wsdl should contain some stuff, I don't think so,
> maybe beacuse it allow username token, SAML (sendervoucher) and X509 and
> that all samples I've tried do not work.
>
> the only actual code that did send the SOAP header is
>
> this code :
>
> ###############################################################################################
>
> JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
>
> factory.setServiceClass(WorkListService.class);
>
> factory.setAddress(this.endpoint);
>
> //
> factory.setWsdlLocation("D:/ARTIC/SOURCE/artic/trunk/webapp/src/main/webapp/WSDL/brm.wsdl");
>
> factory.setServiceName(new QName("http://services.brm.n2.tibco.com",
> "WorkListService"));
>
> this.workListService = (WorkListService) factory.create();
>
>
> Client client = ClientProxy.getClient(this.workListService);
>
>
> Map<String, Object> properties = new HashMap<String, Object>();
>
> properties.put(WSHandlerConstants.ACTION , WSHandlerConstants.
> USERNAME_TOKEN);
>
> properties.put(WSHandlerConstants.USER , this.username);
>
> properties.put(WSHandlerConstants.PASSWORD_TYPE , WSConstants.PW_TEXT
> );// "PasswordDigest"
>
> properties.put(WSHandlerConstants.PW_CALLBACK_REF ,
> newPasswordCallbackHandler(
> "secret"));
>
>
> client.getOutInterceptors().add(new WSS4JOutInterceptor(properties));
>
>
> HTTPConduit conduit = (HTTPConduit) client.getConduit();
>
>
> long timeoutMillis = this.timeout * 1000;
>
>
> HTTPClientPolicy policy = new HTTPClientPolicy();
>
> policy.setConnectionTimeout(timeoutMillis);
>
> policy.setReceiveTimeout(timeoutMillis);
>
>
> conduit.setClient(policy);
> ###############################################################################################
>
>
> I'm just trying to get the basic thing to work :
>
> Configure the client with spring, inject it into another bean and use it
> and even that do not work.
>
>
> I'm just having the same spring code in all samples, I can't get why it
> doesn't send the security headers.
>
>
>
>
>
>
>
> <?xml version="1.0" encoding="UTF-8"?>
>
> <beans xmlns="http://www.springframework.org/schema/beans"
>
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="
> http://cxf.apache.org/jaxws"
>
>
> xmlns:cxf="http://cxf.apache.org/core" xmlns:p="
> http://cxf.apache.org/policy"
>
>
> xsi:schemaLocation="
>
> http://www.springframework.org/schema/beans
>
> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
>
> http://cxf.apache.org/jaxws
>
> http://cxf.apache.org/schemas/jaxws.xsd
>
> http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
>
> ">
>
>
>
>
> <cxf:bus>
>
> <cxf:features>
>
> <p:policies />
>
> <cxf:logging />
>
> </cxf:features>
>
> </cxf:bus>
>
>
>
>
> <jaxws:client id="WorkListServiceProxyFactory"
>
> name="{http://services.brm.n2.tibco.com}WorkListService_EP"
>
> serviceClass="com.tibco.n2.brm.services.WorkListService" address="
> http://192.168.2.213:8080/amxbpm/WorkListService">
>
>
> <jaxws:properties>
>
>
> <entry key="ws-security.username" value="tibco-admin" />
>
> <entry key="ws-security.callback-handler"
>
> value=
> "com.mansonthomas.amxbpm.customwebapp.services.amxbpm.security.PasswordCallbackHandler"
> />
>
> </jaxws:properties>
>
> </jaxws:client>
>
> </beans>
>
> and no soap headers:
>
>
> INFO: Creating Service {http://services.brm.n2.tibco.com}WorkListServiceService
> from class com.tibco.n2.brm.services.WorkListService
>
> oct. 15, 2013 10:52:41 AM
> org.apache.cxf.services.WorkListServiceService.WorkListServicePort.WorkListService
>
> INFO: Outbound Message
>
> ---------------------------
>
> ID: 1
>
> Address: http://192.168.2.213:8080/amxbpm/WorkListService
>
> Encoding: UTF-8
>
> Http-Method: POST
>
> Content-Type: text/xml
>
> Headers: {Accept=[*/*], SOAPAction=["getWorkListItems"]}
>
> Payload: <soap:Envelope xmlns:soap="
> http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><ns2:getWorkListItems
> xmlns:ns2="http://api.brm.n2.tibco.com" xmlns:ns3="
> http://exception.api.brm.n2.tibco.com" xmlns:ns4="
> http://exception.api.common.n2.tibco.com" xmlns:ns5="
> http://exception.api.de.n2.tibco.com" xmlns:ns6="
> http://www.tibco.com/XPD/ScriptDescriptor/" startPosition="0"
> numberOfItems="10" getTotalCount="true"><entityID entity-type="RESOURCE"
> guid="tibco-admin"
> model-version="-1"/><orderFilterCriteria/></ns2:getWorkListItems></soap:Body></soap:Envelope>
>
> --------------------------------------
>
> oct. 15, 2013 10:52:41 AM
> org.apache.cxf.services.WorkListServiceService.WorkListServicePort.WorkListService
>
> INFO: Inbound Message
>
> ----------------------------
>
> ID: 1
>
> Response-Code: 500
>
> Encoding: UTF-8
>
> Content-Type: text/xml; charset=utf-8
>
> Headers: {Content-Length=[605], content-type=[text/xml; charset=utf-8],
> Date=[Tue, 15 Oct 2013 14:50:18 GMT], Expires=[Thu, 01 Jan 1970 00:00:00
> GMT], Set-Cookie=[JSESSIONID=eflukkvn7glfvw8s53n2228;Path=/amxbpm;HttpOnly]}
>
> Payload: <?xml version="1.0" encoding="UTF-8"?>
>
> <SOAP-ENV:Envelope
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode>SOAP-ENV:Server</faultcode><faultstring>Authentication
> Failed. AuthNSAML20Principal set in Subject is null or
> empty.</faultstring><faultactor>DefaultRole</faultactor><detail><tibco:myFaultDetail
> xmlns:tibco="http://tibcouri/
> ">com.tibco.amf.spline.api.context.SplineMessagingException: Authentication
> Failed. AuthNSAML20Principal set in Subject is null or empty.
>
> </tibco:myFaultDetail></detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>
>
> --------------------------------------
>
> 2013-10-15 10:52:41,915 - ERROR - localhost-startStop-1 (
> WorkListServiceImpl4.java:81) - Error while getting worklistItems for
> WorkListItemQuery [username=tibco-admin, userGUID=tibco-admin, start=0,
> numberOfItems=10, filter=null, order=null]
>
> javax.xml.ws.soap.SOAPFaultException: Authentication Failed.
> AuthNSAML20Principal set in Subject is null or empty.
>
> at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:156)
>
> at com.sun.proxy.$Proxy57.getWorkListItems(Unknown Source)
>
>
>
>
>
>
>
>
>
> On Tue, Oct 15, 2013 at 11:04 AM, Colm O hEigeartaigh
> <co...@apache.org>wrote:
>
>> If you have a WS-SecurityPolicy in operation, it will take care of adding
>> the correct headers, once you supply it with the correct information
>> (username, password, etc.). Please take a look at the ws-security-examples
>> systests to see how it all works.
>>
>> Colm.
>>
>>
>> On Mon, Oct 14, 2013 at 10:27 PM, Thomas Manson <
>> dev.mansonthomas@gmail.com> wrote:
>>
>>> Hi Colm,
>>>
>>> I will resume work on this subject tomorrow.
>>>
>>> So I'm in a situation where there's no soap header setted, and the
>>> spring configuraiton seems to be ignored (which would be quite logical as
>>> we don't use it in the java code, just rebuiling all ourselves.)
>>>
>>> So how can I make sure the soap header is setted in my request? How can I
>>> set the authentication type (username/password plain) ?
>>>
>>> Thanks,
>>> Thomas.
>>>
>>>
>>> On Mon, Oct 7, 2013 at 11:23 AM, Thomas Manson <
>>> dev.mansonthomas@gmail.com> wrote:
>>>
>>>> Hi Colm,
>>>>
>>>> If I remove the <jaxws:client element, it still work as before, so I
>>>> guess this client xml declaration is not taken into account as we're just
>>>> programmatically re-doing what the spring configuration does...
>>>>
>>>> As I stated earlier, I'm already in a spring context (J2EE Spring MVC
>>>> application), that's why I don't understand the BusFactory need to be given
>>>> the spring xml file.
>>>>
>>>> I've understood that while seeing that the endpoint was not taken into
>>>> account (thanks to my Virtual machine that changes of IP each time I resume
>>>> my mac).
>>>>
>>>> So I'll focus to make it work programmatically first, then figure out
>>>> how to use the spring XML configurations files and finally try to use my
>>>> own generated WS Client instead of generating it on the fly.
>>>>
>>>>
>>>> For now, I'm still blocked on enabling a security policy on the client
>>>> side programmatically.
>>>> For instance, my password callback handler is not taken into account,
>>>> as it's not called at all.
>>>>
>>>> (the method public void handle(Callback[] callbacks) throwsIOException, UnsupportedCallbackException is not called)
>>>>
>>>>
>>>> I programmatically specify it as follow (full code at the end of the
>>>> mail):
>>>>
>>>> *this*.workListService = service.getPort(portQName, WorkListService.*
>>>> class*);
>>>>
>>>> ((BindingProvider)*this*.workListService
>>>> ).getRequestContext().put(BindingProvider.*ENDPOINT_ADDRESS_PROPERTY*, "
>>>> http://192.168.2.213:8080/amxbpm/WorkListService");
>>>>
>>>> //I've also tryed by just specificying a class name, but don't work
>>>> either.
>>>>
>>>> PasswordCallbackHandler passwordCallbackHandler = *new*PasswordCallbackHandler(
>>>> "secret");
>>>> ((BindingProvider)*this*.workListService
>>>> ).getRequestContext().put(SecurityConstants.*CALLBACK_HANDLER*,
>>>> passwordCallbackHandler);
>>>>
>>>>
>>>>
>>>>
>>>> In the CXF samples, it's done like this:
>>>>
>>>> <jaxws:client name=*"{
>>>> http://www.example.org/contract/DoubleIt}DoubleItPlaintextPrincipalPort"
>>>> *
>>>> createdFromAPI=*"true"*>
>>>> <jaxws:properties>
>>>> <entry key=*"ws-security.callback-handler"
>>>> *
>>>> value=*
>>>> "org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback"*/>
>>>> </jaxws:properties>
>>>> </jaxws:client>
>>>>
>>>>
>>>> So I wonder what I miss...
>>>>
>>>> Thomas.
>>>>
>>>>
>>>> package com.mansonthomas.amxbpm.customwebapp.services.amxbpm;
>>>>
>>>> import java.net.URL;
>>>> import java.util.ArrayList;
>>>> import java.util.List;
>>>>
>>>> import javax.xml.namespace.QName;
>>>> import javax.xml.transform.Source;
>>>> import javax.xml.ws.BindingProvider;
>>>> import javax.xml.ws.EndpointReference;
>>>> import javax.xml.ws.Service;
>>>> import javax.xml.ws.WebServiceFeature;
>>>> import javax.xml.ws.wsaddressing.W3CEndpointReference;
>>>> import javax.xml.ws.wsaddressing.W3CEndpointReferenceBuilder;
>>>>
>>>> import org.apache.commons.logging.Log;
>>>> import org.apache.commons.logging.LogFactory;
>>>> import org.apache.cxf.Bus;
>>>> import org.apache.cxf.bus.spring.SpringBusFactory;
>>>> import org.apache.cxf.endpoint.Client;
>>>> import org.apache.cxf.ws.security.SecurityConstants;
>>>> import org.springframework.beans.factory.InitializingBean;
>>>>
>>>> import com.mansonthomas.amxbpm.customwebapp.model.WorkItemFwk;
>>>> import com.mansonthomas.amxbpm.customwebapp.model.WorkListItemQuery;
>>>> import
>>>> com.mansonthomas.amxbpm.customwebapp.services.amxbpm.context.ContextService;
>>>> import
>>>> com.mansonthomas.amxbpm.customwebapp.services.amxbpm.mapper.WorkItemMapper;
>>>> import
>>>> com.mansonthomas.amxbpm.customwebapp.services.amxbpm.security.PasswordCallbackHandler;
>>>> import com.tibco.n2.brm.api.GetWorkListItems;
>>>> import com.tibco.n2.brm.api.GetWorkListItemsResponse;
>>>> import com.tibco.n2.brm.api.OrderFilterCriteria;
>>>> import com.tibco.n2.brm.api.WorkItem;
>>>> import com.tibco.n2.brm.services.WorkListService;
>>>> import com.tibco.n2.common.organisation.api.OrganisationalEntityType;
>>>> import com.tibco.n2.common.organisation.api.XmlModelEntityId;
>>>>
>>>> public class WorkListServiceImpl2 implements WorkListFwkService,
>>>> InitializingBean
>>>> {
>>>>
>>>> private static final Log logger =
>>>> LogFactory.getLog(WorkListServiceImpl2.class);
>>>>
>>>>
>>>>
>>>> private WorkListService workListService = null;
>>>> private ContextService contextService = null;
>>>>
>>>> public WorkListServiceImpl2( ContextService contextService) throws
>>>> Exception
>>>> {
>>>> this.contextService = contextService;
>>>>
>>>> SpringBusFactory bf = new SpringBusFactory();
>>>> URL busFile =
>>>> this.contextService.getResource("/WEB-INF/spring/webservices2.xml");
>>>>
>>>> Bus bus = bf.createBus(busFile.toString());
>>>> SpringBusFactory.setDefaultBus(bus);
>>>> SpringBusFactory.setThreadDefaultBus(bus);
>>>>
>>>> URL wsdl =
>>>> this.contextService.getResource("/wsdl/brm.wsdl");
>>>>
>>>> Service service = Service.create(wsdl, new QName("
>>>> http://services.brm.n2.tibco.com","WorkListService"));
>>>>
>>>> QName portQName = new QName("http://services.brm.n2.tibco.com",
>>>> "WorkListService_EP");
>>>>
>>>> this.workListService = service.getPort(portQName,
>>>> WorkListService.class);
>>>>
>>>>
>>>> ((BindingProvider)this.workListService).getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
>>>> "http://192.168.2.213:8080/amxbpm/WorkListService");
>>>>
>>>> PasswordCallbackHandler passwordCallbackHandler = new
>>>> PasswordCallbackHandler("secret");
>>>>
>>>>
>>>> ((BindingProvider)this.workListService).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER,
>>>> passwordCallbackHandler);
>>>>
>>>>
>>>> }
>>>>
>>>> public List<WorkItemFwk> getWorkListItems(String username,
>>>> WorkListItemQuery workListItemQuery)
>>>> {
>>>> XmlModelEntityId entityId = new XmlModelEntityId();
>>>> entityId.setGuid(workListItemQuery.getUserGUID());
>>>> entityId.setEntityType(OrganisationalEntityType.RESOURCE);
>>>> entityId.setModelVersion(-1);
>>>>
>>>> GetWorkListItems getWorkListItems = new GetWorkListItems();
>>>>
>>>> getWorkListItems.setGetTotalCount (true);
>>>> getWorkListItems.setEntityID (entityId);
>>>> getWorkListItems.setStartPosition
>>>> (workListItemQuery.getStart());
>>>> getWorkListItems.setNumberOfItems
>>>> (workListItemQuery.getNumberOfItems());
>>>> getWorkListItems.setOrderFilterCriteria (new OrderFilterCriteria());
>>>>
>>>> GetWorkListItemsResponse getWorkListItemsResponse = null;
>>>>
>>>> try
>>>> {
>>>>
>>>> ((BindingProvider)this.workListService).getRequestContext().put("thread.local.request.context",
>>>> "true");
>>>>
>>>> ((BindingProvider)this.workListService).getRequestContext().put(SecurityConstants.USERNAME,
>>>> username);
>>>>
>>>> getWorkListItemsResponse =
>>>> this.workListService.getWorkListItems(getWorkListItems);
>>>> }
>>>> catch(Exception e)
>>>> {
>>>> logger.error("Error while getting worklistItems for
>>>> "+workListItemQuery.toString(),e);
>>>> }
>>>>
>>>>
>>>>
>>>> if(getWorkListItemsResponse == null)
>>>> {
>>>> logger.error("recieve a null response while getting worklistItems
>>>> for "+workListItemQuery.toString());
>>>> return new ArrayList<WorkItemFwk>(0);
>>>> }
>>>>
>>>> List<WorkItem> workitems =
>>>> getWorkListItemsResponse.getWorkItems();
>>>> List<WorkItemFwk> workListItemFwk = new
>>>> ArrayList<WorkItemFwk>(workitems.size());
>>>>
>>>>
>>>> int i = 0;
>>>> for (WorkItem workItem : workitems)
>>>> {
>>>> workListItemFwk.add(WorkItemMapper.map(workItem, i++));
>>>> }
>>>> return workListItemFwk;
>>>> }
>>>>
>>>> @Override
>>>> public void afterPropertiesSet() throws Exception
>>>> {
>>>>
>>>> WorkListItemQuery workListItemQuery = new WorkListItemQuery();
>>>>
>>>> workListItemQuery.setStart(0l);
>>>> workListItemQuery.setNumberOfItems(10l);
>>>> workListItemQuery.setUsername("tibco-admin");
>>>> workListItemQuery.setUserGUID("tibco-admin");
>>>>
>>>> this.getWorkListItems("tibc-admin", workListItemQuery);
>>>>
>>>> }
>>>>
>>>> }
>>>>
>>>>
>>>>
>>>>
>>>
>>
>>
>> --
>> Colm O hEigeartaigh
>>
>> Talend Community Coder
>> http://coders.talend.com
>>
--
Daniel Kulp
dkulp@apache.org - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com
Re: CXF client - how to dynamically set user/password at runtime
Posted by Thomas Manson <de...@gmail.com>.
Colm,
honestly i'm really getting mad and sick of this security stuff.
I'm blocked on this for sooo long now and don't work on the actual stuff I
should do.
I was pushing CXF as I did had good experience on it before, but I'm now
considering to move to something else... I really need to get the thing
done, anyhow.
>If you have a WS-SecurityPolicy in operation
I don't understand this.
if you mean that the wsdl should contain some stuff, I don't think so,
maybe beacuse it allow username token, SAML (sendervoucher) and X509 and
that all samples I've tried do not work.
the only actual code that did send the SOAP header is
this code :
###############################################################################################
JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
factory.setServiceClass(WorkListService.class);
factory.setAddress(this.endpoint);
//
factory.setWsdlLocation("D:/ARTIC/SOURCE/artic/trunk/webapp/src/main/webapp/WSDL/brm.wsdl");
factory.setServiceName(new QName("http://services.brm.n2.tibco.com",
"WorkListService"));
this.workListService = (WorkListService) factory.create();
Client client = ClientProxy.getClient(this.workListService);
Map<String, Object> properties = new HashMap<String, Object>();
properties.put(WSHandlerConstants.ACTION , WSHandlerConstants.
USERNAME_TOKEN);
properties.put(WSHandlerConstants.USER , this.username);
properties.put(WSHandlerConstants.PASSWORD_TYPE , WSConstants.PW_TEXT
);// "PasswordDigest"
properties.put(WSHandlerConstants.PW_CALLBACK_REF ,
newPasswordCallbackHandler(
"secret"));
client.getOutInterceptors().add(new WSS4JOutInterceptor(properties));
HTTPConduit conduit = (HTTPConduit) client.getConduit();
long timeoutMillis = this.timeout * 1000;
HTTPClientPolicy policy = new HTTPClientPolicy();
policy.setConnectionTimeout(timeoutMillis);
policy.setReceiveTimeout(timeoutMillis);
conduit.setClient(policy);
###############################################################################################
I'm just trying to get the basic thing to work :
Configure the client with spring, inject it into another bean and use it
and even that do not work.
I'm just having the same spring code in all samples, I can't get why it
doesn't send the security headers.
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="
http://cxf.apache.org/jaxws"
xmlns:cxf="http://cxf.apache.org/core" xmlns:p="
http://cxf.apache.org/policy"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd
http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
">
<cxf:bus>
<cxf:features>
<p:policies />
<cxf:logging />
</cxf:features>
</cxf:bus>
<jaxws:client id="WorkListServiceProxyFactory"
name="{http://services.brm.n2.tibco.com}WorkListService_EP"
serviceClass="com.tibco.n2.brm.services.WorkListService" address="
http://192.168.2.213:8080/amxbpm/WorkListService">
<jaxws:properties>
<entry key="ws-security.username" value="tibco-admin" />
<entry key="ws-security.callback-handler"
value=
"com.mansonthomas.amxbpm.customwebapp.services.amxbpm.security.PasswordCallbackHandler"
/>
</jaxws:properties>
</jaxws:client>
</beans>
and no soap headers:
INFO: Creating Service {http://services.brm.n2.tibco.com}WorkListServiceService
from class com.tibco.n2.brm.services.WorkListService
oct. 15, 2013 10:52:41 AM
org.apache.cxf.services.WorkListServiceService.WorkListServicePort.WorkListService
INFO: Outbound Message
---------------------------
ID: 1
Address: http://192.168.2.213:8080/amxbpm/WorkListService
Encoding: UTF-8
Http-Method: POST
Content-Type: text/xml
Headers: {Accept=[*/*], SOAPAction=["getWorkListItems"]}
Payload: <soap:Envelope xmlns:soap="
http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><ns2:getWorkListItems
xmlns:ns2="http://api.brm.n2.tibco.com" xmlns:ns3="
http://exception.api.brm.n2.tibco.com" xmlns:ns4="
http://exception.api.common.n2.tibco.com" xmlns:ns5="
http://exception.api.de.n2.tibco.com" xmlns:ns6="
http://www.tibco.com/XPD/ScriptDescriptor/" startPosition="0"
numberOfItems="10" getTotalCount="true"><entityID entity-type="RESOURCE"
guid="tibco-admin"
model-version="-1"/><orderFilterCriteria/></ns2:getWorkListItems></soap:Body></soap:Envelope>
--------------------------------------
oct. 15, 2013 10:52:41 AM
org.apache.cxf.services.WorkListServiceService.WorkListServicePort.WorkListService
INFO: Inbound Message
----------------------------
ID: 1
Response-Code: 500
Encoding: UTF-8
Content-Type: text/xml; charset=utf-8
Headers: {Content-Length=[605], content-type=[text/xml; charset=utf-8],
Date=[Tue, 15 Oct 2013 14:50:18 GMT], Expires=[Thu, 01 Jan 1970 00:00:00
GMT], Set-Cookie=[JSESSIONID=eflukkvn7glfvw8s53n2228;Path=/amxbpm;HttpOnly]}
Payload: <?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode>SOAP-ENV:Server</faultcode><faultstring>Authentication
Failed. AuthNSAML20Principal set in Subject is null or
empty.</faultstring><faultactor>DefaultRole</faultactor><detail><tibco:myFaultDetail
xmlns:tibco="http://tibcouri/
">com.tibco.amf.spline.api.context.SplineMessagingException: Authentication
Failed. AuthNSAML20Principal set in Subject is null or empty.
</tibco:myFaultDetail></detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>
--------------------------------------
2013-10-15 10:52:41,915 - ERROR - localhost-startStop-1 (
WorkListServiceImpl4.java:81) - Error while getting worklistItems for
WorkListItemQuery [username=tibco-admin, userGUID=tibco-admin, start=0,
numberOfItems=10, filter=null, order=null]
javax.xml.ws.soap.SOAPFaultException: Authentication Failed.
AuthNSAML20Principal set in Subject is null or empty.
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:156)
at com.sun.proxy.$Proxy57.getWorkListItems(Unknown Source)
On Tue, Oct 15, 2013 at 11:04 AM, Colm O hEigeartaigh
<co...@apache.org>wrote:
> If you have a WS-SecurityPolicy in operation, it will take care of adding
> the correct headers, once you supply it with the correct information
> (username, password, etc.). Please take a look at the ws-security-examples
> systests to see how it all works.
>
> Colm.
>
>
> On Mon, Oct 14, 2013 at 10:27 PM, Thomas Manson <
> dev.mansonthomas@gmail.com> wrote:
>
>> Hi Colm,
>>
>> I will resume work on this subject tomorrow.
>>
>> So I'm in a situation where there's no soap header setted, and the
>> spring configuraiton seems to be ignored (which would be quite logical as
>> we don't use it in the java code, just rebuiling all ourselves.)
>>
>> So how can I make sure the soap header is setted in my request? How can I
>> set the authentication type (username/password plain) ?
>>
>> Thanks,
>> Thomas.
>>
>>
>> On Mon, Oct 7, 2013 at 11:23 AM, Thomas Manson <
>> dev.mansonthomas@gmail.com> wrote:
>>
>>> Hi Colm,
>>>
>>> If I remove the <jaxws:client element, it still work as before, so I
>>> guess this client xml declaration is not taken into account as we're just
>>> programmatically re-doing what the spring configuration does...
>>>
>>> As I stated earlier, I'm already in a spring context (J2EE Spring MVC
>>> application), that's why I don't understand the BusFactory need to be given
>>> the spring xml file.
>>>
>>> I've understood that while seeing that the endpoint was not taken into
>>> account (thanks to my Virtual machine that changes of IP each time I resume
>>> my mac).
>>>
>>> So I'll focus to make it work programmatically first, then figure out
>>> how to use the spring XML configurations files and finally try to use my
>>> own generated WS Client instead of generating it on the fly.
>>>
>>>
>>> For now, I'm still blocked on enabling a security policy on the client
>>> side programmatically.
>>> For instance, my password callback handler is not taken into account,
>>> as it's not called at all.
>>>
>>> (the method public void handle(Callback[] callbacks) throwsIOException, UnsupportedCallbackException is not called)
>>>
>>>
>>> I programmatically specify it as follow (full code at the end of the
>>> mail):
>>>
>>> *this*.workListService = service.getPort(portQName, WorkListService.*
>>> class*);
>>>
>>> ((BindingProvider)*this*.workListService
>>> ).getRequestContext().put(BindingProvider.*ENDPOINT_ADDRESS_PROPERTY*, "
>>> http://192.168.2.213:8080/amxbpm/WorkListService");
>>>
>>> //I've also tryed by just specificying a class name, but don't work
>>> either.
>>>
>>> PasswordCallbackHandler passwordCallbackHandler = *new*PasswordCallbackHandler(
>>> "secret");
>>> ((BindingProvider)*this*.workListService
>>> ).getRequestContext().put(SecurityConstants.*CALLBACK_HANDLER*,
>>> passwordCallbackHandler);
>>>
>>>
>>>
>>>
>>> In the CXF samples, it's done like this:
>>>
>>> <jaxws:client name=*"{
>>> http://www.example.org/contract/DoubleIt}DoubleItPlaintextPrincipalPort"
>>> *
>>> createdFromAPI=*"true"*>
>>> <jaxws:properties>
>>> <entry key=*"ws-security.callback-handler"
>>> *
>>> value=*
>>> "org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback"*/>
>>> </jaxws:properties>
>>> </jaxws:client>
>>>
>>>
>>> So I wonder what I miss...
>>>
>>> Thomas.
>>>
>>>
>>> package com.mansonthomas.amxbpm.customwebapp.services.amxbpm;
>>>
>>> import java.net.URL;
>>> import java.util.ArrayList;
>>> import java.util.List;
>>>
>>> import javax.xml.namespace.QName;
>>> import javax.xml.transform.Source;
>>> import javax.xml.ws.BindingProvider;
>>> import javax.xml.ws.EndpointReference;
>>> import javax.xml.ws.Service;
>>> import javax.xml.ws.WebServiceFeature;
>>> import javax.xml.ws.wsaddressing.W3CEndpointReference;
>>> import javax.xml.ws.wsaddressing.W3CEndpointReferenceBuilder;
>>>
>>> import org.apache.commons.logging.Log;
>>> import org.apache.commons.logging.LogFactory;
>>> import org.apache.cxf.Bus;
>>> import org.apache.cxf.bus.spring.SpringBusFactory;
>>> import org.apache.cxf.endpoint.Client;
>>> import org.apache.cxf.ws.security.SecurityConstants;
>>> import org.springframework.beans.factory.InitializingBean;
>>>
>>> import com.mansonthomas.amxbpm.customwebapp.model.WorkItemFwk;
>>> import com.mansonthomas.amxbpm.customwebapp.model.WorkListItemQuery;
>>> import
>>> com.mansonthomas.amxbpm.customwebapp.services.amxbpm.context.ContextService;
>>> import
>>> com.mansonthomas.amxbpm.customwebapp.services.amxbpm.mapper.WorkItemMapper;
>>> import
>>> com.mansonthomas.amxbpm.customwebapp.services.amxbpm.security.PasswordCallbackHandler;
>>> import com.tibco.n2.brm.api.GetWorkListItems;
>>> import com.tibco.n2.brm.api.GetWorkListItemsResponse;
>>> import com.tibco.n2.brm.api.OrderFilterCriteria;
>>> import com.tibco.n2.brm.api.WorkItem;
>>> import com.tibco.n2.brm.services.WorkListService;
>>> import com.tibco.n2.common.organisation.api.OrganisationalEntityType;
>>> import com.tibco.n2.common.organisation.api.XmlModelEntityId;
>>>
>>> public class WorkListServiceImpl2 implements WorkListFwkService,
>>> InitializingBean
>>> {
>>>
>>> private static final Log logger =
>>> LogFactory.getLog(WorkListServiceImpl2.class);
>>>
>>>
>>>
>>> private WorkListService workListService = null;
>>> private ContextService contextService = null;
>>>
>>> public WorkListServiceImpl2( ContextService contextService) throws
>>> Exception
>>> {
>>> this.contextService = contextService;
>>>
>>> SpringBusFactory bf = new SpringBusFactory();
>>> URL busFile =
>>> this.contextService.getResource("/WEB-INF/spring/webservices2.xml");
>>>
>>> Bus bus = bf.createBus(busFile.toString());
>>> SpringBusFactory.setDefaultBus(bus);
>>> SpringBusFactory.setThreadDefaultBus(bus);
>>>
>>> URL wsdl =
>>> this.contextService.getResource("/wsdl/brm.wsdl");
>>>
>>> Service service = Service.create(wsdl, new QName("
>>> http://services.brm.n2.tibco.com","WorkListService"));
>>>
>>> QName portQName = new QName("http://services.brm.n2.tibco.com",
>>> "WorkListService_EP");
>>>
>>> this.workListService = service.getPort(portQName,
>>> WorkListService.class);
>>>
>>>
>>> ((BindingProvider)this.workListService).getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
>>> "http://192.168.2.213:8080/amxbpm/WorkListService");
>>>
>>> PasswordCallbackHandler passwordCallbackHandler = new
>>> PasswordCallbackHandler("secret");
>>>
>>>
>>> ((BindingProvider)this.workListService).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER,
>>> passwordCallbackHandler);
>>>
>>>
>>> }
>>>
>>> public List<WorkItemFwk> getWorkListItems(String username,
>>> WorkListItemQuery workListItemQuery)
>>> {
>>> XmlModelEntityId entityId = new XmlModelEntityId();
>>> entityId.setGuid(workListItemQuery.getUserGUID());
>>> entityId.setEntityType(OrganisationalEntityType.RESOURCE);
>>> entityId.setModelVersion(-1);
>>>
>>> GetWorkListItems getWorkListItems = new GetWorkListItems();
>>>
>>> getWorkListItems.setGetTotalCount (true);
>>> getWorkListItems.setEntityID (entityId);
>>> getWorkListItems.setStartPosition
>>> (workListItemQuery.getStart());
>>> getWorkListItems.setNumberOfItems
>>> (workListItemQuery.getNumberOfItems());
>>> getWorkListItems.setOrderFilterCriteria (new OrderFilterCriteria());
>>>
>>> GetWorkListItemsResponse getWorkListItemsResponse = null;
>>>
>>> try
>>> {
>>>
>>> ((BindingProvider)this.workListService).getRequestContext().put("thread.local.request.context",
>>> "true");
>>>
>>> ((BindingProvider)this.workListService).getRequestContext().put(SecurityConstants.USERNAME,
>>> username);
>>>
>>> getWorkListItemsResponse =
>>> this.workListService.getWorkListItems(getWorkListItems);
>>> }
>>> catch(Exception e)
>>> {
>>> logger.error("Error while getting worklistItems for
>>> "+workListItemQuery.toString(),e);
>>> }
>>>
>>>
>>>
>>> if(getWorkListItemsResponse == null)
>>> {
>>> logger.error("recieve a null response while getting worklistItems
>>> for "+workListItemQuery.toString());
>>> return new ArrayList<WorkItemFwk>(0);
>>> }
>>>
>>> List<WorkItem> workitems =
>>> getWorkListItemsResponse.getWorkItems();
>>> List<WorkItemFwk> workListItemFwk = new
>>> ArrayList<WorkItemFwk>(workitems.size());
>>>
>>>
>>> int i = 0;
>>> for (WorkItem workItem : workitems)
>>> {
>>> workListItemFwk.add(WorkItemMapper.map(workItem, i++));
>>> }
>>> return workListItemFwk;
>>> }
>>>
>>> @Override
>>> public void afterPropertiesSet() throws Exception
>>> {
>>>
>>> WorkListItemQuery workListItemQuery = new WorkListItemQuery();
>>>
>>> workListItemQuery.setStart(0l);
>>> workListItemQuery.setNumberOfItems(10l);
>>> workListItemQuery.setUsername("tibco-admin");
>>> workListItemQuery.setUserGUID("tibco-admin");
>>>
>>> this.getWorkListItems("tibc-admin", workListItemQuery);
>>>
>>> }
>>>
>>> }
>>>
>>>
>>>
>>>
>>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
Re: CXF client - how to dynamically set user/password at runtime
Posted by Colm O hEigeartaigh <co...@apache.org>.
If you have a WS-SecurityPolicy in operation, it will take care of adding
the correct headers, once you supply it with the correct information
(username, password, etc.). Please take a look at the ws-security-examples
systests to see how it all works.
Colm.
On Mon, Oct 14, 2013 at 10:27 PM, Thomas Manson
<de...@gmail.com>wrote:
> Hi Colm,
>
> I will resume work on this subject tomorrow.
>
> So I'm in a situation where there's no soap header setted, and the spring
> configuraiton seems to be ignored (which would be quite logical as we don't
> use it in the java code, just rebuiling all ourselves.)
>
> So how can I make sure the soap header is setted in my request? How can I
> set the authentication type (username/password plain) ?
>
> Thanks,
> Thomas.
>
>
> On Mon, Oct 7, 2013 at 11:23 AM, Thomas Manson <dev.mansonthomas@gmail.com
> > wrote:
>
>> Hi Colm,
>>
>> If I remove the <jaxws:client element, it still work as before, so I
>> guess this client xml declaration is not taken into account as we're just
>> programmatically re-doing what the spring configuration does...
>>
>> As I stated earlier, I'm already in a spring context (J2EE Spring MVC
>> application), that's why I don't understand the BusFactory need to be given
>> the spring xml file.
>>
>> I've understood that while seeing that the endpoint was not taken into
>> account (thanks to my Virtual machine that changes of IP each time I resume
>> my mac).
>>
>> So I'll focus to make it work programmatically first, then figure out
>> how to use the spring XML configurations files and finally try to use my
>> own generated WS Client instead of generating it on the fly.
>>
>>
>> For now, I'm still blocked on enabling a security policy on the client
>> side programmatically.
>> For instance, my password callback handler is not taken into account, as
>> it's not called at all.
>>
>> (the method public void handle(Callback[] callbacks) throwsIOException, UnsupportedCallbackException is not called)
>>
>>
>> I programmatically specify it as follow (full code at the end of the
>> mail):
>>
>> *this*.workListService = service.getPort(portQName, WorkListService.*
>> class*);
>>
>> ((BindingProvider)*this*.workListService
>> ).getRequestContext().put(BindingProvider.*ENDPOINT_ADDRESS_PROPERTY*, "
>> http://192.168.2.213:8080/amxbpm/WorkListService");
>>
>> //I've also tryed by just specificying a class name, but don't work
>> either.
>>
>> PasswordCallbackHandler passwordCallbackHandler = *new*PasswordCallbackHandler(
>> "secret");
>> ((BindingProvider)*this*.workListService
>> ).getRequestContext().put(SecurityConstants.*CALLBACK_HANDLER*,
>> passwordCallbackHandler);
>>
>>
>>
>>
>> In the CXF samples, it's done like this:
>>
>> <jaxws:client name=*"{
>> http://www.example.org/contract/DoubleIt}DoubleItPlaintextPrincipalPort"
>> *
>> createdFromAPI=*"true"*>
>> <jaxws:properties>
>> <entry key=*"ws-security.callback-handler"
>> *
>> value=*
>> "org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback"*/>
>> </jaxws:properties>
>> </jaxws:client>
>>
>>
>> So I wonder what I miss...
>>
>> Thomas.
>>
>>
>> package com.mansonthomas.amxbpm.customwebapp.services.amxbpm;
>>
>> import java.net.URL;
>> import java.util.ArrayList;
>> import java.util.List;
>>
>> import javax.xml.namespace.QName;
>> import javax.xml.transform.Source;
>> import javax.xml.ws.BindingProvider;
>> import javax.xml.ws.EndpointReference;
>> import javax.xml.ws.Service;
>> import javax.xml.ws.WebServiceFeature;
>> import javax.xml.ws.wsaddressing.W3CEndpointReference;
>> import javax.xml.ws.wsaddressing.W3CEndpointReferenceBuilder;
>>
>> import org.apache.commons.logging.Log;
>> import org.apache.commons.logging.LogFactory;
>> import org.apache.cxf.Bus;
>> import org.apache.cxf.bus.spring.SpringBusFactory;
>> import org.apache.cxf.endpoint.Client;
>> import org.apache.cxf.ws.security.SecurityConstants;
>> import org.springframework.beans.factory.InitializingBean;
>>
>> import com.mansonthomas.amxbpm.customwebapp.model.WorkItemFwk;
>> import com.mansonthomas.amxbpm.customwebapp.model.WorkListItemQuery;
>> import
>> com.mansonthomas.amxbpm.customwebapp.services.amxbpm.context.ContextService;
>> import
>> com.mansonthomas.amxbpm.customwebapp.services.amxbpm.mapper.WorkItemMapper;
>> import
>> com.mansonthomas.amxbpm.customwebapp.services.amxbpm.security.PasswordCallbackHandler;
>> import com.tibco.n2.brm.api.GetWorkListItems;
>> import com.tibco.n2.brm.api.GetWorkListItemsResponse;
>> import com.tibco.n2.brm.api.OrderFilterCriteria;
>> import com.tibco.n2.brm.api.WorkItem;
>> import com.tibco.n2.brm.services.WorkListService;
>> import com.tibco.n2.common.organisation.api.OrganisationalEntityType;
>> import com.tibco.n2.common.organisation.api.XmlModelEntityId;
>>
>> public class WorkListServiceImpl2 implements WorkListFwkService,
>> InitializingBean
>> {
>>
>> private static final Log logger =
>> LogFactory.getLog(WorkListServiceImpl2.class);
>>
>>
>>
>> private WorkListService workListService = null;
>> private ContextService contextService = null;
>>
>> public WorkListServiceImpl2( ContextService contextService) throws
>> Exception
>> {
>> this.contextService = contextService;
>>
>> SpringBusFactory bf = new SpringBusFactory();
>> URL busFile =
>> this.contextService.getResource("/WEB-INF/spring/webservices2.xml");
>>
>> Bus bus = bf.createBus(busFile.toString());
>> SpringBusFactory.setDefaultBus(bus);
>> SpringBusFactory.setThreadDefaultBus(bus);
>>
>> URL wsdl =
>> this.contextService.getResource("/wsdl/brm.wsdl");
>>
>> Service service = Service.create(wsdl, new QName("
>> http://services.brm.n2.tibco.com","WorkListService"));
>>
>> QName portQName = new QName("http://services.brm.n2.tibco.com",
>> "WorkListService_EP");
>>
>> this.workListService = service.getPort(portQName,
>> WorkListService.class);
>>
>>
>> ((BindingProvider)this.workListService).getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
>> "http://192.168.2.213:8080/amxbpm/WorkListService");
>>
>> PasswordCallbackHandler passwordCallbackHandler = new
>> PasswordCallbackHandler("secret");
>>
>>
>> ((BindingProvider)this.workListService).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER,
>> passwordCallbackHandler);
>>
>>
>> }
>>
>> public List<WorkItemFwk> getWorkListItems(String username,
>> WorkListItemQuery workListItemQuery)
>> {
>> XmlModelEntityId entityId = new XmlModelEntityId();
>> entityId.setGuid(workListItemQuery.getUserGUID());
>> entityId.setEntityType(OrganisationalEntityType.RESOURCE);
>> entityId.setModelVersion(-1);
>>
>> GetWorkListItems getWorkListItems = new GetWorkListItems();
>>
>> getWorkListItems.setGetTotalCount (true);
>> getWorkListItems.setEntityID (entityId);
>> getWorkListItems.setStartPosition
>> (workListItemQuery.getStart());
>> getWorkListItems.setNumberOfItems
>> (workListItemQuery.getNumberOfItems());
>> getWorkListItems.setOrderFilterCriteria (new OrderFilterCriteria());
>>
>> GetWorkListItemsResponse getWorkListItemsResponse = null;
>>
>> try
>> {
>>
>> ((BindingProvider)this.workListService).getRequestContext().put("thread.local.request.context",
>> "true");
>>
>> ((BindingProvider)this.workListService).getRequestContext().put(SecurityConstants.USERNAME,
>> username);
>>
>> getWorkListItemsResponse =
>> this.workListService.getWorkListItems(getWorkListItems);
>> }
>> catch(Exception e)
>> {
>> logger.error("Error while getting worklistItems for
>> "+workListItemQuery.toString(),e);
>> }
>>
>>
>>
>> if(getWorkListItemsResponse == null)
>> {
>> logger.error("recieve a null response while getting worklistItems
>> for "+workListItemQuery.toString());
>> return new ArrayList<WorkItemFwk>(0);
>> }
>>
>> List<WorkItem> workitems =
>> getWorkListItemsResponse.getWorkItems();
>> List<WorkItemFwk> workListItemFwk = new
>> ArrayList<WorkItemFwk>(workitems.size());
>>
>>
>> int i = 0;
>> for (WorkItem workItem : workitems)
>> {
>> workListItemFwk.add(WorkItemMapper.map(workItem, i++));
>> }
>> return workListItemFwk;
>> }
>>
>> @Override
>> public void afterPropertiesSet() throws Exception
>> {
>>
>> WorkListItemQuery workListItemQuery = new WorkListItemQuery();
>>
>> workListItemQuery.setStart(0l);
>> workListItemQuery.setNumberOfItems(10l);
>> workListItemQuery.setUsername("tibco-admin");
>> workListItemQuery.setUserGUID("tibco-admin");
>>
>> this.getWorkListItems("tibc-admin", workListItemQuery);
>>
>> }
>>
>> }
>>
>>
>>
>>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: CXF client - how to dynamically set user/password at runtime
Posted by Thomas Manson <de...@gmail.com>.
Hi Colm,
I will resume work on this subject tomorrow.
So I'm in a situation where there's no soap header setted, and the spring
configuraiton seems to be ignored (which would be quite logical as we don't
use it in the java code, just rebuiling all ourselves.)
So how can I make sure the soap header is setted in my request? How can I
set the authentication type (username/password plain) ?
Thanks,
Thomas.
On Mon, Oct 7, 2013 at 11:23 AM, Thomas Manson
<de...@gmail.com>wrote:
> Hi Colm,
>
> If I remove the <jaxws:client element, it still work as before, so I
> guess this client xml declaration is not taken into account as we're just
> programmatically re-doing what the spring configuration does...
>
> As I stated earlier, I'm already in a spring context (J2EE Spring MVC
> application), that's why I don't understand the BusFactory need to be given
> the spring xml file.
>
> I've understood that while seeing that the endpoint was not taken into
> account (thanks to my Virtual machine that changes of IP each time I resume
> my mac).
>
> So I'll focus to make it work programmatically first, then figure out how
> to use the spring XML configurations files and finally try to use my own
> generated WS Client instead of generating it on the fly.
>
>
> For now, I'm still blocked on enabling a security policy on the client
> side programmatically.
> For instance, my password callback handler is not taken into account, as
> it's not called at all.
>
> (the method public void handle(Callback[] callbacks) throws IOException,
> UnsupportedCallbackException is not called)
>
>
> I programmatically specify it as follow (full code at the end of the
> mail):
>
> *this*.workListService = service.getPort(portQName, WorkListService.*class
> *);
>
> ((BindingProvider)*this*.workListService
> ).getRequestContext().put(BindingProvider.*ENDPOINT_ADDRESS_PROPERTY*, "
> http://192.168.2.213:8080/amxbpm/WorkListService");
>
> //I've also tryed by just specificying a class name, but don't work either.
>
> PasswordCallbackHandler passwordCallbackHandler = *new*PasswordCallbackHandler(
> "secret");
> ((BindingProvider)*this*.workListService
> ).getRequestContext().put(SecurityConstants.*CALLBACK_HANDLER*,
> passwordCallbackHandler);
>
>
>
>
> In the CXF samples, it's done like this:
>
> <jaxws:client name=*"{
> http://www.example.org/contract/DoubleIt}DoubleItPlaintextPrincipalPort"
> *
> createdFromAPI=*"true"*>
> <jaxws:properties>
> <entry key=*"ws-security.callback-handler"
> *
> value=*
> "org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback"*/>
> </jaxws:properties>
> </jaxws:client>
>
>
> So I wonder what I miss...
>
> Thomas.
>
>
> package com.mansonthomas.amxbpm.customwebapp.services.amxbpm;
>
> import java.net.URL;
> import java.util.ArrayList;
> import java.util.List;
>
> import javax.xml.namespace.QName;
> import javax.xml.transform.Source;
> import javax.xml.ws.BindingProvider;
> import javax.xml.ws.EndpointReference;
> import javax.xml.ws.Service;
> import javax.xml.ws.WebServiceFeature;
> import javax.xml.ws.wsaddressing.W3CEndpointReference;
> import javax.xml.ws.wsaddressing.W3CEndpointReferenceBuilder;
>
> import org.apache.commons.logging.Log;
> import org.apache.commons.logging.LogFactory;
> import org.apache.cxf.Bus;
> import org.apache.cxf.bus.spring.SpringBusFactory;
> import org.apache.cxf.endpoint.Client;
> import org.apache.cxf.ws.security.SecurityConstants;
> import org.springframework.beans.factory.InitializingBean;
>
> import com.mansonthomas.amxbpm.customwebapp.model.WorkItemFwk;
> import com.mansonthomas.amxbpm.customwebapp.model.WorkListItemQuery;
> import
> com.mansonthomas.amxbpm.customwebapp.services.amxbpm.context.ContextService;
> import
> com.mansonthomas.amxbpm.customwebapp.services.amxbpm.mapper.WorkItemMapper;
> import
> com.mansonthomas.amxbpm.customwebapp.services.amxbpm.security.PasswordCallbackHandler;
> import com.tibco.n2.brm.api.GetWorkListItems;
> import com.tibco.n2.brm.api.GetWorkListItemsResponse;
> import com.tibco.n2.brm.api.OrderFilterCriteria;
> import com.tibco.n2.brm.api.WorkItem;
> import com.tibco.n2.brm.services.WorkListService;
> import com.tibco.n2.common.organisation.api.OrganisationalEntityType;
> import com.tibco.n2.common.organisation.api.XmlModelEntityId;
>
> public class WorkListServiceImpl2 implements WorkListFwkService,
> InitializingBean
> {
>
> private static final Log logger =
> LogFactory.getLog(WorkListServiceImpl2.class);
>
>
>
> private WorkListService workListService = null;
> private ContextService contextService = null;
>
> public WorkListServiceImpl2( ContextService contextService) throws
> Exception
> {
> this.contextService = contextService;
>
> SpringBusFactory bf = new SpringBusFactory();
> URL busFile =
> this.contextService.getResource("/WEB-INF/spring/webservices2.xml");
>
> Bus bus = bf.createBus(busFile.toString());
> SpringBusFactory.setDefaultBus(bus);
> SpringBusFactory.setThreadDefaultBus(bus);
>
> URL wsdl = this.contextService.getResource("/wsdl/brm.wsdl");
>
>
> Service service = Service.create(wsdl, new QName("
> http://services.brm.n2.tibco.com","WorkListService"));
>
> QName portQName = new QName("http://services.brm.n2.tibco.com",
> "WorkListService_EP");
>
> this.workListService = service.getPort(portQName,
> WorkListService.class);
>
>
> ((BindingProvider)this.workListService).getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
> "http://192.168.2.213:8080/amxbpm/WorkListService");
>
> PasswordCallbackHandler passwordCallbackHandler = new
> PasswordCallbackHandler("secret");
>
>
> ((BindingProvider)this.workListService).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER,
> passwordCallbackHandler);
>
>
> }
>
> public List<WorkItemFwk> getWorkListItems(String username,
> WorkListItemQuery workListItemQuery)
> {
> XmlModelEntityId entityId = new XmlModelEntityId();
> entityId.setGuid(workListItemQuery.getUserGUID());
> entityId.setEntityType(OrganisationalEntityType.RESOURCE);
> entityId.setModelVersion(-1);
>
> GetWorkListItems getWorkListItems = new GetWorkListItems();
>
> getWorkListItems.setGetTotalCount (true);
> getWorkListItems.setEntityID (entityId);
> getWorkListItems.setStartPosition (workListItemQuery.getStart());
> getWorkListItems.setNumberOfItems
> (workListItemQuery.getNumberOfItems());
> getWorkListItems.setOrderFilterCriteria (new OrderFilterCriteria());
>
> GetWorkListItemsResponse getWorkListItemsResponse = null;
>
> try
> {
>
> ((BindingProvider)this.workListService).getRequestContext().put("thread.local.request.context",
> "true");
>
> ((BindingProvider)this.workListService).getRequestContext().put(SecurityConstants.USERNAME,
> username);
>
> getWorkListItemsResponse =
> this.workListService.getWorkListItems(getWorkListItems);
> }
> catch(Exception e)
> {
> logger.error("Error while getting worklistItems for
> "+workListItemQuery.toString(),e);
> }
>
>
>
> if(getWorkListItemsResponse == null)
> {
> logger.error("recieve a null response while getting worklistItems
> for "+workListItemQuery.toString());
> return new ArrayList<WorkItemFwk>(0);
> }
>
> List<WorkItem> workitems =
> getWorkListItemsResponse.getWorkItems();
> List<WorkItemFwk> workListItemFwk = new
> ArrayList<WorkItemFwk>(workitems.size());
>
>
> int i = 0;
> for (WorkItem workItem : workitems)
> {
> workListItemFwk.add(WorkItemMapper.map(workItem, i++));
> }
> return workListItemFwk;
> }
>
> @Override
> public void afterPropertiesSet() throws Exception
> {
>
> WorkListItemQuery workListItemQuery = new WorkListItemQuery();
>
> workListItemQuery.setStart(0l);
> workListItemQuery.setNumberOfItems(10l);
> workListItemQuery.setUsername("tibco-admin");
> workListItemQuery.setUserGUID("tibco-admin");
>
> this.getWorkListItems("tibc-admin", workListItemQuery);
>
> }
>
> }
>
>
>
>
Re: CXF client - how to dynamically set user/password at runtime
Posted by Thomas Manson <de...@gmail.com>.
Hi Colm,
If I remove the <jaxws:client element, it still work as before, so I
guess this client xml declaration is not taken into account as we're just
programmatically re-doing what the spring configuration does...
As I stated earlier, I'm already in a spring context (J2EE Spring MVC
application), that's why I don't understand the BusFactory need to be given
the spring xml file.
I've understood that while seeing that the endpoint was not taken into
account (thanks to my Virtual machine that changes of IP each time I resume
my mac).
So I'll focus to make it work programmatically first, then figure out how
to use the spring XML configurations files and finally try to use my own
generated WS Client instead of generating it on the fly.
For now, I'm still blocked on enabling a security policy on the client
side programmatically.
For instance, my password callback handler is not taken into account, as
it's not called at all.
(the method public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException is not called)
I programmatically specify it as follow (full code at the end of the
mail):
*this*.workListService = service.getPort(portQName, WorkListService.*class*
);
((BindingProvider)*this*.workListService
).getRequestContext().put(BindingProvider.*ENDPOINT_ADDRESS_PROPERTY*, "
http://192.168.2.213:8080/amxbpm/WorkListService");
//I've also tryed by just specificying a class name, but don't work either.
PasswordCallbackHandler passwordCallbackHandler = *new*PasswordCallbackHandler(
"secret");
((BindingProvider)*this*.workListService
).getRequestContext().put(SecurityConstants.*CALLBACK_HANDLER*,
passwordCallbackHandler);
In the CXF samples, it's done like this:
<jaxws:client name=*"{
http://www.example.org/contract/DoubleIt}DoubleItPlaintextPrincipalPort"
* createdFromAPI=*"true"*>
<jaxws:properties>
<entry key=*"ws-security.callback-handler"
* value=*
"org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback"*/>
</jaxws:properties>
</jaxws:client>
So I wonder what I miss...
Thomas.
package com.mansonthomas.amxbpm.customwebapp.services.amxbpm;
import java.net.URL;
import java.util.ArrayList;
import java.util.List;
import javax.xml.namespace.QName;
import javax.xml.transform.Source;
import javax.xml.ws.BindingProvider;
import javax.xml.ws.EndpointReference;
import javax.xml.ws.Service;
import javax.xml.ws.WebServiceFeature;
import javax.xml.ws.wsaddressing.W3CEndpointReference;
import javax.xml.ws.wsaddressing.W3CEndpointReferenceBuilder;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.Bus;
import org.apache.cxf.bus.spring.SpringBusFactory;
import org.apache.cxf.endpoint.Client;
import org.apache.cxf.ws.security.SecurityConstants;
import org.springframework.beans.factory.InitializingBean;
import com.mansonthomas.amxbpm.customwebapp.model.WorkItemFwk;
import com.mansonthomas.amxbpm.customwebapp.model.WorkListItemQuery;
import
com.mansonthomas.amxbpm.customwebapp.services.amxbpm.context.ContextService;
import
com.mansonthomas.amxbpm.customwebapp.services.amxbpm.mapper.WorkItemMapper;
import
com.mansonthomas.amxbpm.customwebapp.services.amxbpm.security.PasswordCallbackHandler;
import com.tibco.n2.brm.api.GetWorkListItems;
import com.tibco.n2.brm.api.GetWorkListItemsResponse;
import com.tibco.n2.brm.api.OrderFilterCriteria;
import com.tibco.n2.brm.api.WorkItem;
import com.tibco.n2.brm.services.WorkListService;
import com.tibco.n2.common.organisation.api.OrganisationalEntityType;
import com.tibco.n2.common.organisation.api.XmlModelEntityId;
public class WorkListServiceImpl2 implements WorkListFwkService,
InitializingBean
{
private static final Log logger =
LogFactory.getLog(WorkListServiceImpl2.class);
private WorkListService workListService = null;
private ContextService contextService = null;
public WorkListServiceImpl2( ContextService contextService) throws
Exception
{
this.contextService = contextService;
SpringBusFactory bf = new SpringBusFactory();
URL busFile =
this.contextService.getResource("/WEB-INF/spring/webservices2.xml");
Bus bus = bf.createBus(busFile.toString());
SpringBusFactory.setDefaultBus(bus);
SpringBusFactory.setThreadDefaultBus(bus);
URL wsdl = this.contextService.getResource("/wsdl/brm.wsdl");
Service service = Service.create(wsdl, new QName("
http://services.brm.n2.tibco.com","WorkListService"));
QName portQName = new QName("http://services.brm.n2.tibco.com",
"WorkListService_EP");
this.workListService = service.getPort(portQName,
WorkListService.class);
((BindingProvider)this.workListService).getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
"http://192.168.2.213:8080/amxbpm/WorkListService");
PasswordCallbackHandler passwordCallbackHandler = new
PasswordCallbackHandler("secret");
((BindingProvider)this.workListService).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER,
passwordCallbackHandler);
}
public List<WorkItemFwk> getWorkListItems(String username,
WorkListItemQuery workListItemQuery)
{
XmlModelEntityId entityId = new XmlModelEntityId();
entityId.setGuid(workListItemQuery.getUserGUID());
entityId.setEntityType(OrganisationalEntityType.RESOURCE);
entityId.setModelVersion(-1);
GetWorkListItems getWorkListItems = new GetWorkListItems();
getWorkListItems.setGetTotalCount (true);
getWorkListItems.setEntityID (entityId);
getWorkListItems.setStartPosition (workListItemQuery.getStart());
getWorkListItems.setNumberOfItems
(workListItemQuery.getNumberOfItems());
getWorkListItems.setOrderFilterCriteria (new OrderFilterCriteria());
GetWorkListItemsResponse getWorkListItemsResponse = null;
try
{
((BindingProvider)this.workListService).getRequestContext().put("thread.local.request.context",
"true");
((BindingProvider)this.workListService).getRequestContext().put(SecurityConstants.USERNAME,
username);
getWorkListItemsResponse =
this.workListService.getWorkListItems(getWorkListItems);
}
catch(Exception e)
{
logger.error("Error while getting worklistItems for
"+workListItemQuery.toString(),e);
}
if(getWorkListItemsResponse == null)
{
logger.error("recieve a null response while getting worklistItems for
"+workListItemQuery.toString());
return new ArrayList<WorkItemFwk>(0);
}
List<WorkItem> workitems =
getWorkListItemsResponse.getWorkItems();
List<WorkItemFwk> workListItemFwk = new
ArrayList<WorkItemFwk>(workitems.size());
int i = 0;
for (WorkItem workItem : workitems)
{
workListItemFwk.add(WorkItemMapper.map(workItem, i++));
}
return workListItemFwk;
}
@Override
public void afterPropertiesSet() throws Exception
{
WorkListItemQuery workListItemQuery = new WorkListItemQuery();
workListItemQuery.setStart(0l);
workListItemQuery.setNumberOfItems(10l);
workListItemQuery.setUsername("tibco-admin");
workListItemQuery.setUserGUID("tibco-admin");
this.getWorkListItems("tibc-admin", workListItemQuery);
}
}
Re: CXF client - how to dynamically set user/password at runtime
Posted by Thomas Manson <de...@gmail.com>.
Hi Colm,
I can't modify the WSDL, it's a product WSDL and modifying the WSDL will
make us loose support from the Editor.
So I guess it's all in client side that I must do something.
I did try to put in the client configuration :
<jaxws:properties>
<entry key="passwordType"
value="PasswordText" />
I've looked the constant values of :
properties.put(WSHandlerConstants.PASSWORD_TYPE , WSConstants.PW_TEXT
);// "PasswordDigest"
to do so, but with no luck.
any suggestion to correctly apply security policye ?
is something like the following a good direction? (I'll search tomorrow)
<jaxws:properties>
<entry key="ws-security.password"
value="com.mansonthomas.MyPasswordCallBackHandlerClass"/>
(or ref="MyPasswordCallBackHandlerBean"/>
Thanks,
Thomas.
On Thu, Oct 3, 2013 at 10:29 AM, Colm O hEigeartaigh <co...@apache.org>wrote:
>
> The configuration looks ok, but it looks like there is no security policy,
> and hence no security header is added to the request? There needs to be
> either a security policy specified in the WSDL, or alternatively you can
> reference one in your jaxws:client configuration. If you need UsernameToken
> I suggest looking at one of the policies in the tests here:
>
>
> http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/DoubleItUt.wsdl?view=markup
>
> Or for SAML:
>
>
> http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl?view=markup
>
> Colm.
>
>
> On Wed, Oct 2, 2013 at 12:27 PM, Thomas Manson <dev.mansonthomas@gmail.com
> > wrote:
>
>> I forgot to include the webservice2.xml file :
>>
>>
>>
>> <?xml version="1.0" encoding="UTF-8"?>
>> <beans xmlns="http://www.springframework.org/schema/beans"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> xmlns:jaxws="http://cxf.apache.org/jaxws"
>>
>> xmlns:cxf="http://cxf.apache.org/core"
>> xmlns:p="http://cxf.apache.org/policy"
>>
>> xsi:schemaLocation="
>> http://www.springframework.org/schema/beans
>> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
>> http://cxf.apache.org/jaxws
>> http://cxf.apache.org/schemas/jaxws.xsd
>> http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
>> ">
>>
>>
>>
>> <cxf:bus>
>> <cxf:features>
>> <p:policies/>
>> <cxf:logging/>
>> </cxf:features>
>> </cxf:bus>
>>
>>
>> <jaxws:client
>> id="WorkListServiceProxyFactory"
>> name="{http://services.brm.n2.tibco.com}WorkListService_EP"
>> serviceClass="com.tibco.n2.brm.services.WorkListService"
>> address="http://192.168.2.212:8080/amxbpm/WorkListService">
>>
>> <jaxws:properties>
>> <entry key="ws-security.callback-handler"
>>
>> value="com.mansonthomas.amxbpm.customwebapp.services.amxbpm.security.PasswordCallbackHandler"
>> />
>> </jaxws:properties>
>> </jaxws:client>
>>
>> </beans>
>>
>>
>> On Wed, Oct 2, 2013 at 12:37 PM, Thomas Manson <
>> dev.mansonthomas@gmail.com> wrote:
>>
>>> Hi Colm,
>>>
>>> I can't make it work while I'm exactly in the configuration you're
>>> suggesting (and that is in the example you gave me) and I don't get what I
>>> miss :
>>>
>>> So in my spring bean, I initialize as suggested the WebService :
>>>
>>>
>>>
>>> ###################################################################################
>>> public WorkListServiceImpl2( ContextService contextService) throws
>>> Exception
>>> {
>>> this.contextService = contextService;
>>>
>>> SpringBusFactory bf = new SpringBusFactory();
>>> URL busFile =
>>> this.contextService.getResource("/WEB-INF/spring/webservices2.xml");
>>>
>>> Bus bus = bf.createBus(busFile.toString());
>>> SpringBusFactory.setDefaultBus(bus);
>>> SpringBusFactory.setThreadDefaultBus(bus);
>>>
>>> URL wsdl = this.contextService.getResource("/wsdl/brm.wsdl");
>>>
>>> Service service = Service.create(wsdl, new QName("
>>> http://services.brm.n2.tibco.com","WorkListService"));
>>> QName portQName = new QName("http://services.brm.n2.tibco.com",
>>> "WorkListService_EP");
>>>
>>> this.workListService = service.getPort(portQName,
>>> WorkListService.class);
>>>
>>> }
>>>
>>> ###################################################################################
>>>
>>> I use afterPropertySet() of Spring to call the webservice right after
>>> Spring init.
>>>
>>>
>>> ###################################################################################
>>> public List<WorkItemFwk> getWorkListItems(String username,
>>> WorkListItemQuery workListItemQuery)
>>> {
>>> //... init this object : getWorkListItems
>>> try
>>> {
>>>
>>> ((BindingProvider)this.workListService).getRequestContext().put("thread.local.request.context",
>>> "true");
>>>
>>> ((BindingProvider)this.workListService).getRequestContext().put(SecurityConstants.USERNAME,
>>> username);
>>>
>>> getWorkListItemsResponse =
>>> this.workListService.getWorkListItems(getWorkListItems);
>>> }
>>> catch(Exception e)
>>> {
>>> logger.error("Error while getting worklistItems for
>>> "+workListItemQuery.toString(),e);
>>> }
>>>
>>> ###################################################################################
>>>
>>> And yet there's no SOAP header set in the request:
>>>
>>>
>>> oct. 02, 2013 12:28:11 PM
>>> org.apache.cxf.services.WorkListService.WorkListService_EP.WorkListService
>>> INFO: Outbound Message
>>> ---------------------------
>>> ID: 1
>>> Address: http://192.168.2.212:8080/amxbpm/WorkListService
>>> Encoding: UTF-8
>>> Http-Method: POST
>>> Content-Type: text/xml
>>> Headers: {Accept=[*/*], SOAPAction=["getWorkListItems"]}
>>> Payload: <soap:Envelope xmlns:soap="
>>> http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><ns2:getWorkListItems
>>> xmlns:ns2="http://api.brm.n2.tibco.com" xmlns:ns3="
>>> http://exception.api.brm.n2.tibco.com" xmlns:ns4="
>>> http://exception.api.common.n2.tibco.com" xmlns:ns5="
>>> http://www.tibco.com/XPD/ScriptDescriptor/" xmlns:ns6="
>>> http://exception.api.de.n2.tibco.com" startPosition="0"
>>> numberOfItems="10" getTotalCount="true"><entityID entity-type="RESOURCE"
>>> guid="tibco-admin"
>>> model-version="-1"/><orderFilterCriteria/></ns2:getWorkListItems></soap:Body></soap:Envelope>
>>> --------------------------------------
>>>
>>> So I get the following expection :
>>>
>>> javax.xml.ws.soap.SOAPFaultException: Authentication Failed.
>>> AuthNSAML20Principal set in Subject is null or empty.
>>>
>>>
>>> oct. 02, 2013 12:28:11 PM
>>> org.apache.cxf.services.WorkListService.WorkListService_EP.WorkListService
>>> INFO: Inbound Message
>>> ----------------------------
>>> ID: 1
>>> Response-Code: 500
>>> Encoding: UTF-8
>>> Content-Type: text/xml; charset=utf-8
>>> Headers: {Content-Length=[605], content-type=[text/xml; charset=utf-8],
>>> Date=[Wed, 02 Oct 2013 10:27:43 GMT], Expires=[Thu, 01 Jan 1970 00:00:00
>>> GMT],
>>> Set-Cookie=[JSESSIONID=1houdu4luwh4caof40jy2d8x6;Path=/amxbpm;HttpOnly]}
>>> Payload: <?xml version="1.0" encoding="UTF-8"?>
>>> <SOAP-ENV:Envelope xmlns:SOAP-ENV="
>>> http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode>SOAP-ENV:Server</faultcode><faultstring>Authentication
>>> Failed. AuthNSAML20Principal set in Subject is null or
>>> empty.</faultstring><faultactor>DefaultRole</faultactor><detail><tibco:myFaultDetail
>>> xmlns:tibco="http://tibcouri/">com.tibco.amf.spline.api.context.SplineMessagingException:
>>> Authentication Failed. AuthNSAML20Principal set in Subject is null or empty.
>>>
>>> </tibco:myFaultDetail></detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>
>>> --------------------------------------
>>>
>>>
>>>
>>>
>>> Any idea before I jump through the window ? ;)
>>>
>>> Thanks,
>>> Thomas.
>>>
>>>
>>>
>>>
>>> On Thu, Sep 26, 2013 at 4:36 PM, Thomas Manson <
>>> dev.mansonthomas@gmail.com> wrote:
>>>
>>>> Hi Colm,
>>>>
>>>> I know I'm probably exasperating you with my dumb questions, but I
>>>> really need help...
>>>>
>>>>
>>>> So reading the FAQ, I understand that we're thread safe if we use :
>>>>
>>>> ((BindingProvider)proxy).getRequestContext().put(
>>>> "thread.local.request.context", "true");
>>>>
>>>> before calling
>>>>
>>>> ((BindingProvider)*this*.workListService
>>>> ).getRequestContext().put(SecurityConstants.*USERNAME*, "Alice");
>>>>
>>>> Right ?
>>>>
>>>>
>>>> With the JaxWSClient, I've tried to use
>>>>
>>>>
>>>> ((BindingProvider)utPort).getRequestContext().put(SecurityConstants.USERNAME,
>>>> "Alice");
>>>>
>>>> and it didn't had any effect... (I was making subsequent call, and
>>>> changing the username)
>>>>
>>>> The web service response was the same for the two user, while one
>>>> should have replied an empty response.
>>>>
>>>> * try
>>>> * {
>>>> ((BindingProvider)*this*.workListService
>>>> ).getRequestContext().put(SecurityConstants.*USERNAME*, username);
>>>> getWorkListItemsResponse = *this*.workListService
>>>> .getWorkListItems(getWorkListItems);
>>>> }
>>>> *catch*(Exception e)
>>>> {
>>>> *logger*.error("Error while getting worklistItems for "
>>>> +workListItemQuery.toString());
>>>> }
>>>>
>>>> Did I miss somehting ?
>>>>
>>>>
>>>>
>>>> One other thing I did understand in the meantime, is that, by using
>>>>
>>>> JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
>>>> factory.setServiceClass(WorkListService.class);
>>>> factory.setAddress(this.endpoint);
>>>> //
>>>> factory.setWsdlLocation("D:/ARTIC/SOURCE/artic/trunk/webapp/src/main/webapp/WSDL/brm.wsdl");
>>>> factory.setServiceName(new QName("http://services.brm.n2.tibco.com",
>>>> "WorkListService"));
>>>>
>>>> Or
>>>>
>>>> SpringBusFactory bf = new SpringBusFactory();
>>>> URL busFile = WorkListServiceImpl2.class.getResource("client.xml");
>>>>
>>>> Bus bus = bf.createBus(busFile.toString());
>>>> SpringBusFactory.setDefaultBus(bus);
>>>> SpringBusFactory.setThreadDefaultBus(bus);
>>>>
>>>> URL wsdl = WorkListServiceImpl2.class.getResource(
>>>> "/Users/tmanson/Dropbox/crf/AMXBPM-2.1-WS-Client/src/main/resources/brm.wsdl"
>>>> );
>>>> Service service = Service.create(wsdl, new QName("
>>>> http://api.brm.n2.tibco.com", "WorkListService"));
>>>> QName portQName = new QName("http://services.brm.n2.tibco.com",
>>>> "WorkListService_EP");
>>>> this.workListService =
>>>> service.getPort(portQName, WorkListService.class);
>>>>
>>>> etc...
>>>>
>>>> we ask CXF to generate on the fly the WS Client, is it correct?
>>>>
>>>>
>>>> Now I've already generated a client (with CXF/Ant), which I want to
>>>> invoke instead with this code :
>>>>
>>>> WorkListService_Service proxy = *new* WorkListService_Service(*new*URL(
>>>> "http://localhost:8080/amxbpm-web/wsdl/brm.wsdl"),
>>>> *new* QName("http://services.brm.n2.tibco.com",
>>>> "WorkListService"));
>>>> *this*.workListService = proxy.getPort( *new* QName("
>>>> http://services.brm.n2.tibco.com", "WorkListService_EP"),
>>>> WorkListService.*class*);
>>>>
>>>> I wonder how it can be used in conjonction with this code, and How
>>>> should I handle the authentication part...:
>>>>
>>>> SpringBusFactory bf = *new* SpringBusFactory();
>>>> URL busFile = WorkListServiceImpl2.*class*.getResource("client.xml");
>>>> Bus bus = bf.createBus(busFile.toString());
>>>> SpringBusFactory.*setDefaultBus*(bus);
>>>> SpringBusFactory.*setThreadDefaultBus*(bus);
>>>>
>>>>
>>>> I still dont get what file should I put instead of client.xml as I'm
>>>> already in a spring context, should I specify the file where I define my
>>>> bean already ?
>>>> it's quite confusing...
>>>>
>>>>
>>>> Thomas.
>>>>
>>>>
>>>> On Wed, Sep 25, 2013 at 3:36 PM, Colm O hEigeartaigh <
>>>> coheigea@apache.org> wrote:
>>>>
>>>>> > Is it thread safe ?
>>>>>
>>>>> http://cxf.apache.org/faq.html#FAQ-AreJAXWSclientproxiesthreadsafe%3F
>>>>>
>>>>> All you need is a JAX-WS client proxy, how you obtain one or set up
>>>>> your
>>>>> project is up to you...
>>>>>
>>>>> Colm.
>>>>>
>>>>>
>>>>> On Tue, Sep 24, 2013 at 2:07 PM, Thomas Manson
>>>>> <de...@gmail.com>wrote:
>>>>>
>>>>> > Hi Colm,
>>>>> >
>>>>> > I'm starting to understand that it's another way to configure the
>>>>> client.
>>>>> >
>>>>> > I've two questions :
>>>>> >
>>>>> > - Is it thread safe ?
>>>>> > I guess that it is as I see that the ServiceBus specify a Thread.
>>>>> > In a J2EE context, should I specify something else than
>>>>> > SpringBusFactory.setThreadDefaultBus(bus); ?
>>>>> >
>>>>> >
>>>>> > - I'm a bit puzzled by the configuration:
>>>>> >
>>>>> >
>>>>> > SpringBusFactory bf = new SpringBusFactory();
>>>>> > URL busFile =
>>>>> UsernameTokenTest.class.getResource("client/client.xml");
>>>>> >
>>>>> >
>>>>> > This code load a Spring configuration file, while I already have
>>>>> mine +
>>>>> > the client.xml configuration has some cxf:bus definition (is it the
>>>>> same
>>>>> > thing ? SringBusFactory & cxf:bus ?).
>>>>> >
>>>>> > So I wonder I can't just use this code in an existing spring
>>>>> context, How
>>>>> > should I transpose this within an existing spring context?
>>>>> >
>>>>> >
>>>>> > How I think it would work is :
>>>>> >
>>>>> >
>>>>> > - Use your way to setup SpringBus and the Client
>>>>> > - Have a Spring class X that has the WS Client as dependency
>>>>> > - X implement each method of the WS(+some additional business
>>>>> logic)
>>>>> > and set the username dynamically <= I still don't know how to do
>>>>> this...
>>>>> >
>>>>> > Is it the correct way ?
>>>>> >
>>>>> > Thomas.
>>>>> >
>>>>> > Here is my current work in progress spring file
>>>>> >
>>>>> > <beans xmlns="http://www.springframework.org/schema/beans"
>>>>> >
>>>>> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:cxf="
>>>>> > http://cxf.apache.org/core"
>>>>> > xsi:schemaLocation="
>>>>> > http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
>>>>> > http://www.springframework.org/schema/beans
>>>>> > http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
>>>>> >
>>>>> >
>>>>> > <cxf:bus>
>>>>> > <cxf:features>
>>>>> > <cxf:logging />
>>>>> > </cxf:features>
>>>>> > </cxf:bus>
>>>>> >
>>>>> >
>>>>> >
>>>>> > <!--
>>>>> >
>>>>> /Users/tmanson/Dropbox/crf/AMXBPM-2.1-WS-Client/src/main/resources/de.wsdl
>>>>> > -->
>>>>> > <jaxws:client
>>>>> > name="{http://services.brm.n2.tibco.com
>>>>> }EntityResolverService"
>>>>> >
>>>>> >
>>>>> wsdlLocation="/Users/tmanson/Dropbox/crf/AMXBPM-2.1-WS-Client/src/main/resources/de.wsdl"
>>>>> > serviceClass="com.tibco.n2.de.services.EntityResolverService"
>>>>> > address="
>>>>> http://192.168.2.202:8080/amxbpm/EntityResolverService"
>>>>> > createdFromAPI="true">
>>>>> > <jaxws:properties>
>>>>> > <entry key="ws-security.callback-handler"
>>>>> >
>>>>> >
>>>>> value="com.mansonthomas.amxbpm.customwebapp.services.amxbpm.security.PasswordCallbackHandler"
>>>>> > />
>>>>> > </jaxws:properties>
>>>>> > </jaxws:client>
>>>>> >
>>>>> > </beans>
>>>>> >
>>>>> >
>>>>> >
>>>>> >
>>>>> >
>>>>> >
>>>>> >
>>>>> >
>>>>> >
>>>>> > On Tue, Sep 24, 2013 at 11:41 AM, Colm O hEigeartaigh <
>>>>> coheigea@apache.org
>>>>> > > wrote:
>>>>> >
>>>>> >> Look at the last test here:
>>>>> >>
>>>>> >>
>>>>> >>
>>>>> http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java?view=markup
>>>>> >>
>>>>> >>
>>>>> >>
>>>>> ((BindingProvider)utPort).getRequestContext().put(SecurityConstants.USERNAME,
>>>>> >> "Alice");
>>>>> >>
>>>>> >> Colm.
>>>>> >>
>>>>> >>
>>>>> >> On Tue, Sep 24, 2013 at 10:33 AM, Thomas Manson
>>>>> >> <de...@gmail.com>wrote:
>>>>> >>
>>>>> >> > Hi Colm,
>>>>> >> >
>>>>> >> > I'm back working on this subject (was on pause as I was working
>>>>> for
>>>>> >> other
>>>>> >> > clients)
>>>>> >> >
>>>>> >> > I've checked out the SVN repo you gave me, and I've looked
>>>>> through the
>>>>> >> > samples configurations (client.xml) and I can't find anything
>>>>> >> appropriate.
>>>>> >> >
>>>>> >> > In the UT (Username Token I guess), the username is always
>>>>> provided in
>>>>> >> the
>>>>> >> > configuration file.
>>>>> >> > The saml/x509 configuration still refers to Alice.properties...
>>>>> >> >
>>>>> >> >
>>>>> >> > In my case, the username shouldn't appear in the configuration
>>>>> files,
>>>>> >> as
>>>>> >> > I need to use the J2EE Principal as login, and call the
>>>>> webservice to
>>>>> >> > authenticate the user.
>>>>> >> >
>>>>> >> > Could you point me to the right direction ?
>>>>> >> >
>>>>> >> > Thomas.
>>>>> >> >
>>>>> >> >
>>>>> >> >
>>>>> >> >
>>>>> >> >
>>>>> >> > On Sat, Jul 13, 2013 at 1:45 AM, Thomas Manson
>>>>> >> > <de...@gmail.com>wrote:
>>>>> >> >
>>>>> >> > > Thanks, it will surely help a lot :)
>>>>> >> > >
>>>>> >> > > Thomas.
>>>>> >> > >
>>>>> >> > >
>>>>> >> > > On Fri, Jul 12, 2013 at 6:05 PM, Colm O hEigeartaigh <
>>>>> >> > coheigea@apache.org>wrote:
>>>>> >> > >
>>>>> >> > >> Please take a look at the tests here:
>>>>> >> > >>
>>>>> >> > >>
>>>>> >> > >>
>>>>> >> >
>>>>> >>
>>>>> http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security-examples/
>>>>> >> > >>
>>>>> >> > >> Colm.
>>>>> >> > >>
>>>>> >> > >>
>>>>> >> > >> On Fri, Jul 12, 2013 at 4:22 PM, Thomas Manson
>>>>> >> > >> <de...@gmail.com>wrote:
>>>>> >> > >>
>>>>> >> > >> > Do you have any other pointer that this page :
>>>>> >> > >> >
>>>>> >> > >> > cxf.apache.org/docs/ws-securitypolicy.html
>>>>> >> > >> >
>>>>> >> > >> > it's way to short for me as documentation to build something
>>>>> that
>>>>> >> > work.
>>>>> >> > >> > When I read the properties described, I feel there's a mix
>>>>> between
>>>>> >> > >> server
>>>>> >> > >> > side properties (which I'm not interested as I'm just
>>>>> implementing
>>>>> >> a
>>>>> >> > >> > client)... + it starts with extra properties... where are
>>>>> the basic
>>>>> >> > >> ones?
>>>>> >> > >> >
>>>>> >> > >> > what would help is a full example of the code of a client.
>>>>> >> > >> >
>>>>> >> > >> > I'm quite lost ;)
>>>>> >> > >> >
>>>>> >> > >> >
>>>>> >> > >> >
>>>>> >> > >> >
>>>>> >> > >> > On Fri, Jul 12, 2013 at 5:09 PM, Colm O hEigeartaigh <
>>>>> >> > >> coheigea@apache.org
>>>>> >> > >> > >wrote:
>>>>> >> > >> >
>>>>> >> > >> > >
>>>>> >> > >> > > If you follow the WS-SecurityPolicy approach then it will
>>>>> work,
>>>>> >> as
>>>>> >> > >> all of
>>>>> >> > >> > > the configuration is taken from the context rather than a
>>>>> >> properties
>>>>> >> > >> Map.
>>>>> >> > >> > >
>>>>> >> > >> > > Colm.
>>>>> >> > >> > >
>>>>> >> > >> > >
>>>>> >> > >> > > On Fri, Jul 12, 2013 at 4:01 PM, Thomas Manson <
>>>>> >> > >> > dev.mansonthomas@gmail.com
>>>>> >> > >> > > > wrote:
>>>>> >> > >> > >
>>>>> >> > >> > >> I already does what you say as follow, but it mean one
>>>>> >> instance of
>>>>> >> > >> the
>>>>> >> > >> > >> client per user connected.
>>>>> >> > >> > >>
>>>>> >> > >> > >>
>>>>> >> > >> > >> I've search quite some time dans didn't find a way to set
>>>>> >> something
>>>>> >> > >> like
>>>>> >> > >> > >> the password callback handler.
>>>>> >> > >> > >>
>>>>> >> > >> > >>
>>>>> >> > >> > >>
>>>>> >> > >> > >> JaxWsProxyFactoryBean factory = new
>>>>> JaxWsProxyFactoryBean();
>>>>> >> > >> > >>
>>>>> >> > >> > >> factory.setServiceClass(WorkListService.class);
>>>>> >> > >> > >>
>>>>> >> > >> > >> factory.setAddress(this.endpoint);
>>>>> >> > >> > >>
>>>>> >> > >> > >> //
>>>>> >> > >> > >>
>>>>> >> > >> >
>>>>> >> > >>
>>>>> >> >
>>>>> >>
>>>>> factory.setWsdlLocation("D:/ARTIC/SOURCE/artic/trunk/webapp/src/main/webapp/WSDL/brm.wsdl");
>>>>> >> > >> > >>
>>>>> >> > >> > >> factory.setServiceName(new QName("
>>>>> >> > >> http://services.brm.n2.tibco.com
>>>>> >> > >> > ",
>>>>> >> > >> > >> "WorkListService"));
>>>>> >> > >> > >>
>>>>> >> > >> > >> WorkListService workListService = (WorkListService)
>>>>> >> > >> > factory.create();
>>>>> >> > >> > >>
>>>>> >> > >> > >>
>>>>> >> > >> > >> Client client =
>>>>> ClientProxy.getClient(workListService);
>>>>> >> > >> > >>
>>>>> >> > >> > >>
>>>>> >> > >> > >> Map<String, Object> properties = new HashMap<String,
>>>>> >> Object>();
>>>>> >> > >> > >>
>>>>> >> > >> > >> properties.put(WSHandlerConstants.ACTION ,
>>>>> >> > >> > >> WSHandlerConstants.USERNAME_TOKEN);
>>>>> >> > >> > >>
>>>>> >> > >> > >> properties.put(WSHandlerConstants.USER ,
>>>>> >> > >> this.username);
>>>>> >> > >> > >>
>>>>> >> > >> > >> properties.put(WSHandlerConstants.PASSWORD_TYPE ,
>>>>> >> > WSConstants.
>>>>> >> > >> > >> PW_TEXT);// "PasswordDigest"
>>>>> >> > >> > >>
>>>>> >> > >> > >> properties.put(WSHandlerConstants.PW_CALLBACK_REF ,
>>>>> >> > >> > newPasswordCallbackHandler(
>>>>> >> > >> > >> this.username, password, "password"));
>>>>> >> > >> > >>
>>>>> >> > >> > >>
>>>>> >> > >> > >> client.getOutInterceptors().add(new
>>>>> >> > >> > WSS4JOutInterceptor(properties));
>>>>> >> > >> > >>
>>>>> >> > >> > >>
>>>>> >> > >> > >> On Fri, Jul 12, 2013 at 4:36 PM, Colm O hEigeartaigh <
>>>>> >> > >> > coheigea@apache.org
>>>>> >> > >> > >> > wrote:
>>>>> >> > >> > >>
>>>>> >> > >> > >>> ou could create a CXF interceptor that sets the username
>>>>> on the
>>>>> >> > fly,
>>>>> >> > >> > >>> before the WSS4JOutInterceptor is called.
>>>>> >> > >> > >>
>>>>> >> > >> > >>
>>>>> >> > >> > >>
>>>>> >> > >> > >>
>>>>> >> > >> > >
>>>>> >> > >> > >
>>>>> >> > >> > > --
>>>>> >> > >> > > Colm O hEigeartaigh
>>>>> >> > >> > >
>>>>> >> > >> > > Talend Community Coder
>>>>> >> > >> > > http://coders.talend.com
>>>>> >> > >> > >
>>>>> >> > >> >
>>>>> >> > >>
>>>>> >> > >>
>>>>> >> > >>
>>>>> >> > >> --
>>>>> >> > >> Colm O hEigeartaigh
>>>>> >> > >>
>>>>> >> > >> Talend Community Coder
>>>>> >> > >> http://coders.talend.com
>>>>> >> > >>
>>>>> >> > >
>>>>> >> > >
>>>>> >> >
>>>>> >>
>>>>> >>
>>>>> >>
>>>>> >> --
>>>>> >> Colm O hEigeartaigh
>>>>> >>
>>>>> >> Talend Community Coder
>>>>> >> http://coders.talend.com
>>>>> >>
>>>>> >
>>>>> >
>>>>>
>>>>>
>>>>> --
>>>>> Colm O hEigeartaigh
>>>>>
>>>>> Talend Community Coder
>>>>> http://coders.talend.com
>>>>>
>>>>
>>>>
>>>
>>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
Re: CXF client - how to dynamically set user/password at runtime
Posted by Colm O hEigeartaigh <co...@apache.org>.
The configuration looks ok, but it looks like there is no security policy,
and hence no security header is added to the request? There needs to be
either a security policy specified in the WSDL, or alternatively you can
reference one in your jaxws:client configuration. If you need UsernameToken
I suggest looking at one of the policies in the tests here:
http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/DoubleItUt.wsdl?view=markup
Or for SAML:
http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl?view=markup
Colm.
On Wed, Oct 2, 2013 at 12:27 PM, Thomas Manson
<de...@gmail.com>wrote:
> I forgot to include the webservice2.xml file :
>
>
>
> <?xml version="1.0" encoding="UTF-8"?>
> <beans xmlns="http://www.springframework.org/schema/beans"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:jaxws="http://cxf.apache.org/jaxws"
>
> xmlns:cxf="http://cxf.apache.org/core"
> xmlns:p="http://cxf.apache.org/policy"
>
> xsi:schemaLocation="
> http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
> http://cxf.apache.org/jaxws
> http://cxf.apache.org/schemas/jaxws.xsd
> http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
> ">
>
>
>
> <cxf:bus>
> <cxf:features>
> <p:policies/>
> <cxf:logging/>
> </cxf:features>
> </cxf:bus>
>
>
> <jaxws:client
> id="WorkListServiceProxyFactory"
> name="{http://services.brm.n2.tibco.com}WorkListService_EP"
> serviceClass="com.tibco.n2.brm.services.WorkListService"
> address="http://192.168.2.212:8080/amxbpm/WorkListService">
>
> <jaxws:properties>
> <entry key="ws-security.callback-handler"
>
> value="com.mansonthomas.amxbpm.customwebapp.services.amxbpm.security.PasswordCallbackHandler"
> />
> </jaxws:properties>
> </jaxws:client>
>
> </beans>
>
>
> On Wed, Oct 2, 2013 at 12:37 PM, Thomas Manson <dev.mansonthomas@gmail.com
> > wrote:
>
>> Hi Colm,
>>
>> I can't make it work while I'm exactly in the configuration you're
>> suggesting (and that is in the example you gave me) and I don't get what I
>> miss :
>>
>> So in my spring bean, I initialize as suggested the WebService :
>>
>>
>>
>> ###################################################################################
>> public WorkListServiceImpl2( ContextService contextService) throws
>> Exception
>> {
>> this.contextService = contextService;
>>
>> SpringBusFactory bf = new SpringBusFactory();
>> URL busFile =
>> this.contextService.getResource("/WEB-INF/spring/webservices2.xml");
>>
>> Bus bus = bf.createBus(busFile.toString());
>> SpringBusFactory.setDefaultBus(bus);
>> SpringBusFactory.setThreadDefaultBus(bus);
>>
>> URL wsdl = this.contextService.getResource("/wsdl/brm.wsdl");
>>
>> Service service = Service.create(wsdl, new QName("
>> http://services.brm.n2.tibco.com","WorkListService"));
>> QName portQName = new QName("http://services.brm.n2.tibco.com",
>> "WorkListService_EP");
>>
>> this.workListService = service.getPort(portQName,
>> WorkListService.class);
>>
>> }
>>
>> ###################################################################################
>>
>> I use afterPropertySet() of Spring to call the webservice right after
>> Spring init.
>>
>>
>> ###################################################################################
>> public List<WorkItemFwk> getWorkListItems(String username,
>> WorkListItemQuery workListItemQuery)
>> {
>> //... init this object : getWorkListItems
>> try
>> {
>>
>> ((BindingProvider)this.workListService).getRequestContext().put("thread.local.request.context",
>> "true");
>>
>> ((BindingProvider)this.workListService).getRequestContext().put(SecurityConstants.USERNAME,
>> username);
>>
>> getWorkListItemsResponse =
>> this.workListService.getWorkListItems(getWorkListItems);
>> }
>> catch(Exception e)
>> {
>> logger.error("Error while getting worklistItems for
>> "+workListItemQuery.toString(),e);
>> }
>>
>> ###################################################################################
>>
>> And yet there's no SOAP header set in the request:
>>
>>
>> oct. 02, 2013 12:28:11 PM
>> org.apache.cxf.services.WorkListService.WorkListService_EP.WorkListService
>> INFO: Outbound Message
>> ---------------------------
>> ID: 1
>> Address: http://192.168.2.212:8080/amxbpm/WorkListService
>> Encoding: UTF-8
>> Http-Method: POST
>> Content-Type: text/xml
>> Headers: {Accept=[*/*], SOAPAction=["getWorkListItems"]}
>> Payload: <soap:Envelope xmlns:soap="
>> http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><ns2:getWorkListItems
>> xmlns:ns2="http://api.brm.n2.tibco.com" xmlns:ns3="
>> http://exception.api.brm.n2.tibco.com" xmlns:ns4="
>> http://exception.api.common.n2.tibco.com" xmlns:ns5="
>> http://www.tibco.com/XPD/ScriptDescriptor/" xmlns:ns6="
>> http://exception.api.de.n2.tibco.com" startPosition="0"
>> numberOfItems="10" getTotalCount="true"><entityID entity-type="RESOURCE"
>> guid="tibco-admin"
>> model-version="-1"/><orderFilterCriteria/></ns2:getWorkListItems></soap:Body></soap:Envelope>
>> --------------------------------------
>>
>> So I get the following expection :
>>
>> javax.xml.ws.soap.SOAPFaultException: Authentication Failed.
>> AuthNSAML20Principal set in Subject is null or empty.
>>
>>
>> oct. 02, 2013 12:28:11 PM
>> org.apache.cxf.services.WorkListService.WorkListService_EP.WorkListService
>> INFO: Inbound Message
>> ----------------------------
>> ID: 1
>> Response-Code: 500
>> Encoding: UTF-8
>> Content-Type: text/xml; charset=utf-8
>> Headers: {Content-Length=[605], content-type=[text/xml; charset=utf-8],
>> Date=[Wed, 02 Oct 2013 10:27:43 GMT], Expires=[Thu, 01 Jan 1970 00:00:00
>> GMT],
>> Set-Cookie=[JSESSIONID=1houdu4luwh4caof40jy2d8x6;Path=/amxbpm;HttpOnly]}
>> Payload: <?xml version="1.0" encoding="UTF-8"?>
>> <SOAP-ENV:Envelope xmlns:SOAP-ENV="
>> http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode>SOAP-ENV:Server</faultcode><faultstring>Authentication
>> Failed. AuthNSAML20Principal set in Subject is null or
>> empty.</faultstring><faultactor>DefaultRole</faultactor><detail><tibco:myFaultDetail
>> xmlns:tibco="http://tibcouri/">com.tibco.amf.spline.api.context.SplineMessagingException:
>> Authentication Failed. AuthNSAML20Principal set in Subject is null or empty.
>>
>> </tibco:myFaultDetail></detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>
>> --------------------------------------
>>
>>
>>
>>
>> Any idea before I jump through the window ? ;)
>>
>> Thanks,
>> Thomas.
>>
>>
>>
>>
>> On Thu, Sep 26, 2013 at 4:36 PM, Thomas Manson <
>> dev.mansonthomas@gmail.com> wrote:
>>
>>> Hi Colm,
>>>
>>> I know I'm probably exasperating you with my dumb questions, but I
>>> really need help...
>>>
>>>
>>> So reading the FAQ, I understand that we're thread safe if we use :
>>>
>>> ((BindingProvider)proxy).getRequestContext().put(
>>> "thread.local.request.context", "true");
>>>
>>> before calling
>>>
>>> ((BindingProvider)*this*.workListService
>>> ).getRequestContext().put(SecurityConstants.*USERNAME*, "Alice");
>>>
>>> Right ?
>>>
>>>
>>> With the JaxWSClient, I've tried to use
>>>
>>>
>>> ((BindingProvider)utPort).getRequestContext().put(SecurityConstants.USERNAME,
>>> "Alice");
>>>
>>> and it didn't had any effect... (I was making subsequent call, and
>>> changing the username)
>>>
>>> The web service response was the same for the two user, while one should
>>> have replied an empty response.
>>>
>>> * try
>>> * {
>>> ((BindingProvider)*this*.workListService
>>> ).getRequestContext().put(SecurityConstants.*USERNAME*, username);
>>> getWorkListItemsResponse = *this*.workListService
>>> .getWorkListItems(getWorkListItems);
>>> }
>>> *catch*(Exception e)
>>> {
>>> *logger*.error("Error while getting worklistItems for "
>>> +workListItemQuery.toString());
>>> }
>>>
>>> Did I miss somehting ?
>>>
>>>
>>>
>>> One other thing I did understand in the meantime, is that, by using
>>>
>>> JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
>>> factory.setServiceClass(WorkListService.class);
>>> factory.setAddress(this.endpoint);
>>> //
>>> factory.setWsdlLocation("D:/ARTIC/SOURCE/artic/trunk/webapp/src/main/webapp/WSDL/brm.wsdl");
>>> factory.setServiceName(new QName("http://services.brm.n2.tibco.com",
>>> "WorkListService"));
>>>
>>> Or
>>>
>>> SpringBusFactory bf = new SpringBusFactory();
>>> URL busFile = WorkListServiceImpl2.class.getResource("client.xml");
>>>
>>> Bus bus = bf.createBus(busFile.toString());
>>> SpringBusFactory.setDefaultBus(bus);
>>> SpringBusFactory.setThreadDefaultBus(bus);
>>>
>>> URL wsdl = WorkListServiceImpl2.class.getResource(
>>> "/Users/tmanson/Dropbox/crf/AMXBPM-2.1-WS-Client/src/main/resources/brm.wsdl"
>>> );
>>> Service service = Service.create(wsdl, new QName("
>>> http://api.brm.n2.tibco.com", "WorkListService"));
>>> QName portQName = new QName("http://services.brm.n2.tibco.com",
>>> "WorkListService_EP");
>>> this.workListService =
>>> service.getPort(portQName, WorkListService.class);
>>>
>>> etc...
>>>
>>> we ask CXF to generate on the fly the WS Client, is it correct?
>>>
>>>
>>> Now I've already generated a client (with CXF/Ant), which I want to
>>> invoke instead with this code :
>>>
>>> WorkListService_Service proxy = *new* WorkListService_Service(*new* URL(
>>> "http://localhost:8080/amxbpm-web/wsdl/brm.wsdl"),
>>> *new* QName("http://services.brm.n2.tibco.com","WorkListService"
>>> ));
>>> *this*.workListService = proxy.getPort( *new* QName("
>>> http://services.brm.n2.tibco.com", "WorkListService_EP"),
>>> WorkListService.*class*);
>>>
>>> I wonder how it can be used in conjonction with this code, and How
>>> should I handle the authentication part...:
>>>
>>> SpringBusFactory bf = *new* SpringBusFactory();
>>> URL busFile = WorkListServiceImpl2.*class*.getResource("client.xml");
>>> Bus bus = bf.createBus(busFile.toString());
>>> SpringBusFactory.*setDefaultBus*(bus);
>>> SpringBusFactory.*setThreadDefaultBus*(bus);
>>>
>>>
>>> I still dont get what file should I put instead of client.xml as I'm
>>> already in a spring context, should I specify the file where I define my
>>> bean already ?
>>> it's quite confusing...
>>>
>>>
>>> Thomas.
>>>
>>>
>>> On Wed, Sep 25, 2013 at 3:36 PM, Colm O hEigeartaigh <
>>> coheigea@apache.org> wrote:
>>>
>>>> > Is it thread safe ?
>>>>
>>>> http://cxf.apache.org/faq.html#FAQ-AreJAXWSclientproxiesthreadsafe%3F
>>>>
>>>> All you need is a JAX-WS client proxy, how you obtain one or set up your
>>>> project is up to you...
>>>>
>>>> Colm.
>>>>
>>>>
>>>> On Tue, Sep 24, 2013 at 2:07 PM, Thomas Manson
>>>> <de...@gmail.com>wrote:
>>>>
>>>> > Hi Colm,
>>>> >
>>>> > I'm starting to understand that it's another way to configure the
>>>> client.
>>>> >
>>>> > I've two questions :
>>>> >
>>>> > - Is it thread safe ?
>>>> > I guess that it is as I see that the ServiceBus specify a Thread.
>>>> > In a J2EE context, should I specify something else than
>>>> > SpringBusFactory.setThreadDefaultBus(bus); ?
>>>> >
>>>> >
>>>> > - I'm a bit puzzled by the configuration:
>>>> >
>>>> >
>>>> > SpringBusFactory bf = new SpringBusFactory();
>>>> > URL busFile =
>>>> UsernameTokenTest.class.getResource("client/client.xml");
>>>> >
>>>> >
>>>> > This code load a Spring configuration file, while I already have mine
>>>> +
>>>> > the client.xml configuration has some cxf:bus definition (is it the
>>>> same
>>>> > thing ? SringBusFactory & cxf:bus ?).
>>>> >
>>>> > So I wonder I can't just use this code in an existing spring
>>>> context, How
>>>> > should I transpose this within an existing spring context?
>>>> >
>>>> >
>>>> > How I think it would work is :
>>>> >
>>>> >
>>>> > - Use your way to setup SpringBus and the Client
>>>> > - Have a Spring class X that has the WS Client as dependency
>>>> > - X implement each method of the WS(+some additional business
>>>> logic)
>>>> > and set the username dynamically <= I still don't know how to do
>>>> this...
>>>> >
>>>> > Is it the correct way ?
>>>> >
>>>> > Thomas.
>>>> >
>>>> > Here is my current work in progress spring file
>>>> >
>>>> > <beans xmlns="http://www.springframework.org/schema/beans"
>>>> >
>>>> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:cxf="
>>>> > http://cxf.apache.org/core"
>>>> > xsi:schemaLocation="
>>>> > http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
>>>> > http://www.springframework.org/schema/beans
>>>> > http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
>>>> >
>>>> >
>>>> > <cxf:bus>
>>>> > <cxf:features>
>>>> > <cxf:logging />
>>>> > </cxf:features>
>>>> > </cxf:bus>
>>>> >
>>>> >
>>>> >
>>>> > <!--
>>>> >
>>>> /Users/tmanson/Dropbox/crf/AMXBPM-2.1-WS-Client/src/main/resources/de.wsdl
>>>> > -->
>>>> > <jaxws:client
>>>> > name="{http://services.brm.n2.tibco.com
>>>> }EntityResolverService"
>>>> >
>>>> >
>>>> wsdlLocation="/Users/tmanson/Dropbox/crf/AMXBPM-2.1-WS-Client/src/main/resources/de.wsdl"
>>>> > serviceClass="com.tibco.n2.de.services.EntityResolverService"
>>>> > address="
>>>> http://192.168.2.202:8080/amxbpm/EntityResolverService"
>>>> > createdFromAPI="true">
>>>> > <jaxws:properties>
>>>> > <entry key="ws-security.callback-handler"
>>>> >
>>>> >
>>>> value="com.mansonthomas.amxbpm.customwebapp.services.amxbpm.security.PasswordCallbackHandler"
>>>> > />
>>>> > </jaxws:properties>
>>>> > </jaxws:client>
>>>> >
>>>> > </beans>
>>>> >
>>>> >
>>>> >
>>>> >
>>>> >
>>>> >
>>>> >
>>>> >
>>>> >
>>>> > On Tue, Sep 24, 2013 at 11:41 AM, Colm O hEigeartaigh <
>>>> coheigea@apache.org
>>>> > > wrote:
>>>> >
>>>> >> Look at the last test here:
>>>> >>
>>>> >>
>>>> >>
>>>> http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java?view=markup
>>>> >>
>>>> >>
>>>> >>
>>>> ((BindingProvider)utPort).getRequestContext().put(SecurityConstants.USERNAME,
>>>> >> "Alice");
>>>> >>
>>>> >> Colm.
>>>> >>
>>>> >>
>>>> >> On Tue, Sep 24, 2013 at 10:33 AM, Thomas Manson
>>>> >> <de...@gmail.com>wrote:
>>>> >>
>>>> >> > Hi Colm,
>>>> >> >
>>>> >> > I'm back working on this subject (was on pause as I was working
>>>> for
>>>> >> other
>>>> >> > clients)
>>>> >> >
>>>> >> > I've checked out the SVN repo you gave me, and I've looked
>>>> through the
>>>> >> > samples configurations (client.xml) and I can't find anything
>>>> >> appropriate.
>>>> >> >
>>>> >> > In the UT (Username Token I guess), the username is always
>>>> provided in
>>>> >> the
>>>> >> > configuration file.
>>>> >> > The saml/x509 configuration still refers to Alice.properties...
>>>> >> >
>>>> >> >
>>>> >> > In my case, the username shouldn't appear in the configuration
>>>> files,
>>>> >> as
>>>> >> > I need to use the J2EE Principal as login, and call the webservice
>>>> to
>>>> >> > authenticate the user.
>>>> >> >
>>>> >> > Could you point me to the right direction ?
>>>> >> >
>>>> >> > Thomas.
>>>> >> >
>>>> >> >
>>>> >> >
>>>> >> >
>>>> >> >
>>>> >> > On Sat, Jul 13, 2013 at 1:45 AM, Thomas Manson
>>>> >> > <de...@gmail.com>wrote:
>>>> >> >
>>>> >> > > Thanks, it will surely help a lot :)
>>>> >> > >
>>>> >> > > Thomas.
>>>> >> > >
>>>> >> > >
>>>> >> > > On Fri, Jul 12, 2013 at 6:05 PM, Colm O hEigeartaigh <
>>>> >> > coheigea@apache.org>wrote:
>>>> >> > >
>>>> >> > >> Please take a look at the tests here:
>>>> >> > >>
>>>> >> > >>
>>>> >> > >>
>>>> >> >
>>>> >>
>>>> http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security-examples/
>>>> >> > >>
>>>> >> > >> Colm.
>>>> >> > >>
>>>> >> > >>
>>>> >> > >> On Fri, Jul 12, 2013 at 4:22 PM, Thomas Manson
>>>> >> > >> <de...@gmail.com>wrote:
>>>> >> > >>
>>>> >> > >> > Do you have any other pointer that this page :
>>>> >> > >> >
>>>> >> > >> > cxf.apache.org/docs/ws-securitypolicy.html
>>>> >> > >> >
>>>> >> > >> > it's way to short for me as documentation to build something
>>>> that
>>>> >> > work.
>>>> >> > >> > When I read the properties described, I feel there's a mix
>>>> between
>>>> >> > >> server
>>>> >> > >> > side properties (which I'm not interested as I'm just
>>>> implementing
>>>> >> a
>>>> >> > >> > client)... + it starts with extra properties... where are the
>>>> basic
>>>> >> > >> ones?
>>>> >> > >> >
>>>> >> > >> > what would help is a full example of the code of a client.
>>>> >> > >> >
>>>> >> > >> > I'm quite lost ;)
>>>> >> > >> >
>>>> >> > >> >
>>>> >> > >> >
>>>> >> > >> >
>>>> >> > >> > On Fri, Jul 12, 2013 at 5:09 PM, Colm O hEigeartaigh <
>>>> >> > >> coheigea@apache.org
>>>> >> > >> > >wrote:
>>>> >> > >> >
>>>> >> > >> > >
>>>> >> > >> > > If you follow the WS-SecurityPolicy approach then it will
>>>> work,
>>>> >> as
>>>> >> > >> all of
>>>> >> > >> > > the configuration is taken from the context rather than a
>>>> >> properties
>>>> >> > >> Map.
>>>> >> > >> > >
>>>> >> > >> > > Colm.
>>>> >> > >> > >
>>>> >> > >> > >
>>>> >> > >> > > On Fri, Jul 12, 2013 at 4:01 PM, Thomas Manson <
>>>> >> > >> > dev.mansonthomas@gmail.com
>>>> >> > >> > > > wrote:
>>>> >> > >> > >
>>>> >> > >> > >> I already does what you say as follow, but it mean one
>>>> >> instance of
>>>> >> > >> the
>>>> >> > >> > >> client per user connected.
>>>> >> > >> > >>
>>>> >> > >> > >>
>>>> >> > >> > >> I've search quite some time dans didn't find a way to set
>>>> >> something
>>>> >> > >> like
>>>> >> > >> > >> the password callback handler.
>>>> >> > >> > >>
>>>> >> > >> > >>
>>>> >> > >> > >>
>>>> >> > >> > >> JaxWsProxyFactoryBean factory = new
>>>> JaxWsProxyFactoryBean();
>>>> >> > >> > >>
>>>> >> > >> > >> factory.setServiceClass(WorkListService.class);
>>>> >> > >> > >>
>>>> >> > >> > >> factory.setAddress(this.endpoint);
>>>> >> > >> > >>
>>>> >> > >> > >> //
>>>> >> > >> > >>
>>>> >> > >> >
>>>> >> > >>
>>>> >> >
>>>> >>
>>>> factory.setWsdlLocation("D:/ARTIC/SOURCE/artic/trunk/webapp/src/main/webapp/WSDL/brm.wsdl");
>>>> >> > >> > >>
>>>> >> > >> > >> factory.setServiceName(new QName("
>>>> >> > >> http://services.brm.n2.tibco.com
>>>> >> > >> > ",
>>>> >> > >> > >> "WorkListService"));
>>>> >> > >> > >>
>>>> >> > >> > >> WorkListService workListService = (WorkListService)
>>>> >> > >> > factory.create();
>>>> >> > >> > >>
>>>> >> > >> > >>
>>>> >> > >> > >> Client client =
>>>> ClientProxy.getClient(workListService);
>>>> >> > >> > >>
>>>> >> > >> > >>
>>>> >> > >> > >> Map<String, Object> properties = new HashMap<String,
>>>> >> Object>();
>>>> >> > >> > >>
>>>> >> > >> > >> properties.put(WSHandlerConstants.ACTION ,
>>>> >> > >> > >> WSHandlerConstants.USERNAME_TOKEN);
>>>> >> > >> > >>
>>>> >> > >> > >> properties.put(WSHandlerConstants.USER ,
>>>> >> > >> this.username);
>>>> >> > >> > >>
>>>> >> > >> > >> properties.put(WSHandlerConstants.PASSWORD_TYPE ,
>>>> >> > WSConstants.
>>>> >> > >> > >> PW_TEXT);// "PasswordDigest"
>>>> >> > >> > >>
>>>> >> > >> > >> properties.put(WSHandlerConstants.PW_CALLBACK_REF ,
>>>> >> > >> > newPasswordCallbackHandler(
>>>> >> > >> > >> this.username, password, "password"));
>>>> >> > >> > >>
>>>> >> > >> > >>
>>>> >> > >> > >> client.getOutInterceptors().add(new
>>>> >> > >> > WSS4JOutInterceptor(properties));
>>>> >> > >> > >>
>>>> >> > >> > >>
>>>> >> > >> > >> On Fri, Jul 12, 2013 at 4:36 PM, Colm O hEigeartaigh <
>>>> >> > >> > coheigea@apache.org
>>>> >> > >> > >> > wrote:
>>>> >> > >> > >>
>>>> >> > >> > >>> ou could create a CXF interceptor that sets the username
>>>> on the
>>>> >> > fly,
>>>> >> > >> > >>> before the WSS4JOutInterceptor is called.
>>>> >> > >> > >>
>>>> >> > >> > >>
>>>> >> > >> > >>
>>>> >> > >> > >>
>>>> >> > >> > >
>>>> >> > >> > >
>>>> >> > >> > > --
>>>> >> > >> > > Colm O hEigeartaigh
>>>> >> > >> > >
>>>> >> > >> > > Talend Community Coder
>>>> >> > >> > > http://coders.talend.com
>>>> >> > >> > >
>>>> >> > >> >
>>>> >> > >>
>>>> >> > >>
>>>> >> > >>
>>>> >> > >> --
>>>> >> > >> Colm O hEigeartaigh
>>>> >> > >>
>>>> >> > >> Talend Community Coder
>>>> >> > >> http://coders.talend.com
>>>> >> > >>
>>>> >> > >
>>>> >> > >
>>>> >> >
>>>> >>
>>>> >>
>>>> >>
>>>> >> --
>>>> >> Colm O hEigeartaigh
>>>> >>
>>>> >> Talend Community Coder
>>>> >> http://coders.talend.com
>>>> >>
>>>> >
>>>> >
>>>>
>>>>
>>>> --
>>>> Colm O hEigeartaigh
>>>>
>>>> Talend Community Coder
>>>> http://coders.talend.com
>>>>
>>>
>>>
>>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: CXF client - how to dynamically set user/password at runtime
Posted by Thomas Manson <de...@gmail.com>.
I forgot to include the webservice2.xml file :
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jaxws="http://cxf.apache.org/jaxws"
xmlns:cxf="http://cxf.apache.org/core"
xmlns:p="http://cxf.apache.org/policy"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd
http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
">
<cxf:bus>
<cxf:features>
<p:policies/>
<cxf:logging/>
</cxf:features>
</cxf:bus>
<jaxws:client
id="WorkListServiceProxyFactory"
name="{http://services.brm.n2.tibco.com}WorkListService_EP"
serviceClass="com.tibco.n2.brm.services.WorkListService"
address="http://192.168.2.212:8080/amxbpm/WorkListService">
<jaxws:properties>
<entry key="ws-security.callback-handler"
value="com.mansonthomas.amxbpm.customwebapp.services.amxbpm.security.PasswordCallbackHandler"
/>
</jaxws:properties>
</jaxws:client>
</beans>
On Wed, Oct 2, 2013 at 12:37 PM, Thomas Manson
<de...@gmail.com>wrote:
> Hi Colm,
>
> I can't make it work while I'm exactly in the configuration you're
> suggesting (and that is in the example you gave me) and I don't get what I
> miss :
>
> So in my spring bean, I initialize as suggested the WebService :
>
>
>
> ###################################################################################
> public WorkListServiceImpl2( ContextService contextService) throws
> Exception
> {
> this.contextService = contextService;
>
> SpringBusFactory bf = new SpringBusFactory();
> URL busFile =
> this.contextService.getResource("/WEB-INF/spring/webservices2.xml");
>
> Bus bus = bf.createBus(busFile.toString());
> SpringBusFactory.setDefaultBus(bus);
> SpringBusFactory.setThreadDefaultBus(bus);
>
> URL wsdl = this.contextService.getResource("/wsdl/brm.wsdl");
>
> Service service = Service.create(wsdl, new QName("
> http://services.brm.n2.tibco.com","WorkListService"));
> QName portQName = new QName("http://services.brm.n2.tibco.com",
> "WorkListService_EP");
>
> this.workListService = service.getPort(portQName, WorkListService.class);
>
> }
>
> ###################################################################################
>
> I use afterPropertySet() of Spring to call the webservice right after
> Spring init.
>
>
> ###################################################################################
> public List<WorkItemFwk> getWorkListItems(String username,
> WorkListItemQuery workListItemQuery)
> {
> //... init this object : getWorkListItems
> try
> {
>
> ((BindingProvider)this.workListService).getRequestContext().put("thread.local.request.context",
> "true");
>
> ((BindingProvider)this.workListService).getRequestContext().put(SecurityConstants.USERNAME,
> username);
>
> getWorkListItemsResponse =
> this.workListService.getWorkListItems(getWorkListItems);
> }
> catch(Exception e)
> {
> logger.error("Error while getting worklistItems for
> "+workListItemQuery.toString(),e);
> }
>
> ###################################################################################
>
> And yet there's no SOAP header set in the request:
>
>
> oct. 02, 2013 12:28:11 PM
> org.apache.cxf.services.WorkListService.WorkListService_EP.WorkListService
> INFO: Outbound Message
> ---------------------------
> ID: 1
> Address: http://192.168.2.212:8080/amxbpm/WorkListService
> Encoding: UTF-8
> Http-Method: POST
> Content-Type: text/xml
> Headers: {Accept=[*/*], SOAPAction=["getWorkListItems"]}
> Payload: <soap:Envelope xmlns:soap="
> http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><ns2:getWorkListItems
> xmlns:ns2="http://api.brm.n2.tibco.com" xmlns:ns3="
> http://exception.api.brm.n2.tibco.com" xmlns:ns4="
> http://exception.api.common.n2.tibco.com" xmlns:ns5="
> http://www.tibco.com/XPD/ScriptDescriptor/" xmlns:ns6="
> http://exception.api.de.n2.tibco.com" startPosition="0"
> numberOfItems="10" getTotalCount="true"><entityID entity-type="RESOURCE"
> guid="tibco-admin"
> model-version="-1"/><orderFilterCriteria/></ns2:getWorkListItems></soap:Body></soap:Envelope>
> --------------------------------------
>
> So I get the following expection :
>
> javax.xml.ws.soap.SOAPFaultException: Authentication Failed.
> AuthNSAML20Principal set in Subject is null or empty.
>
>
> oct. 02, 2013 12:28:11 PM
> org.apache.cxf.services.WorkListService.WorkListService_EP.WorkListService
> INFO: Inbound Message
> ----------------------------
> ID: 1
> Response-Code: 500
> Encoding: UTF-8
> Content-Type: text/xml; charset=utf-8
> Headers: {Content-Length=[605], content-type=[text/xml; charset=utf-8],
> Date=[Wed, 02 Oct 2013 10:27:43 GMT], Expires=[Thu, 01 Jan 1970 00:00:00
> GMT],
> Set-Cookie=[JSESSIONID=1houdu4luwh4caof40jy2d8x6;Path=/amxbpm;HttpOnly]}
> Payload: <?xml version="1.0" encoding="UTF-8"?>
> <SOAP-ENV:Envelope xmlns:SOAP-ENV="
> http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode>SOAP-ENV:Server</faultcode><faultstring>Authentication
> Failed. AuthNSAML20Principal set in Subject is null or
> empty.</faultstring><faultactor>DefaultRole</faultactor><detail><tibco:myFaultDetail
> xmlns:tibco="http://tibcouri/">com.tibco.amf.spline.api.context.SplineMessagingException:
> Authentication Failed. AuthNSAML20Principal set in Subject is null or empty.
>
> </tibco:myFaultDetail></detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>
> --------------------------------------
>
>
>
>
> Any idea before I jump through the window ? ;)
>
> Thanks,
> Thomas.
>
>
>
>
> On Thu, Sep 26, 2013 at 4:36 PM, Thomas Manson <dev.mansonthomas@gmail.com
> > wrote:
>
>> Hi Colm,
>>
>> I know I'm probably exasperating you with my dumb questions, but I really
>> need help...
>>
>>
>> So reading the FAQ, I understand that we're thread safe if we use :
>>
>> ((BindingProvider)proxy).getRequestContext().put(
>> "thread.local.request.context", "true");
>>
>> before calling
>>
>> ((BindingProvider)*this*.workListService
>> ).getRequestContext().put(SecurityConstants.*USERNAME*, "Alice");
>>
>> Right ?
>>
>>
>> With the JaxWSClient, I've tried to use
>>
>>
>> ((BindingProvider)utPort).getRequestContext().put(SecurityConstants.USERNAME,
>> "Alice");
>>
>> and it didn't had any effect... (I was making subsequent call, and
>> changing the username)
>>
>> The web service response was the same for the two user, while one should
>> have replied an empty response.
>>
>> * try
>> * {
>> ((BindingProvider)*this*.workListService
>> ).getRequestContext().put(SecurityConstants.*USERNAME*, username);
>> getWorkListItemsResponse = *this*.workListService
>> .getWorkListItems(getWorkListItems);
>> }
>> *catch*(Exception e)
>> {
>> *logger*.error("Error while getting worklistItems for "
>> +workListItemQuery.toString());
>> }
>>
>> Did I miss somehting ?
>>
>>
>>
>> One other thing I did understand in the meantime, is that, by using
>>
>> JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
>> factory.setServiceClass(WorkListService.class);
>> factory.setAddress(this.endpoint);
>> //
>> factory.setWsdlLocation("D:/ARTIC/SOURCE/artic/trunk/webapp/src/main/webapp/WSDL/brm.wsdl");
>> factory.setServiceName(new QName("http://services.brm.n2.tibco.com",
>> "WorkListService"));
>>
>> Or
>>
>> SpringBusFactory bf = new SpringBusFactory();
>> URL busFile = WorkListServiceImpl2.class.getResource("client.xml");
>>
>> Bus bus = bf.createBus(busFile.toString());
>> SpringBusFactory.setDefaultBus(bus);
>> SpringBusFactory.setThreadDefaultBus(bus);
>>
>> URL wsdl = WorkListServiceImpl2.class.getResource(
>> "/Users/tmanson/Dropbox/crf/AMXBPM-2.1-WS-Client/src/main/resources/brm.wsdl"
>> );
>> Service service = Service.create(wsdl, new QName("
>> http://api.brm.n2.tibco.com", "WorkListService"));
>> QName portQName = new QName("http://services.brm.n2.tibco.com",
>> "WorkListService_EP");
>> this.workListService =
>> service.getPort(portQName, WorkListService.class);
>>
>> etc...
>>
>> we ask CXF to generate on the fly the WS Client, is it correct?
>>
>>
>> Now I've already generated a client (with CXF/Ant), which I want to
>> invoke instead with this code :
>>
>> WorkListService_Service proxy = *new* WorkListService_Service(*new* URL("
>> http://localhost:8080/amxbpm-web/wsdl/brm.wsdl"),
>> *new* QName("http://services.brm.n2.tibco.com","WorkListService"
>> ));
>> *this*.workListService = proxy.getPort( *new* QName("
>> http://services.brm.n2.tibco.com", "WorkListService_EP"),
>> WorkListService.*class*);
>>
>> I wonder how it can be used in conjonction with this code, and How
>> should I handle the authentication part...:
>>
>> SpringBusFactory bf = *new* SpringBusFactory();
>> URL busFile = WorkListServiceImpl2.*class*.getResource("client.xml");
>> Bus bus = bf.createBus(busFile.toString());
>> SpringBusFactory.*setDefaultBus*(bus);
>> SpringBusFactory.*setThreadDefaultBus*(bus);
>>
>>
>> I still dont get what file should I put instead of client.xml as I'm
>> already in a spring context, should I specify the file where I define my
>> bean already ?
>> it's quite confusing...
>>
>>
>> Thomas.
>>
>>
>> On Wed, Sep 25, 2013 at 3:36 PM, Colm O hEigeartaigh <coheigea@apache.org
>> > wrote:
>>
>>> > Is it thread safe ?
>>>
>>> http://cxf.apache.org/faq.html#FAQ-AreJAXWSclientproxiesthreadsafe%3F
>>>
>>> All you need is a JAX-WS client proxy, how you obtain one or set up your
>>> project is up to you...
>>>
>>> Colm.
>>>
>>>
>>> On Tue, Sep 24, 2013 at 2:07 PM, Thomas Manson
>>> <de...@gmail.com>wrote:
>>>
>>> > Hi Colm,
>>> >
>>> > I'm starting to understand that it's another way to configure the
>>> client.
>>> >
>>> > I've two questions :
>>> >
>>> > - Is it thread safe ?
>>> > I guess that it is as I see that the ServiceBus specify a Thread.
>>> > In a J2EE context, should I specify something else than
>>> > SpringBusFactory.setThreadDefaultBus(bus); ?
>>> >
>>> >
>>> > - I'm a bit puzzled by the configuration:
>>> >
>>> >
>>> > SpringBusFactory bf = new SpringBusFactory();
>>> > URL busFile = UsernameTokenTest.class.getResource("client/client.xml");
>>> >
>>> >
>>> > This code load a Spring configuration file, while I already have mine +
>>> > the client.xml configuration has some cxf:bus definition (is it the
>>> same
>>> > thing ? SringBusFactory & cxf:bus ?).
>>> >
>>> > So I wonder I can't just use this code in an existing spring context,
>>> How
>>> > should I transpose this within an existing spring context?
>>> >
>>> >
>>> > How I think it would work is :
>>> >
>>> >
>>> > - Use your way to setup SpringBus and the Client
>>> > - Have a Spring class X that has the WS Client as dependency
>>> > - X implement each method of the WS(+some additional business logic)
>>> > and set the username dynamically <= I still don't know how to do
>>> this...
>>> >
>>> > Is it the correct way ?
>>> >
>>> > Thomas.
>>> >
>>> > Here is my current work in progress spring file
>>> >
>>> > <beans xmlns="http://www.springframework.org/schema/beans"
>>> >
>>> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:cxf="
>>> > http://cxf.apache.org/core"
>>> > xsi:schemaLocation="
>>> > http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
>>> > http://www.springframework.org/schema/beans
>>> > http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
>>> >
>>> >
>>> > <cxf:bus>
>>> > <cxf:features>
>>> > <cxf:logging />
>>> > </cxf:features>
>>> > </cxf:bus>
>>> >
>>> >
>>> >
>>> > <!--
>>> >
>>> /Users/tmanson/Dropbox/crf/AMXBPM-2.1-WS-Client/src/main/resources/de.wsdl
>>> > -->
>>> > <jaxws:client
>>> > name="{http://services.brm.n2.tibco.com
>>> }EntityResolverService"
>>> >
>>> >
>>> wsdlLocation="/Users/tmanson/Dropbox/crf/AMXBPM-2.1-WS-Client/src/main/resources/de.wsdl"
>>> > serviceClass="com.tibco.n2.de.services.EntityResolverService"
>>> > address="
>>> http://192.168.2.202:8080/amxbpm/EntityResolverService"
>>> > createdFromAPI="true">
>>> > <jaxws:properties>
>>> > <entry key="ws-security.callback-handler"
>>> >
>>> >
>>> value="com.mansonthomas.amxbpm.customwebapp.services.amxbpm.security.PasswordCallbackHandler"
>>> > />
>>> > </jaxws:properties>
>>> > </jaxws:client>
>>> >
>>> > </beans>
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>> > On Tue, Sep 24, 2013 at 11:41 AM, Colm O hEigeartaigh <
>>> coheigea@apache.org
>>> > > wrote:
>>> >
>>> >> Look at the last test here:
>>> >>
>>> >>
>>> >>
>>> http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java?view=markup
>>> >>
>>> >>
>>> >>
>>> ((BindingProvider)utPort).getRequestContext().put(SecurityConstants.USERNAME,
>>> >> "Alice");
>>> >>
>>> >> Colm.
>>> >>
>>> >>
>>> >> On Tue, Sep 24, 2013 at 10:33 AM, Thomas Manson
>>> >> <de...@gmail.com>wrote:
>>> >>
>>> >> > Hi Colm,
>>> >> >
>>> >> > I'm back working on this subject (was on pause as I was working
>>> for
>>> >> other
>>> >> > clients)
>>> >> >
>>> >> > I've checked out the SVN repo you gave me, and I've looked
>>> through the
>>> >> > samples configurations (client.xml) and I can't find anything
>>> >> appropriate.
>>> >> >
>>> >> > In the UT (Username Token I guess), the username is always
>>> provided in
>>> >> the
>>> >> > configuration file.
>>> >> > The saml/x509 configuration still refers to Alice.properties...
>>> >> >
>>> >> >
>>> >> > In my case, the username shouldn't appear in the configuration
>>> files,
>>> >> as
>>> >> > I need to use the J2EE Principal as login, and call the webservice
>>> to
>>> >> > authenticate the user.
>>> >> >
>>> >> > Could you point me to the right direction ?
>>> >> >
>>> >> > Thomas.
>>> >> >
>>> >> >
>>> >> >
>>> >> >
>>> >> >
>>> >> > On Sat, Jul 13, 2013 at 1:45 AM, Thomas Manson
>>> >> > <de...@gmail.com>wrote:
>>> >> >
>>> >> > > Thanks, it will surely help a lot :)
>>> >> > >
>>> >> > > Thomas.
>>> >> > >
>>> >> > >
>>> >> > > On Fri, Jul 12, 2013 at 6:05 PM, Colm O hEigeartaigh <
>>> >> > coheigea@apache.org>wrote:
>>> >> > >
>>> >> > >> Please take a look at the tests here:
>>> >> > >>
>>> >> > >>
>>> >> > >>
>>> >> >
>>> >>
>>> http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security-examples/
>>> >> > >>
>>> >> > >> Colm.
>>> >> > >>
>>> >> > >>
>>> >> > >> On Fri, Jul 12, 2013 at 4:22 PM, Thomas Manson
>>> >> > >> <de...@gmail.com>wrote:
>>> >> > >>
>>> >> > >> > Do you have any other pointer that this page :
>>> >> > >> >
>>> >> > >> > cxf.apache.org/docs/ws-securitypolicy.html
>>> >> > >> >
>>> >> > >> > it's way to short for me as documentation to build something
>>> that
>>> >> > work.
>>> >> > >> > When I read the properties described, I feel there's a mix
>>> between
>>> >> > >> server
>>> >> > >> > side properties (which I'm not interested as I'm just
>>> implementing
>>> >> a
>>> >> > >> > client)... + it starts with extra properties... where are the
>>> basic
>>> >> > >> ones?
>>> >> > >> >
>>> >> > >> > what would help is a full example of the code of a client.
>>> >> > >> >
>>> >> > >> > I'm quite lost ;)
>>> >> > >> >
>>> >> > >> >
>>> >> > >> >
>>> >> > >> >
>>> >> > >> > On Fri, Jul 12, 2013 at 5:09 PM, Colm O hEigeartaigh <
>>> >> > >> coheigea@apache.org
>>> >> > >> > >wrote:
>>> >> > >> >
>>> >> > >> > >
>>> >> > >> > > If you follow the WS-SecurityPolicy approach then it will
>>> work,
>>> >> as
>>> >> > >> all of
>>> >> > >> > > the configuration is taken from the context rather than a
>>> >> properties
>>> >> > >> Map.
>>> >> > >> > >
>>> >> > >> > > Colm.
>>> >> > >> > >
>>> >> > >> > >
>>> >> > >> > > On Fri, Jul 12, 2013 at 4:01 PM, Thomas Manson <
>>> >> > >> > dev.mansonthomas@gmail.com
>>> >> > >> > > > wrote:
>>> >> > >> > >
>>> >> > >> > >> I already does what you say as follow, but it mean one
>>> >> instance of
>>> >> > >> the
>>> >> > >> > >> client per user connected.
>>> >> > >> > >>
>>> >> > >> > >>
>>> >> > >> > >> I've search quite some time dans didn't find a way to set
>>> >> something
>>> >> > >> like
>>> >> > >> > >> the password callback handler.
>>> >> > >> > >>
>>> >> > >> > >>
>>> >> > >> > >>
>>> >> > >> > >> JaxWsProxyFactoryBean factory = new
>>> JaxWsProxyFactoryBean();
>>> >> > >> > >>
>>> >> > >> > >> factory.setServiceClass(WorkListService.class);
>>> >> > >> > >>
>>> >> > >> > >> factory.setAddress(this.endpoint);
>>> >> > >> > >>
>>> >> > >> > >> //
>>> >> > >> > >>
>>> >> > >> >
>>> >> > >>
>>> >> >
>>> >>
>>> factory.setWsdlLocation("D:/ARTIC/SOURCE/artic/trunk/webapp/src/main/webapp/WSDL/brm.wsdl");
>>> >> > >> > >>
>>> >> > >> > >> factory.setServiceName(new QName("
>>> >> > >> http://services.brm.n2.tibco.com
>>> >> > >> > ",
>>> >> > >> > >> "WorkListService"));
>>> >> > >> > >>
>>> >> > >> > >> WorkListService workListService = (WorkListService)
>>> >> > >> > factory.create();
>>> >> > >> > >>
>>> >> > >> > >>
>>> >> > >> > >> Client client =
>>> ClientProxy.getClient(workListService);
>>> >> > >> > >>
>>> >> > >> > >>
>>> >> > >> > >> Map<String, Object> properties = new HashMap<String,
>>> >> Object>();
>>> >> > >> > >>
>>> >> > >> > >> properties.put(WSHandlerConstants.ACTION ,
>>> >> > >> > >> WSHandlerConstants.USERNAME_TOKEN);
>>> >> > >> > >>
>>> >> > >> > >> properties.put(WSHandlerConstants.USER ,
>>> >> > >> this.username);
>>> >> > >> > >>
>>> >> > >> > >> properties.put(WSHandlerConstants.PASSWORD_TYPE ,
>>> >> > WSConstants.
>>> >> > >> > >> PW_TEXT);// "PasswordDigest"
>>> >> > >> > >>
>>> >> > >> > >> properties.put(WSHandlerConstants.PW_CALLBACK_REF ,
>>> >> > >> > newPasswordCallbackHandler(
>>> >> > >> > >> this.username, password, "password"));
>>> >> > >> > >>
>>> >> > >> > >>
>>> >> > >> > >> client.getOutInterceptors().add(new
>>> >> > >> > WSS4JOutInterceptor(properties));
>>> >> > >> > >>
>>> >> > >> > >>
>>> >> > >> > >> On Fri, Jul 12, 2013 at 4:36 PM, Colm O hEigeartaigh <
>>> >> > >> > coheigea@apache.org
>>> >> > >> > >> > wrote:
>>> >> > >> > >>
>>> >> > >> > >>> ou could create a CXF interceptor that sets the username
>>> on the
>>> >> > fly,
>>> >> > >> > >>> before the WSS4JOutInterceptor is called.
>>> >> > >> > >>
>>> >> > >> > >>
>>> >> > >> > >>
>>> >> > >> > >>
>>> >> > >> > >
>>> >> > >> > >
>>> >> > >> > > --
>>> >> > >> > > Colm O hEigeartaigh
>>> >> > >> > >
>>> >> > >> > > Talend Community Coder
>>> >> > >> > > http://coders.talend.com
>>> >> > >> > >
>>> >> > >> >
>>> >> > >>
>>> >> > >>
>>> >> > >>
>>> >> > >> --
>>> >> > >> Colm O hEigeartaigh
>>> >> > >>
>>> >> > >> Talend Community Coder
>>> >> > >> http://coders.talend.com
>>> >> > >>
>>> >> > >
>>> >> > >
>>> >> >
>>> >>
>>> >>
>>> >>
>>> >> --
>>> >> Colm O hEigeartaigh
>>> >>
>>> >> Talend Community Coder
>>> >> http://coders.talend.com
>>> >>
>>> >
>>> >
>>>
>>>
>>> --
>>> Colm O hEigeartaigh
>>>
>>> Talend Community Coder
>>> http://coders.talend.com
>>>
>>
>>
>
Re: CXF client - how to dynamically set user/password at runtime
Posted by Thomas Manson <de...@gmail.com>.
Hi Colm,
I can't make it work while I'm exactly in the configuration you're
suggesting (and that is in the example you gave me) and I don't get what I
miss :
So in my spring bean, I initialize as suggested the WebService :
###################################################################################
public WorkListServiceImpl2( ContextService contextService) throws Exception
{
this.contextService = contextService;
SpringBusFactory bf = new SpringBusFactory();
URL busFile =
this.contextService.getResource("/WEB-INF/spring/webservices2.xml");
Bus bus = bf.createBus(busFile.toString());
SpringBusFactory.setDefaultBus(bus);
SpringBusFactory.setThreadDefaultBus(bus);
URL wsdl = this.contextService.getResource("/wsdl/brm.wsdl");
Service service = Service.create(wsdl, new QName("
http://services.brm.n2.tibco.com","WorkListService"));
QName portQName = new QName("http://services.brm.n2.tibco.com",
"WorkListService_EP");
this.workListService = service.getPort(portQName, WorkListService.class);
}
###################################################################################
I use afterPropertySet() of Spring to call the webservice right after
Spring init.
###################################################################################
public List<WorkItemFwk> getWorkListItems(String username,
WorkListItemQuery workListItemQuery)
{
//... init this object : getWorkListItems
try
{
((BindingProvider)this.workListService).getRequestContext().put("thread.local.request.context",
"true");
((BindingProvider)this.workListService).getRequestContext().put(SecurityConstants.USERNAME,
username);
getWorkListItemsResponse =
this.workListService.getWorkListItems(getWorkListItems);
}
catch(Exception e)
{
logger.error("Error while getting worklistItems for
"+workListItemQuery.toString(),e);
}
###################################################################################
And yet there's no SOAP header set in the request:
oct. 02, 2013 12:28:11 PM
org.apache.cxf.services.WorkListService.WorkListService_EP.WorkListService
INFO: Outbound Message
---------------------------
ID: 1
Address: http://192.168.2.212:8080/amxbpm/WorkListService
Encoding: UTF-8
Http-Method: POST
Content-Type: text/xml
Headers: {Accept=[*/*], SOAPAction=["getWorkListItems"]}
Payload: <soap:Envelope xmlns:soap="
http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><ns2:getWorkListItems
xmlns:ns2="http://api.brm.n2.tibco.com" xmlns:ns3="
http://exception.api.brm.n2.tibco.com" xmlns:ns4="
http://exception.api.common.n2.tibco.com" xmlns:ns5="
http://www.tibco.com/XPD/ScriptDescriptor/" xmlns:ns6="
http://exception.api.de.n2.tibco.com" startPosition="0" numberOfItems="10"
getTotalCount="true"><entityID entity-type="RESOURCE" guid="tibco-admin"
model-version="-1"/><orderFilterCriteria/></ns2:getWorkListItems></soap:Body></soap:Envelope>
--------------------------------------
So I get the following expection :
javax.xml.ws.soap.SOAPFaultException: Authentication Failed.
AuthNSAML20Principal set in Subject is null or empty.
oct. 02, 2013 12:28:11 PM
org.apache.cxf.services.WorkListService.WorkListService_EP.WorkListService
INFO: Inbound Message
----------------------------
ID: 1
Response-Code: 500
Encoding: UTF-8
Content-Type: text/xml; charset=utf-8
Headers: {Content-Length=[605], content-type=[text/xml; charset=utf-8],
Date=[Wed, 02 Oct 2013 10:27:43 GMT], Expires=[Thu, 01 Jan 1970 00:00:00
GMT],
Set-Cookie=[JSESSIONID=1houdu4luwh4caof40jy2d8x6;Path=/amxbpm;HttpOnly]}
Payload: <?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode>SOAP-ENV:Server</faultcode><faultstring>Authentication
Failed. AuthNSAML20Principal set in Subject is null or
empty.</faultstring><faultactor>DefaultRole</faultactor><detail><tibco:myFaultDetail
xmlns:tibco="http://tibcouri/">com.tibco.amf.spline.api.context.SplineMessagingException:
Authentication Failed. AuthNSAML20Principal set in Subject is null or empty.
</tibco:myFaultDetail></detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>
--------------------------------------
Any idea before I jump through the window ? ;)
Thanks,
Thomas.
On Thu, Sep 26, 2013 at 4:36 PM, Thomas Manson
<de...@gmail.com>wrote:
> Hi Colm,
>
> I know I'm probably exasperating you with my dumb questions, but I really
> need help...
>
>
> So reading the FAQ, I understand that we're thread safe if we use :
>
> ((BindingProvider)proxy).getRequestContext().put(
> "thread.local.request.context", "true");
>
> before calling
>
> ((BindingProvider)*this*.workListService
> ).getRequestContext().put(SecurityConstants.*USERNAME*, "Alice");
>
> Right ?
>
>
> With the JaxWSClient, I've tried to use
>
>
> ((BindingProvider)utPort).getRequestContext().put(SecurityConstants.USERNAME,
> "Alice");
>
> and it didn't had any effect... (I was making subsequent call, and
> changing the username)
>
> The web service response was the same for the two user, while one should
> have replied an empty response.
>
> * try
> * {
> ((BindingProvider)*this*.workListService
> ).getRequestContext().put(SecurityConstants.*USERNAME*, username);
> getWorkListItemsResponse = *this*.workListService
> .getWorkListItems(getWorkListItems);
> }
> *catch*(Exception e)
> {
> *logger*.error("Error while getting worklistItems for "
> +workListItemQuery.toString());
> }
>
> Did I miss somehting ?
>
>
>
> One other thing I did understand in the meantime, is that, by using
>
> JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
> factory.setServiceClass(WorkListService.class);
> factory.setAddress(this.endpoint);
> //
> factory.setWsdlLocation("D:/ARTIC/SOURCE/artic/trunk/webapp/src/main/webapp/WSDL/brm.wsdl");
> factory.setServiceName(new QName("http://services.brm.n2.tibco.com",
> "WorkListService"));
>
> Or
>
> SpringBusFactory bf = new SpringBusFactory();
> URL busFile = WorkListServiceImpl2.class.getResource("client.xml");
>
> Bus bus = bf.createBus(busFile.toString());
> SpringBusFactory.setDefaultBus(bus);
> SpringBusFactory.setThreadDefaultBus(bus);
>
> URL wsdl = WorkListServiceImpl2.class.getResource(
> "/Users/tmanson/Dropbox/crf/AMXBPM-2.1-WS-Client/src/main/resources/brm.wsdl"
> );
> Service service = Service.create(wsdl, new QName("
> http://api.brm.n2.tibco.com", "WorkListService"));
> QName portQName = new QName("http://services.brm.n2.tibco.com",
> "WorkListService_EP");
> this.workListService =
> service.getPort(portQName, WorkListService.class);
>
> etc...
>
> we ask CXF to generate on the fly the WS Client, is it correct?
>
>
> Now I've already generated a client (with CXF/Ant), which I want to invoke
> instead with this code :
>
> WorkListService_Service proxy = *new* WorkListService_Service(*new* URL("
> http://localhost:8080/amxbpm-web/wsdl/brm.wsdl"),
> *new* QName("http://services.brm.n2.tibco.com","WorkListService"
> ));
> *this*.workListService = proxy.getPort( *new* QName("
> http://services.brm.n2.tibco.com", "WorkListService_EP"), WorkListService.
> *class*);
>
> I wonder how it can be used in conjonction with this code, and How
> should I handle the authentication part...:
>
> SpringBusFactory bf = *new* SpringBusFactory();
> URL busFile = WorkListServiceImpl2.*class*.getResource("client.xml");
> Bus bus = bf.createBus(busFile.toString());
> SpringBusFactory.*setDefaultBus*(bus);
> SpringBusFactory.*setThreadDefaultBus*(bus);
>
>
> I still dont get what file should I put instead of client.xml as I'm
> already in a spring context, should I specify the file where I define my
> bean already ?
> it's quite confusing...
>
>
> Thomas.
>
>
> On Wed, Sep 25, 2013 at 3:36 PM, Colm O hEigeartaigh <co...@apache.org>wrote:
>
>> > Is it thread safe ?
>>
>> http://cxf.apache.org/faq.html#FAQ-AreJAXWSclientproxiesthreadsafe%3F
>>
>> All you need is a JAX-WS client proxy, how you obtain one or set up your
>> project is up to you...
>>
>> Colm.
>>
>>
>> On Tue, Sep 24, 2013 at 2:07 PM, Thomas Manson
>> <de...@gmail.com>wrote:
>>
>> > Hi Colm,
>> >
>> > I'm starting to understand that it's another way to configure the
>> client.
>> >
>> > I've two questions :
>> >
>> > - Is it thread safe ?
>> > I guess that it is as I see that the ServiceBus specify a Thread.
>> > In a J2EE context, should I specify something else than
>> > SpringBusFactory.setThreadDefaultBus(bus); ?
>> >
>> >
>> > - I'm a bit puzzled by the configuration:
>> >
>> >
>> > SpringBusFactory bf = new SpringBusFactory();
>> > URL busFile = UsernameTokenTest.class.getResource("client/client.xml");
>> >
>> >
>> > This code load a Spring configuration file, while I already have mine +
>> > the client.xml configuration has some cxf:bus definition (is it the same
>> > thing ? SringBusFactory & cxf:bus ?).
>> >
>> > So I wonder I can't just use this code in an existing spring context,
>> How
>> > should I transpose this within an existing spring context?
>> >
>> >
>> > How I think it would work is :
>> >
>> >
>> > - Use your way to setup SpringBus and the Client
>> > - Have a Spring class X that has the WS Client as dependency
>> > - X implement each method of the WS(+some additional business logic)
>> > and set the username dynamically <= I still don't know how to do
>> this...
>> >
>> > Is it the correct way ?
>> >
>> > Thomas.
>> >
>> > Here is my current work in progress spring file
>> >
>> > <beans xmlns="http://www.springframework.org/schema/beans"
>> >
>> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:cxf="
>> > http://cxf.apache.org/core"
>> > xsi:schemaLocation="
>> > http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
>> > http://www.springframework.org/schema/beans
>> > http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
>> >
>> >
>> > <cxf:bus>
>> > <cxf:features>
>> > <cxf:logging />
>> > </cxf:features>
>> > </cxf:bus>
>> >
>> >
>> >
>> > <!--
>> >
>> /Users/tmanson/Dropbox/crf/AMXBPM-2.1-WS-Client/src/main/resources/de.wsdl
>> > -->
>> > <jaxws:client
>> > name="{http://services.brm.n2.tibco.com
>> }EntityResolverService"
>> >
>> >
>> wsdlLocation="/Users/tmanson/Dropbox/crf/AMXBPM-2.1-WS-Client/src/main/resources/de.wsdl"
>> > serviceClass="com.tibco.n2.de.services.EntityResolverService"
>> > address="
>> http://192.168.2.202:8080/amxbpm/EntityResolverService"
>> > createdFromAPI="true">
>> > <jaxws:properties>
>> > <entry key="ws-security.callback-handler"
>> >
>> >
>> value="com.mansonthomas.amxbpm.customwebapp.services.amxbpm.security.PasswordCallbackHandler"
>> > />
>> > </jaxws:properties>
>> > </jaxws:client>
>> >
>> > </beans>
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> > On Tue, Sep 24, 2013 at 11:41 AM, Colm O hEigeartaigh <
>> coheigea@apache.org
>> > > wrote:
>> >
>> >> Look at the last test here:
>> >>
>> >>
>> >>
>> http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java?view=markup
>> >>
>> >>
>> >>
>> ((BindingProvider)utPort).getRequestContext().put(SecurityConstants.USERNAME,
>> >> "Alice");
>> >>
>> >> Colm.
>> >>
>> >>
>> >> On Tue, Sep 24, 2013 at 10:33 AM, Thomas Manson
>> >> <de...@gmail.com>wrote:
>> >>
>> >> > Hi Colm,
>> >> >
>> >> > I'm back working on this subject (was on pause as I was working for
>> >> other
>> >> > clients)
>> >> >
>> >> > I've checked out the SVN repo you gave me, and I've looked through
>> the
>> >> > samples configurations (client.xml) and I can't find anything
>> >> appropriate.
>> >> >
>> >> > In the UT (Username Token I guess), the username is always provided
>> in
>> >> the
>> >> > configuration file.
>> >> > The saml/x509 configuration still refers to Alice.properties...
>> >> >
>> >> >
>> >> > In my case, the username shouldn't appear in the configuration
>> files,
>> >> as
>> >> > I need to use the J2EE Principal as login, and call the webservice to
>> >> > authenticate the user.
>> >> >
>> >> > Could you point me to the right direction ?
>> >> >
>> >> > Thomas.
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > On Sat, Jul 13, 2013 at 1:45 AM, Thomas Manson
>> >> > <de...@gmail.com>wrote:
>> >> >
>> >> > > Thanks, it will surely help a lot :)
>> >> > >
>> >> > > Thomas.
>> >> > >
>> >> > >
>> >> > > On Fri, Jul 12, 2013 at 6:05 PM, Colm O hEigeartaigh <
>> >> > coheigea@apache.org>wrote:
>> >> > >
>> >> > >> Please take a look at the tests here:
>> >> > >>
>> >> > >>
>> >> > >>
>> >> >
>> >>
>> http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security-examples/
>> >> > >>
>> >> > >> Colm.
>> >> > >>
>> >> > >>
>> >> > >> On Fri, Jul 12, 2013 at 4:22 PM, Thomas Manson
>> >> > >> <de...@gmail.com>wrote:
>> >> > >>
>> >> > >> > Do you have any other pointer that this page :
>> >> > >> >
>> >> > >> > cxf.apache.org/docs/ws-securitypolicy.html
>> >> > >> >
>> >> > >> > it's way to short for me as documentation to build something
>> that
>> >> > work.
>> >> > >> > When I read the properties described, I feel there's a mix
>> between
>> >> > >> server
>> >> > >> > side properties (which I'm not interested as I'm just
>> implementing
>> >> a
>> >> > >> > client)... + it starts with extra properties... where are the
>> basic
>> >> > >> ones?
>> >> > >> >
>> >> > >> > what would help is a full example of the code of a client.
>> >> > >> >
>> >> > >> > I'm quite lost ;)
>> >> > >> >
>> >> > >> >
>> >> > >> >
>> >> > >> >
>> >> > >> > On Fri, Jul 12, 2013 at 5:09 PM, Colm O hEigeartaigh <
>> >> > >> coheigea@apache.org
>> >> > >> > >wrote:
>> >> > >> >
>> >> > >> > >
>> >> > >> > > If you follow the WS-SecurityPolicy approach then it will
>> work,
>> >> as
>> >> > >> all of
>> >> > >> > > the configuration is taken from the context rather than a
>> >> properties
>> >> > >> Map.
>> >> > >> > >
>> >> > >> > > Colm.
>> >> > >> > >
>> >> > >> > >
>> >> > >> > > On Fri, Jul 12, 2013 at 4:01 PM, Thomas Manson <
>> >> > >> > dev.mansonthomas@gmail.com
>> >> > >> > > > wrote:
>> >> > >> > >
>> >> > >> > >> I already does what you say as follow, but it mean one
>> >> instance of
>> >> > >> the
>> >> > >> > >> client per user connected.
>> >> > >> > >>
>> >> > >> > >>
>> >> > >> > >> I've search quite some time dans didn't find a way to set
>> >> something
>> >> > >> like
>> >> > >> > >> the password callback handler.
>> >> > >> > >>
>> >> > >> > >>
>> >> > >> > >>
>> >> > >> > >> JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
>> >> > >> > >>
>> >> > >> > >> factory.setServiceClass(WorkListService.class);
>> >> > >> > >>
>> >> > >> > >> factory.setAddress(this.endpoint);
>> >> > >> > >>
>> >> > >> > >> //
>> >> > >> > >>
>> >> > >> >
>> >> > >>
>> >> >
>> >>
>> factory.setWsdlLocation("D:/ARTIC/SOURCE/artic/trunk/webapp/src/main/webapp/WSDL/brm.wsdl");
>> >> > >> > >>
>> >> > >> > >> factory.setServiceName(new QName("
>> >> > >> http://services.brm.n2.tibco.com
>> >> > >> > ",
>> >> > >> > >> "WorkListService"));
>> >> > >> > >>
>> >> > >> > >> WorkListService workListService = (WorkListService)
>> >> > >> > factory.create();
>> >> > >> > >>
>> >> > >> > >>
>> >> > >> > >> Client client =
>> ClientProxy.getClient(workListService);
>> >> > >> > >>
>> >> > >> > >>
>> >> > >> > >> Map<String, Object> properties = new HashMap<String,
>> >> Object>();
>> >> > >> > >>
>> >> > >> > >> properties.put(WSHandlerConstants.ACTION ,
>> >> > >> > >> WSHandlerConstants.USERNAME_TOKEN);
>> >> > >> > >>
>> >> > >> > >> properties.put(WSHandlerConstants.USER ,
>> >> > >> this.username);
>> >> > >> > >>
>> >> > >> > >> properties.put(WSHandlerConstants.PASSWORD_TYPE ,
>> >> > WSConstants.
>> >> > >> > >> PW_TEXT);// "PasswordDigest"
>> >> > >> > >>
>> >> > >> > >> properties.put(WSHandlerConstants.PW_CALLBACK_REF ,
>> >> > >> > newPasswordCallbackHandler(
>> >> > >> > >> this.username, password, "password"));
>> >> > >> > >>
>> >> > >> > >>
>> >> > >> > >> client.getOutInterceptors().add(new
>> >> > >> > WSS4JOutInterceptor(properties));
>> >> > >> > >>
>> >> > >> > >>
>> >> > >> > >> On Fri, Jul 12, 2013 at 4:36 PM, Colm O hEigeartaigh <
>> >> > >> > coheigea@apache.org
>> >> > >> > >> > wrote:
>> >> > >> > >>
>> >> > >> > >>> ou could create a CXF interceptor that sets the username on
>> the
>> >> > fly,
>> >> > >> > >>> before the WSS4JOutInterceptor is called.
>> >> > >> > >>
>> >> > >> > >>
>> >> > >> > >>
>> >> > >> > >>
>> >> > >> > >
>> >> > >> > >
>> >> > >> > > --
>> >> > >> > > Colm O hEigeartaigh
>> >> > >> > >
>> >> > >> > > Talend Community Coder
>> >> > >> > > http://coders.talend.com
>> >> > >> > >
>> >> > >> >
>> >> > >>
>> >> > >>
>> >> > >>
>> >> > >> --
>> >> > >> Colm O hEigeartaigh
>> >> > >>
>> >> > >> Talend Community Coder
>> >> > >> http://coders.talend.com
>> >> > >>
>> >> > >
>> >> > >
>> >> >
>> >>
>> >>
>> >>
>> >> --
>> >> Colm O hEigeartaigh
>> >>
>> >> Talend Community Coder
>> >> http://coders.talend.com
>> >>
>> >
>> >
>>
>>
>> --
>> Colm O hEigeartaigh
>>
>> Talend Community Coder
>> http://coders.talend.com
>>
>
>
Re: CXF client - how to dynamically set user/password at runtime
Posted by Thomas Manson <de...@gmail.com>.
Hi Colm,
I know I'm probably exasperating you with my dumb questions, but I really
need help...
So reading the FAQ, I understand that we're thread safe if we use :
((BindingProvider)proxy).getRequestContext().put(
"thread.local.request.context", "true");
before calling
((BindingProvider)*this*.workListService
).getRequestContext().put(SecurityConstants.*USERNAME*, "Alice");
Right ?
With the JaxWSClient, I've tried to use
((BindingProvider)utPort).getRequestContext().put(SecurityConstants.USERNAME,
"Alice");
and it didn't had any effect... (I was making subsequent call, and changing
the username)
The web service response was the same for the two user, while one should
have replied an empty response.
* try
* {
((BindingProvider)*this*.workListService
).getRequestContext().put(SecurityConstants.*USERNAME*, username);
getWorkListItemsResponse = *this*.workListService
.getWorkListItems(getWorkListItems);
}
*catch*(Exception e)
{
*logger*.error("Error while getting worklistItems for "
+workListItemQuery.toString());
}
Did I miss somehting ?
One other thing I did understand in the meantime, is that, by using
JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
factory.setServiceClass(WorkListService.class);
factory.setAddress(this.endpoint);
//
factory.setWsdlLocation("D:/ARTIC/SOURCE/artic/trunk/webapp/src/main/webapp/WSDL/brm.wsdl");
factory.setServiceName(new QName("http://services.brm.n2.tibco.com",
"WorkListService"));
Or
SpringBusFactory bf = new SpringBusFactory();
URL busFile = WorkListServiceImpl2.class.getResource("client.xml");
Bus bus = bf.createBus(busFile.toString());
SpringBusFactory.setDefaultBus(bus);
SpringBusFactory.setThreadDefaultBus(bus);
URL wsdl = WorkListServiceImpl2.class.getResource(
"/Users/tmanson/Dropbox/crf/AMXBPM-2.1-WS-Client/src/main/resources/brm.wsdl"
);
Service service = Service.create(wsdl, new QName("
http://api.brm.n2.tibco.com", "WorkListService"));
QName portQName = new QName("http://services.brm.n2.tibco.com",
"WorkListService_EP");
this.workListService =
service.getPort(portQName, WorkListService.class);
etc...
we ask CXF to generate on the fly the WS Client, is it correct?
Now I've already generated a client (with CXF/Ant), which I want to invoke
instead with this code :
WorkListService_Service proxy = *new* WorkListService_Service(*new* URL("
http://localhost:8080/amxbpm-web/wsdl/brm.wsdl"),
*new* QName("http://services.brm.n2.tibco.com","WorkListService"));
*this*.workListService = proxy.getPort( *new* QName("
http://services.brm.n2.tibco.com", "WorkListService_EP"), WorkListService.*
class*);
I wonder how it can be used in conjonction with this code, and How should I
handle the authentication part...:
SpringBusFactory bf = *new* SpringBusFactory();
URL busFile = WorkListServiceImpl2.*class*.getResource("client.xml");
Bus bus = bf.createBus(busFile.toString());
SpringBusFactory.*setDefaultBus*(bus);
SpringBusFactory.*setThreadDefaultBus*(bus);
I still dont get what file should I put instead of client.xml as I'm
already in a spring context, should I specify the file where I define my
bean already ?
it's quite confusing...
Thomas.
On Wed, Sep 25, 2013 at 3:36 PM, Colm O hEigeartaigh <co...@apache.org>wrote:
> > Is it thread safe ?
>
> http://cxf.apache.org/faq.html#FAQ-AreJAXWSclientproxiesthreadsafe%3F
>
> All you need is a JAX-WS client proxy, how you obtain one or set up your
> project is up to you...
>
> Colm.
>
>
> On Tue, Sep 24, 2013 at 2:07 PM, Thomas Manson
> <de...@gmail.com>wrote:
>
> > Hi Colm,
> >
> > I'm starting to understand that it's another way to configure the
> client.
> >
> > I've two questions :
> >
> > - Is it thread safe ?
> > I guess that it is as I see that the ServiceBus specify a Thread.
> > In a J2EE context, should I specify something else than
> > SpringBusFactory.setThreadDefaultBus(bus); ?
> >
> >
> > - I'm a bit puzzled by the configuration:
> >
> >
> > SpringBusFactory bf = new SpringBusFactory();
> > URL busFile = UsernameTokenTest.class.getResource("client/client.xml");
> >
> >
> > This code load a Spring configuration file, while I already have mine +
> > the client.xml configuration has some cxf:bus definition (is it the same
> > thing ? SringBusFactory & cxf:bus ?).
> >
> > So I wonder I can't just use this code in an existing spring context,
> How
> > should I transpose this within an existing spring context?
> >
> >
> > How I think it would work is :
> >
> >
> > - Use your way to setup SpringBus and the Client
> > - Have a Spring class X that has the WS Client as dependency
> > - X implement each method of the WS(+some additional business logic)
> > and set the username dynamically <= I still don't know how to do
> this...
> >
> > Is it the correct way ?
> >
> > Thomas.
> >
> > Here is my current work in progress spring file
> >
> > <beans xmlns="http://www.springframework.org/schema/beans"
> >
> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:cxf="
> > http://cxf.apache.org/core"
> > xsi:schemaLocation="
> > http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
> > http://www.springframework.org/schema/beans
> > http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
> >
> >
> > <cxf:bus>
> > <cxf:features>
> > <cxf:logging />
> > </cxf:features>
> > </cxf:bus>
> >
> >
> >
> > <!--
> >
> /Users/tmanson/Dropbox/crf/AMXBPM-2.1-WS-Client/src/main/resources/de.wsdl
> > -->
> > <jaxws:client
> > name="{http://services.brm.n2.tibco.com
> }EntityResolverService"
> >
> >
> wsdlLocation="/Users/tmanson/Dropbox/crf/AMXBPM-2.1-WS-Client/src/main/resources/de.wsdl"
> > serviceClass="com.tibco.n2.de.services.EntityResolverService"
> > address="http://192.168.2.202:8080/amxbpm/EntityResolverService
> "
> > createdFromAPI="true">
> > <jaxws:properties>
> > <entry key="ws-security.callback-handler"
> >
> >
> value="com.mansonthomas.amxbpm.customwebapp.services.amxbpm.security.PasswordCallbackHandler"
> > />
> > </jaxws:properties>
> > </jaxws:client>
> >
> > </beans>
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > On Tue, Sep 24, 2013 at 11:41 AM, Colm O hEigeartaigh <
> coheigea@apache.org
> > > wrote:
> >
> >> Look at the last test here:
> >>
> >>
> >>
> http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java?view=markup
> >>
> >>
> >>
> ((BindingProvider)utPort).getRequestContext().put(SecurityConstants.USERNAME,
> >> "Alice");
> >>
> >> Colm.
> >>
> >>
> >> On Tue, Sep 24, 2013 at 10:33 AM, Thomas Manson
> >> <de...@gmail.com>wrote:
> >>
> >> > Hi Colm,
> >> >
> >> > I'm back working on this subject (was on pause as I was working for
> >> other
> >> > clients)
> >> >
> >> > I've checked out the SVN repo you gave me, and I've looked through
> the
> >> > samples configurations (client.xml) and I can't find anything
> >> appropriate.
> >> >
> >> > In the UT (Username Token I guess), the username is always provided
> in
> >> the
> >> > configuration file.
> >> > The saml/x509 configuration still refers to Alice.properties...
> >> >
> >> >
> >> > In my case, the username shouldn't appear in the configuration
> files,
> >> as
> >> > I need to use the J2EE Principal as login, and call the webservice to
> >> > authenticate the user.
> >> >
> >> > Could you point me to the right direction ?
> >> >
> >> > Thomas.
> >> >
> >> >
> >> >
> >> >
> >> >
> >> > On Sat, Jul 13, 2013 at 1:45 AM, Thomas Manson
> >> > <de...@gmail.com>wrote:
> >> >
> >> > > Thanks, it will surely help a lot :)
> >> > >
> >> > > Thomas.
> >> > >
> >> > >
> >> > > On Fri, Jul 12, 2013 at 6:05 PM, Colm O hEigeartaigh <
> >> > coheigea@apache.org>wrote:
> >> > >
> >> > >> Please take a look at the tests here:
> >> > >>
> >> > >>
> >> > >>
> >> >
> >>
> http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security-examples/
> >> > >>
> >> > >> Colm.
> >> > >>
> >> > >>
> >> > >> On Fri, Jul 12, 2013 at 4:22 PM, Thomas Manson
> >> > >> <de...@gmail.com>wrote:
> >> > >>
> >> > >> > Do you have any other pointer that this page :
> >> > >> >
> >> > >> > cxf.apache.org/docs/ws-securitypolicy.html
> >> > >> >
> >> > >> > it's way to short for me as documentation to build something that
> >> > work.
> >> > >> > When I read the properties described, I feel there's a mix
> between
> >> > >> server
> >> > >> > side properties (which I'm not interested as I'm just
> implementing
> >> a
> >> > >> > client)... + it starts with extra properties... where are the
> basic
> >> > >> ones?
> >> > >> >
> >> > >> > what would help is a full example of the code of a client.
> >> > >> >
> >> > >> > I'm quite lost ;)
> >> > >> >
> >> > >> >
> >> > >> >
> >> > >> >
> >> > >> > On Fri, Jul 12, 2013 at 5:09 PM, Colm O hEigeartaigh <
> >> > >> coheigea@apache.org
> >> > >> > >wrote:
> >> > >> >
> >> > >> > >
> >> > >> > > If you follow the WS-SecurityPolicy approach then it will work,
> >> as
> >> > >> all of
> >> > >> > > the configuration is taken from the context rather than a
> >> properties
> >> > >> Map.
> >> > >> > >
> >> > >> > > Colm.
> >> > >> > >
> >> > >> > >
> >> > >> > > On Fri, Jul 12, 2013 at 4:01 PM, Thomas Manson <
> >> > >> > dev.mansonthomas@gmail.com
> >> > >> > > > wrote:
> >> > >> > >
> >> > >> > >> I already does what you say as follow, but it mean one
> >> instance of
> >> > >> the
> >> > >> > >> client per user connected.
> >> > >> > >>
> >> > >> > >>
> >> > >> > >> I've search quite some time dans didn't find a way to set
> >> something
> >> > >> like
> >> > >> > >> the password callback handler.
> >> > >> > >>
> >> > >> > >>
> >> > >> > >>
> >> > >> > >> JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
> >> > >> > >>
> >> > >> > >> factory.setServiceClass(WorkListService.class);
> >> > >> > >>
> >> > >> > >> factory.setAddress(this.endpoint);
> >> > >> > >>
> >> > >> > >> //
> >> > >> > >>
> >> > >> >
> >> > >>
> >> >
> >>
> factory.setWsdlLocation("D:/ARTIC/SOURCE/artic/trunk/webapp/src/main/webapp/WSDL/brm.wsdl");
> >> > >> > >>
> >> > >> > >> factory.setServiceName(new QName("
> >> > >> http://services.brm.n2.tibco.com
> >> > >> > ",
> >> > >> > >> "WorkListService"));
> >> > >> > >>
> >> > >> > >> WorkListService workListService = (WorkListService)
> >> > >> > factory.create();
> >> > >> > >>
> >> > >> > >>
> >> > >> > >> Client client = ClientProxy.getClient(workListService);
> >> > >> > >>
> >> > >> > >>
> >> > >> > >> Map<String, Object> properties = new HashMap<String,
> >> Object>();
> >> > >> > >>
> >> > >> > >> properties.put(WSHandlerConstants.ACTION ,
> >> > >> > >> WSHandlerConstants.USERNAME_TOKEN);
> >> > >> > >>
> >> > >> > >> properties.put(WSHandlerConstants.USER ,
> >> > >> this.username);
> >> > >> > >>
> >> > >> > >> properties.put(WSHandlerConstants.PASSWORD_TYPE ,
> >> > WSConstants.
> >> > >> > >> PW_TEXT);// "PasswordDigest"
> >> > >> > >>
> >> > >> > >> properties.put(WSHandlerConstants.PW_CALLBACK_REF ,
> >> > >> > newPasswordCallbackHandler(
> >> > >> > >> this.username, password, "password"));
> >> > >> > >>
> >> > >> > >>
> >> > >> > >> client.getOutInterceptors().add(new
> >> > >> > WSS4JOutInterceptor(properties));
> >> > >> > >>
> >> > >> > >>
> >> > >> > >> On Fri, Jul 12, 2013 at 4:36 PM, Colm O hEigeartaigh <
> >> > >> > coheigea@apache.org
> >> > >> > >> > wrote:
> >> > >> > >>
> >> > >> > >>> ou could create a CXF interceptor that sets the username on
> the
> >> > fly,
> >> > >> > >>> before the WSS4JOutInterceptor is called.
> >> > >> > >>
> >> > >> > >>
> >> > >> > >>
> >> > >> > >>
> >> > >> > >
> >> > >> > >
> >> > >> > > --
> >> > >> > > Colm O hEigeartaigh
> >> > >> > >
> >> > >> > > Talend Community Coder
> >> > >> > > http://coders.talend.com
> >> > >> > >
> >> > >> >
> >> > >>
> >> > >>
> >> > >>
> >> > >> --
> >> > >> Colm O hEigeartaigh
> >> > >>
> >> > >> Talend Community Coder
> >> > >> http://coders.talend.com
> >> > >>
> >> > >
> >> > >
> >> >
> >>
> >>
> >>
> >> --
> >> Colm O hEigeartaigh
> >>
> >> Talend Community Coder
> >> http://coders.talend.com
> >>
> >
> >
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
Re: CXF client - how to dynamically set user/password at runtime
Posted by Colm O hEigeartaigh <co...@apache.org>.
> Is it thread safe ?
http://cxf.apache.org/faq.html#FAQ-AreJAXWSclientproxiesthreadsafe%3F
All you need is a JAX-WS client proxy, how you obtain one or set up your
project is up to you...
Colm.
On Tue, Sep 24, 2013 at 2:07 PM, Thomas Manson
<de...@gmail.com>wrote:
> Hi Colm,
>
> I'm starting to understand that it's another way to configure the client.
>
> I've two questions :
>
> - Is it thread safe ?
> I guess that it is as I see that the ServiceBus specify a Thread.
> In a J2EE context, should I specify something else than
> SpringBusFactory.setThreadDefaultBus(bus); ?
>
>
> - I'm a bit puzzled by the configuration:
>
>
> SpringBusFactory bf = new SpringBusFactory();
> URL busFile = UsernameTokenTest.class.getResource("client/client.xml");
>
>
> This code load a Spring configuration file, while I already have mine +
> the client.xml configuration has some cxf:bus definition (is it the same
> thing ? SringBusFactory & cxf:bus ?).
>
> So I wonder I can't just use this code in an existing spring context, How
> should I transpose this within an existing spring context?
>
>
> How I think it would work is :
>
>
> - Use your way to setup SpringBus and the Client
> - Have a Spring class X that has the WS Client as dependency
> - X implement each method of the WS(+some additional business logic)
> and set the username dynamically <= I still don't know how to do this...
>
> Is it the correct way ?
>
> Thomas.
>
> Here is my current work in progress spring file
>
> <beans xmlns="http://www.springframework.org/schema/beans"
>
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:cxf="
> http://cxf.apache.org/core"
> xsi:schemaLocation="
> http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
> http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
>
>
> <cxf:bus>
> <cxf:features>
> <cxf:logging />
> </cxf:features>
> </cxf:bus>
>
>
>
> <!--
> /Users/tmanson/Dropbox/crf/AMXBPM-2.1-WS-Client/src/main/resources/de.wsdl
> -->
> <jaxws:client
> name="{http://services.brm.n2.tibco.com}EntityResolverService"
>
> wsdlLocation="/Users/tmanson/Dropbox/crf/AMXBPM-2.1-WS-Client/src/main/resources/de.wsdl"
> serviceClass="com.tibco.n2.de.services.EntityResolverService"
> address="http://192.168.2.202:8080/amxbpm/EntityResolverService"
> createdFromAPI="true">
> <jaxws:properties>
> <entry key="ws-security.callback-handler"
>
> value="com.mansonthomas.amxbpm.customwebapp.services.amxbpm.security.PasswordCallbackHandler"
> />
> </jaxws:properties>
> </jaxws:client>
>
> </beans>
>
>
>
>
>
>
>
>
>
> On Tue, Sep 24, 2013 at 11:41 AM, Colm O hEigeartaigh <coheigea@apache.org
> > wrote:
>
>> Look at the last test here:
>>
>>
>> http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java?view=markup
>>
>>
>> ((BindingProvider)utPort).getRequestContext().put(SecurityConstants.USERNAME,
>> "Alice");
>>
>> Colm.
>>
>>
>> On Tue, Sep 24, 2013 at 10:33 AM, Thomas Manson
>> <de...@gmail.com>wrote:
>>
>> > Hi Colm,
>> >
>> > I'm back working on this subject (was on pause as I was working for
>> other
>> > clients)
>> >
>> > I've checked out the SVN repo you gave me, and I've looked through the
>> > samples configurations (client.xml) and I can't find anything
>> appropriate.
>> >
>> > In the UT (Username Token I guess), the username is always provided in
>> the
>> > configuration file.
>> > The saml/x509 configuration still refers to Alice.properties...
>> >
>> >
>> > In my case, the username shouldn't appear in the configuration files,
>> as
>> > I need to use the J2EE Principal as login, and call the webservice to
>> > authenticate the user.
>> >
>> > Could you point me to the right direction ?
>> >
>> > Thomas.
>> >
>> >
>> >
>> >
>> >
>> > On Sat, Jul 13, 2013 at 1:45 AM, Thomas Manson
>> > <de...@gmail.com>wrote:
>> >
>> > > Thanks, it will surely help a lot :)
>> > >
>> > > Thomas.
>> > >
>> > >
>> > > On Fri, Jul 12, 2013 at 6:05 PM, Colm O hEigeartaigh <
>> > coheigea@apache.org>wrote:
>> > >
>> > >> Please take a look at the tests here:
>> > >>
>> > >>
>> > >>
>> >
>> http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security-examples/
>> > >>
>> > >> Colm.
>> > >>
>> > >>
>> > >> On Fri, Jul 12, 2013 at 4:22 PM, Thomas Manson
>> > >> <de...@gmail.com>wrote:
>> > >>
>> > >> > Do you have any other pointer that this page :
>> > >> >
>> > >> > cxf.apache.org/docs/ws-securitypolicy.html
>> > >> >
>> > >> > it's way to short for me as documentation to build something that
>> > work.
>> > >> > When I read the properties described, I feel there's a mix between
>> > >> server
>> > >> > side properties (which I'm not interested as I'm just implementing
>> a
>> > >> > client)... + it starts with extra properties... where are the basic
>> > >> ones?
>> > >> >
>> > >> > what would help is a full example of the code of a client.
>> > >> >
>> > >> > I'm quite lost ;)
>> > >> >
>> > >> >
>> > >> >
>> > >> >
>> > >> > On Fri, Jul 12, 2013 at 5:09 PM, Colm O hEigeartaigh <
>> > >> coheigea@apache.org
>> > >> > >wrote:
>> > >> >
>> > >> > >
>> > >> > > If you follow the WS-SecurityPolicy approach then it will work,
>> as
>> > >> all of
>> > >> > > the configuration is taken from the context rather than a
>> properties
>> > >> Map.
>> > >> > >
>> > >> > > Colm.
>> > >> > >
>> > >> > >
>> > >> > > On Fri, Jul 12, 2013 at 4:01 PM, Thomas Manson <
>> > >> > dev.mansonthomas@gmail.com
>> > >> > > > wrote:
>> > >> > >
>> > >> > >> I already does what you say as follow, but it mean one
>> instance of
>> > >> the
>> > >> > >> client per user connected.
>> > >> > >>
>> > >> > >>
>> > >> > >> I've search quite some time dans didn't find a way to set
>> something
>> > >> like
>> > >> > >> the password callback handler.
>> > >> > >>
>> > >> > >>
>> > >> > >>
>> > >> > >> JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
>> > >> > >>
>> > >> > >> factory.setServiceClass(WorkListService.class);
>> > >> > >>
>> > >> > >> factory.setAddress(this.endpoint);
>> > >> > >>
>> > >> > >> //
>> > >> > >>
>> > >> >
>> > >>
>> >
>> factory.setWsdlLocation("D:/ARTIC/SOURCE/artic/trunk/webapp/src/main/webapp/WSDL/brm.wsdl");
>> > >> > >>
>> > >> > >> factory.setServiceName(new QName("
>> > >> http://services.brm.n2.tibco.com
>> > >> > ",
>> > >> > >> "WorkListService"));
>> > >> > >>
>> > >> > >> WorkListService workListService = (WorkListService)
>> > >> > factory.create();
>> > >> > >>
>> > >> > >>
>> > >> > >> Client client = ClientProxy.getClient(workListService);
>> > >> > >>
>> > >> > >>
>> > >> > >> Map<String, Object> properties = new HashMap<String,
>> Object>();
>> > >> > >>
>> > >> > >> properties.put(WSHandlerConstants.ACTION ,
>> > >> > >> WSHandlerConstants.USERNAME_TOKEN);
>> > >> > >>
>> > >> > >> properties.put(WSHandlerConstants.USER ,
>> > >> this.username);
>> > >> > >>
>> > >> > >> properties.put(WSHandlerConstants.PASSWORD_TYPE ,
>> > WSConstants.
>> > >> > >> PW_TEXT);// "PasswordDigest"
>> > >> > >>
>> > >> > >> properties.put(WSHandlerConstants.PW_CALLBACK_REF ,
>> > >> > newPasswordCallbackHandler(
>> > >> > >> this.username, password, "password"));
>> > >> > >>
>> > >> > >>
>> > >> > >> client.getOutInterceptors().add(new
>> > >> > WSS4JOutInterceptor(properties));
>> > >> > >>
>> > >> > >>
>> > >> > >> On Fri, Jul 12, 2013 at 4:36 PM, Colm O hEigeartaigh <
>> > >> > coheigea@apache.org
>> > >> > >> > wrote:
>> > >> > >>
>> > >> > >>> ou could create a CXF interceptor that sets the username on the
>> > fly,
>> > >> > >>> before the WSS4JOutInterceptor is called.
>> > >> > >>
>> > >> > >>
>> > >> > >>
>> > >> > >>
>> > >> > >
>> > >> > >
>> > >> > > --
>> > >> > > Colm O hEigeartaigh
>> > >> > >
>> > >> > > Talend Community Coder
>> > >> > > http://coders.talend.com
>> > >> > >
>> > >> >
>> > >>
>> > >>
>> > >>
>> > >> --
>> > >> Colm O hEigeartaigh
>> > >>
>> > >> Talend Community Coder
>> > >> http://coders.talend.com
>> > >>
>> > >
>> > >
>> >
>>
>>
>>
>> --
>> Colm O hEigeartaigh
>>
>> Talend Community Coder
>> http://coders.talend.com
>>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: CXF client - how to dynamically set user/password at runtime
Posted by Thomas Manson <de...@gmail.com>.
Hi Colm,
I'm starting to understand that it's another way to configure the client.
I've two questions :
- Is it thread safe ?
I guess that it is as I see that the ServiceBus specify a Thread.
In a J2EE context, should I specify something else than
SpringBusFactory.setThreadDefaultBus(bus); ?
- I'm a bit puzzled by the configuration:
SpringBusFactory bf = new SpringBusFactory();
URL busFile = UsernameTokenTest.class.getResource("client/client.xml");
This code load a Spring configuration file, while I already have mine + the
client.xml configuration has some cxf:bus definition (is it the same thing
? SringBusFactory & cxf:bus ?).
So I wonder I can't just use this code in an existing spring context, How
should I transpose this within an existing spring context?
How I think it would work is :
- Use your way to setup SpringBus and the Client
- Have a Spring class X that has the WS Client as dependency
- X implement each method of the WS(+some additional business logic) and
set the username dynamically <= I still don't know how to do this...
Is it the correct way ?
Thomas.
Here is my current work in progress spring file
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:cxf="
http://cxf.apache.org/core"
xsi:schemaLocation="
http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
<cxf:bus>
<cxf:features>
<cxf:logging />
</cxf:features>
</cxf:bus>
<!--
/Users/tmanson/Dropbox/crf/AMXBPM-2.1-WS-Client/src/main/resources/de.wsdl
-->
<jaxws:client
name="{http://services.brm.n2.tibco.com}EntityResolverService"
wsdlLocation="/Users/tmanson/Dropbox/crf/AMXBPM-2.1-WS-Client/src/main/resources/de.wsdl"
serviceClass="com.tibco.n2.de.services.EntityResolverService"
address="http://192.168.2.202:8080/amxbpm/EntityResolverService"
createdFromAPI="true">
<jaxws:properties>
<entry key="ws-security.callback-handler"
value="com.mansonthomas.amxbpm.customwebapp.services.amxbpm.security.PasswordCallbackHandler"
/>
</jaxws:properties>
</jaxws:client>
</beans>
On Tue, Sep 24, 2013 at 11:41 AM, Colm O hEigeartaigh
<co...@apache.org>wrote:
> Look at the last test here:
>
>
> http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java?view=markup
>
>
> ((BindingProvider)utPort).getRequestContext().put(SecurityConstants.USERNAME,
> "Alice");
>
> Colm.
>
>
> On Tue, Sep 24, 2013 at 10:33 AM, Thomas Manson
> <de...@gmail.com>wrote:
>
> > Hi Colm,
> >
> > I'm back working on this subject (was on pause as I was working for
> other
> > clients)
> >
> > I've checked out the SVN repo you gave me, and I've looked through the
> > samples configurations (client.xml) and I can't find anything
> appropriate.
> >
> > In the UT (Username Token I guess), the username is always provided in
> the
> > configuration file.
> > The saml/x509 configuration still refers to Alice.properties...
> >
> >
> > In my case, the username shouldn't appear in the configuration files,
> as
> > I need to use the J2EE Principal as login, and call the webservice to
> > authenticate the user.
> >
> > Could you point me to the right direction ?
> >
> > Thomas.
> >
> >
> >
> >
> >
> > On Sat, Jul 13, 2013 at 1:45 AM, Thomas Manson
> > <de...@gmail.com>wrote:
> >
> > > Thanks, it will surely help a lot :)
> > >
> > > Thomas.
> > >
> > >
> > > On Fri, Jul 12, 2013 at 6:05 PM, Colm O hEigeartaigh <
> > coheigea@apache.org>wrote:
> > >
> > >> Please take a look at the tests here:
> > >>
> > >>
> > >>
> >
> http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security-examples/
> > >>
> > >> Colm.
> > >>
> > >>
> > >> On Fri, Jul 12, 2013 at 4:22 PM, Thomas Manson
> > >> <de...@gmail.com>wrote:
> > >>
> > >> > Do you have any other pointer that this page :
> > >> >
> > >> > cxf.apache.org/docs/ws-securitypolicy.html
> > >> >
> > >> > it's way to short for me as documentation to build something that
> > work.
> > >> > When I read the properties described, I feel there's a mix between
> > >> server
> > >> > side properties (which I'm not interested as I'm just implementing a
> > >> > client)... + it starts with extra properties... where are the basic
> > >> ones?
> > >> >
> > >> > what would help is a full example of the code of a client.
> > >> >
> > >> > I'm quite lost ;)
> > >> >
> > >> >
> > >> >
> > >> >
> > >> > On Fri, Jul 12, 2013 at 5:09 PM, Colm O hEigeartaigh <
> > >> coheigea@apache.org
> > >> > >wrote:
> > >> >
> > >> > >
> > >> > > If you follow the WS-SecurityPolicy approach then it will work, as
> > >> all of
> > >> > > the configuration is taken from the context rather than a
> properties
> > >> Map.
> > >> > >
> > >> > > Colm.
> > >> > >
> > >> > >
> > >> > > On Fri, Jul 12, 2013 at 4:01 PM, Thomas Manson <
> > >> > dev.mansonthomas@gmail.com
> > >> > > > wrote:
> > >> > >
> > >> > >> I already does what you say as follow, but it mean one instance
> of
> > >> the
> > >> > >> client per user connected.
> > >> > >>
> > >> > >>
> > >> > >> I've search quite some time dans didn't find a way to set
> something
> > >> like
> > >> > >> the password callback handler.
> > >> > >>
> > >> > >>
> > >> > >>
> > >> > >> JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
> > >> > >>
> > >> > >> factory.setServiceClass(WorkListService.class);
> > >> > >>
> > >> > >> factory.setAddress(this.endpoint);
> > >> > >>
> > >> > >> //
> > >> > >>
> > >> >
> > >>
> >
> factory.setWsdlLocation("D:/ARTIC/SOURCE/artic/trunk/webapp/src/main/webapp/WSDL/brm.wsdl");
> > >> > >>
> > >> > >> factory.setServiceName(new QName("
> > >> http://services.brm.n2.tibco.com
> > >> > ",
> > >> > >> "WorkListService"));
> > >> > >>
> > >> > >> WorkListService workListService = (WorkListService)
> > >> > factory.create();
> > >> > >>
> > >> > >>
> > >> > >> Client client = ClientProxy.getClient(workListService);
> > >> > >>
> > >> > >>
> > >> > >> Map<String, Object> properties = new HashMap<String,
> Object>();
> > >> > >>
> > >> > >> properties.put(WSHandlerConstants.ACTION ,
> > >> > >> WSHandlerConstants.USERNAME_TOKEN);
> > >> > >>
> > >> > >> properties.put(WSHandlerConstants.USER ,
> > >> this.username);
> > >> > >>
> > >> > >> properties.put(WSHandlerConstants.PASSWORD_TYPE ,
> > WSConstants.
> > >> > >> PW_TEXT);// "PasswordDigest"
> > >> > >>
> > >> > >> properties.put(WSHandlerConstants.PW_CALLBACK_REF ,
> > >> > newPasswordCallbackHandler(
> > >> > >> this.username, password, "password"));
> > >> > >>
> > >> > >>
> > >> > >> client.getOutInterceptors().add(new
> > >> > WSS4JOutInterceptor(properties));
> > >> > >>
> > >> > >>
> > >> > >> On Fri, Jul 12, 2013 at 4:36 PM, Colm O hEigeartaigh <
> > >> > coheigea@apache.org
> > >> > >> > wrote:
> > >> > >>
> > >> > >>> ou could create a CXF interceptor that sets the username on the
> > fly,
> > >> > >>> before the WSS4JOutInterceptor is called.
> > >> > >>
> > >> > >>
> > >> > >>
> > >> > >>
> > >> > >
> > >> > >
> > >> > > --
> > >> > > Colm O hEigeartaigh
> > >> > >
> > >> > > Talend Community Coder
> > >> > > http://coders.talend.com
> > >> > >
> > >> >
> > >>
> > >>
> > >>
> > >> --
> > >> Colm O hEigeartaigh
> > >>
> > >> Talend Community Coder
> > >> http://coders.talend.com
> > >>
> > >
> > >
> >
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
Re: CXF client - how to dynamically set user/password at runtime
Posted by Colm O hEigeartaigh <co...@apache.org>.
Look at the last test here:
http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java?view=markup
((BindingProvider)utPort).getRequestContext().put(SecurityConstants.USERNAME,
"Alice");
Colm.
On Tue, Sep 24, 2013 at 10:33 AM, Thomas Manson
<de...@gmail.com>wrote:
> Hi Colm,
>
> I'm back working on this subject (was on pause as I was working for other
> clients)
>
> I've checked out the SVN repo you gave me, and I've looked through the
> samples configurations (client.xml) and I can't find anything appropriate.
>
> In the UT (Username Token I guess), the username is always provided in the
> configuration file.
> The saml/x509 configuration still refers to Alice.properties...
>
>
> In my case, the username shouldn't appear in the configuration files, as
> I need to use the J2EE Principal as login, and call the webservice to
> authenticate the user.
>
> Could you point me to the right direction ?
>
> Thomas.
>
>
>
>
>
> On Sat, Jul 13, 2013 at 1:45 AM, Thomas Manson
> <de...@gmail.com>wrote:
>
> > Thanks, it will surely help a lot :)
> >
> > Thomas.
> >
> >
> > On Fri, Jul 12, 2013 at 6:05 PM, Colm O hEigeartaigh <
> coheigea@apache.org>wrote:
> >
> >> Please take a look at the tests here:
> >>
> >>
> >>
> http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security-examples/
> >>
> >> Colm.
> >>
> >>
> >> On Fri, Jul 12, 2013 at 4:22 PM, Thomas Manson
> >> <de...@gmail.com>wrote:
> >>
> >> > Do you have any other pointer that this page :
> >> >
> >> > cxf.apache.org/docs/ws-securitypolicy.html
> >> >
> >> > it's way to short for me as documentation to build something that
> work.
> >> > When I read the properties described, I feel there's a mix between
> >> server
> >> > side properties (which I'm not interested as I'm just implementing a
> >> > client)... + it starts with extra properties... where are the basic
> >> ones?
> >> >
> >> > what would help is a full example of the code of a client.
> >> >
> >> > I'm quite lost ;)
> >> >
> >> >
> >> >
> >> >
> >> > On Fri, Jul 12, 2013 at 5:09 PM, Colm O hEigeartaigh <
> >> coheigea@apache.org
> >> > >wrote:
> >> >
> >> > >
> >> > > If you follow the WS-SecurityPolicy approach then it will work, as
> >> all of
> >> > > the configuration is taken from the context rather than a properties
> >> Map.
> >> > >
> >> > > Colm.
> >> > >
> >> > >
> >> > > On Fri, Jul 12, 2013 at 4:01 PM, Thomas Manson <
> >> > dev.mansonthomas@gmail.com
> >> > > > wrote:
> >> > >
> >> > >> I already does what you say as follow, but it mean one instance of
> >> the
> >> > >> client per user connected.
> >> > >>
> >> > >>
> >> > >> I've search quite some time dans didn't find a way to set something
> >> like
> >> > >> the password callback handler.
> >> > >>
> >> > >>
> >> > >>
> >> > >> JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
> >> > >>
> >> > >> factory.setServiceClass(WorkListService.class);
> >> > >>
> >> > >> factory.setAddress(this.endpoint);
> >> > >>
> >> > >> //
> >> > >>
> >> >
> >>
> factory.setWsdlLocation("D:/ARTIC/SOURCE/artic/trunk/webapp/src/main/webapp/WSDL/brm.wsdl");
> >> > >>
> >> > >> factory.setServiceName(new QName("
> >> http://services.brm.n2.tibco.com
> >> > ",
> >> > >> "WorkListService"));
> >> > >>
> >> > >> WorkListService workListService = (WorkListService)
> >> > factory.create();
> >> > >>
> >> > >>
> >> > >> Client client = ClientProxy.getClient(workListService);
> >> > >>
> >> > >>
> >> > >> Map<String, Object> properties = new HashMap<String, Object>();
> >> > >>
> >> > >> properties.put(WSHandlerConstants.ACTION ,
> >> > >> WSHandlerConstants.USERNAME_TOKEN);
> >> > >>
> >> > >> properties.put(WSHandlerConstants.USER ,
> >> this.username);
> >> > >>
> >> > >> properties.put(WSHandlerConstants.PASSWORD_TYPE ,
> WSConstants.
> >> > >> PW_TEXT);// "PasswordDigest"
> >> > >>
> >> > >> properties.put(WSHandlerConstants.PW_CALLBACK_REF ,
> >> > newPasswordCallbackHandler(
> >> > >> this.username, password, "password"));
> >> > >>
> >> > >>
> >> > >> client.getOutInterceptors().add(new
> >> > WSS4JOutInterceptor(properties));
> >> > >>
> >> > >>
> >> > >> On Fri, Jul 12, 2013 at 4:36 PM, Colm O hEigeartaigh <
> >> > coheigea@apache.org
> >> > >> > wrote:
> >> > >>
> >> > >>> ou could create a CXF interceptor that sets the username on the
> fly,
> >> > >>> before the WSS4JOutInterceptor is called.
> >> > >>
> >> > >>
> >> > >>
> >> > >>
> >> > >
> >> > >
> >> > > --
> >> > > Colm O hEigeartaigh
> >> > >
> >> > > Talend Community Coder
> >> > > http://coders.talend.com
> >> > >
> >> >
> >>
> >>
> >>
> >> --
> >> Colm O hEigeartaigh
> >>
> >> Talend Community Coder
> >> http://coders.talend.com
> >>
> >
> >
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: CXF client - how to dynamically set user/password at runtime
Posted by Thomas Manson <de...@gmail.com>.
Hi Colm,
I'm back working on this subject (was on pause as I was working for other
clients)
I've checked out the SVN repo you gave me, and I've looked through the
samples configurations (client.xml) and I can't find anything appropriate.
In the UT (Username Token I guess), the username is always provided in the
configuration file.
The saml/x509 configuration still refers to Alice.properties...
In my case, the username shouldn't appear in the configuration files, as
I need to use the J2EE Principal as login, and call the webservice to
authenticate the user.
Could you point me to the right direction ?
Thomas.
On Sat, Jul 13, 2013 at 1:45 AM, Thomas Manson
<de...@gmail.com>wrote:
> Thanks, it will surely help a lot :)
>
> Thomas.
>
>
> On Fri, Jul 12, 2013 at 6:05 PM, Colm O hEigeartaigh <co...@apache.org>wrote:
>
>> Please take a look at the tests here:
>>
>>
>> http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security-examples/
>>
>> Colm.
>>
>>
>> On Fri, Jul 12, 2013 at 4:22 PM, Thomas Manson
>> <de...@gmail.com>wrote:
>>
>> > Do you have any other pointer that this page :
>> >
>> > cxf.apache.org/docs/ws-securitypolicy.html
>> >
>> > it's way to short for me as documentation to build something that work.
>> > When I read the properties described, I feel there's a mix between
>> server
>> > side properties (which I'm not interested as I'm just implementing a
>> > client)... + it starts with extra properties... where are the basic
>> ones?
>> >
>> > what would help is a full example of the code of a client.
>> >
>> > I'm quite lost ;)
>> >
>> >
>> >
>> >
>> > On Fri, Jul 12, 2013 at 5:09 PM, Colm O hEigeartaigh <
>> coheigea@apache.org
>> > >wrote:
>> >
>> > >
>> > > If you follow the WS-SecurityPolicy approach then it will work, as
>> all of
>> > > the configuration is taken from the context rather than a properties
>> Map.
>> > >
>> > > Colm.
>> > >
>> > >
>> > > On Fri, Jul 12, 2013 at 4:01 PM, Thomas Manson <
>> > dev.mansonthomas@gmail.com
>> > > > wrote:
>> > >
>> > >> I already does what you say as follow, but it mean one instance of
>> the
>> > >> client per user connected.
>> > >>
>> > >>
>> > >> I've search quite some time dans didn't find a way to set something
>> like
>> > >> the password callback handler.
>> > >>
>> > >>
>> > >>
>> > >> JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
>> > >>
>> > >> factory.setServiceClass(WorkListService.class);
>> > >>
>> > >> factory.setAddress(this.endpoint);
>> > >>
>> > >> //
>> > >>
>> >
>> factory.setWsdlLocation("D:/ARTIC/SOURCE/artic/trunk/webapp/src/main/webapp/WSDL/brm.wsdl");
>> > >>
>> > >> factory.setServiceName(new QName("
>> http://services.brm.n2.tibco.com
>> > ",
>> > >> "WorkListService"));
>> > >>
>> > >> WorkListService workListService = (WorkListService)
>> > factory.create();
>> > >>
>> > >>
>> > >> Client client = ClientProxy.getClient(workListService);
>> > >>
>> > >>
>> > >> Map<String, Object> properties = new HashMap<String, Object>();
>> > >>
>> > >> properties.put(WSHandlerConstants.ACTION ,
>> > >> WSHandlerConstants.USERNAME_TOKEN);
>> > >>
>> > >> properties.put(WSHandlerConstants.USER ,
>> this.username);
>> > >>
>> > >> properties.put(WSHandlerConstants.PASSWORD_TYPE , WSConstants.
>> > >> PW_TEXT);// "PasswordDigest"
>> > >>
>> > >> properties.put(WSHandlerConstants.PW_CALLBACK_REF ,
>> > newPasswordCallbackHandler(
>> > >> this.username, password, "password"));
>> > >>
>> > >>
>> > >> client.getOutInterceptors().add(new
>> > WSS4JOutInterceptor(properties));
>> > >>
>> > >>
>> > >> On Fri, Jul 12, 2013 at 4:36 PM, Colm O hEigeartaigh <
>> > coheigea@apache.org
>> > >> > wrote:
>> > >>
>> > >>> ou could create a CXF interceptor that sets the username on the fly,
>> > >>> before the WSS4JOutInterceptor is called.
>> > >>
>> > >>
>> > >>
>> > >>
>> > >
>> > >
>> > > --
>> > > Colm O hEigeartaigh
>> > >
>> > > Talend Community Coder
>> > > http://coders.talend.com
>> > >
>> >
>>
>>
>>
>> --
>> Colm O hEigeartaigh
>>
>> Talend Community Coder
>> http://coders.talend.com
>>
>
>
Re: CXF client - how to dynamically set user/password at runtime
Posted by Thomas Manson <de...@gmail.com>.
Thanks, it will surely help a lot :)
Thomas.
On Fri, Jul 12, 2013 at 6:05 PM, Colm O hEigeartaigh <co...@apache.org>wrote:
> Please take a look at the tests here:
>
>
> http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security-examples/
>
> Colm.
>
>
> On Fri, Jul 12, 2013 at 4:22 PM, Thomas Manson
> <de...@gmail.com>wrote:
>
> > Do you have any other pointer that this page :
> >
> > cxf.apache.org/docs/ws-securitypolicy.html
> >
> > it's way to short for me as documentation to build something that work.
> > When I read the properties described, I feel there's a mix between server
> > side properties (which I'm not interested as I'm just implementing a
> > client)... + it starts with extra properties... where are the basic ones?
> >
> > what would help is a full example of the code of a client.
> >
> > I'm quite lost ;)
> >
> >
> >
> >
> > On Fri, Jul 12, 2013 at 5:09 PM, Colm O hEigeartaigh <
> coheigea@apache.org
> > >wrote:
> >
> > >
> > > If you follow the WS-SecurityPolicy approach then it will work, as all
> of
> > > the configuration is taken from the context rather than a properties
> Map.
> > >
> > > Colm.
> > >
> > >
> > > On Fri, Jul 12, 2013 at 4:01 PM, Thomas Manson <
> > dev.mansonthomas@gmail.com
> > > > wrote:
> > >
> > >> I already does what you say as follow, but it mean one instance of
> the
> > >> client per user connected.
> > >>
> > >>
> > >> I've search quite some time dans didn't find a way to set something
> like
> > >> the password callback handler.
> > >>
> > >>
> > >>
> > >> JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
> > >>
> > >> factory.setServiceClass(WorkListService.class);
> > >>
> > >> factory.setAddress(this.endpoint);
> > >>
> > >> //
> > >>
> >
> factory.setWsdlLocation("D:/ARTIC/SOURCE/artic/trunk/webapp/src/main/webapp/WSDL/brm.wsdl");
> > >>
> > >> factory.setServiceName(new QName("
> http://services.brm.n2.tibco.com
> > ",
> > >> "WorkListService"));
> > >>
> > >> WorkListService workListService = (WorkListService)
> > factory.create();
> > >>
> > >>
> > >> Client client = ClientProxy.getClient(workListService);
> > >>
> > >>
> > >> Map<String, Object> properties = new HashMap<String, Object>();
> > >>
> > >> properties.put(WSHandlerConstants.ACTION ,
> > >> WSHandlerConstants.USERNAME_TOKEN);
> > >>
> > >> properties.put(WSHandlerConstants.USER ,
> this.username);
> > >>
> > >> properties.put(WSHandlerConstants.PASSWORD_TYPE , WSConstants.
> > >> PW_TEXT);// "PasswordDigest"
> > >>
> > >> properties.put(WSHandlerConstants.PW_CALLBACK_REF ,
> > newPasswordCallbackHandler(
> > >> this.username, password, "password"));
> > >>
> > >>
> > >> client.getOutInterceptors().add(new
> > WSS4JOutInterceptor(properties));
> > >>
> > >>
> > >> On Fri, Jul 12, 2013 at 4:36 PM, Colm O hEigeartaigh <
> > coheigea@apache.org
> > >> > wrote:
> > >>
> > >>> ou could create a CXF interceptor that sets the username on the fly,
> > >>> before the WSS4JOutInterceptor is called.
> > >>
> > >>
> > >>
> > >>
> > >
> > >
> > > --
> > > Colm O hEigeartaigh
> > >
> > > Talend Community Coder
> > > http://coders.talend.com
> > >
> >
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
Re: CXF client - how to dynamically set user/password at runtime
Posted by Colm O hEigeartaigh <co...@apache.org>.
Please take a look at the tests here:
http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security-examples/
Colm.
On Fri, Jul 12, 2013 at 4:22 PM, Thomas Manson
<de...@gmail.com>wrote:
> Do you have any other pointer that this page :
>
> cxf.apache.org/docs/ws-securitypolicy.html
>
> it's way to short for me as documentation to build something that work.
> When I read the properties described, I feel there's a mix between server
> side properties (which I'm not interested as I'm just implementing a
> client)... + it starts with extra properties... where are the basic ones?
>
> what would help is a full example of the code of a client.
>
> I'm quite lost ;)
>
>
>
>
> On Fri, Jul 12, 2013 at 5:09 PM, Colm O hEigeartaigh <coheigea@apache.org
> >wrote:
>
> >
> > If you follow the WS-SecurityPolicy approach then it will work, as all of
> > the configuration is taken from the context rather than a properties Map.
> >
> > Colm.
> >
> >
> > On Fri, Jul 12, 2013 at 4:01 PM, Thomas Manson <
> dev.mansonthomas@gmail.com
> > > wrote:
> >
> >> I already does what you say as follow, but it mean one instance of the
> >> client per user connected.
> >>
> >>
> >> I've search quite some time dans didn't find a way to set something like
> >> the password callback handler.
> >>
> >>
> >>
> >> JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
> >>
> >> factory.setServiceClass(WorkListService.class);
> >>
> >> factory.setAddress(this.endpoint);
> >>
> >> //
> >>
> factory.setWsdlLocation("D:/ARTIC/SOURCE/artic/trunk/webapp/src/main/webapp/WSDL/brm.wsdl");
> >>
> >> factory.setServiceName(new QName("http://services.brm.n2.tibco.com
> ",
> >> "WorkListService"));
> >>
> >> WorkListService workListService = (WorkListService)
> factory.create();
> >>
> >>
> >> Client client = ClientProxy.getClient(workListService);
> >>
> >>
> >> Map<String, Object> properties = new HashMap<String, Object>();
> >>
> >> properties.put(WSHandlerConstants.ACTION ,
> >> WSHandlerConstants.USERNAME_TOKEN);
> >>
> >> properties.put(WSHandlerConstants.USER , this.username);
> >>
> >> properties.put(WSHandlerConstants.PASSWORD_TYPE , WSConstants.
> >> PW_TEXT);// "PasswordDigest"
> >>
> >> properties.put(WSHandlerConstants.PW_CALLBACK_REF ,
> newPasswordCallbackHandler(
> >> this.username, password, "password"));
> >>
> >>
> >> client.getOutInterceptors().add(new
> WSS4JOutInterceptor(properties));
> >>
> >>
> >> On Fri, Jul 12, 2013 at 4:36 PM, Colm O hEigeartaigh <
> coheigea@apache.org
> >> > wrote:
> >>
> >>> ou could create a CXF interceptor that sets the username on the fly,
> >>> before the WSS4JOutInterceptor is called.
> >>
> >>
> >>
> >>
> >
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
> >
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: CXF client - how to dynamically set user/password at runtime
Posted by Thomas Manson <de...@gmail.com>.
Do you have any other pointer that this page :
cxf.apache.org/docs/ws-securitypolicy.html
it's way to short for me as documentation to build something that work.
When I read the properties described, I feel there's a mix between server
side properties (which I'm not interested as I'm just implementing a
client)... + it starts with extra properties... where are the basic ones?
what would help is a full example of the code of a client.
I'm quite lost ;)
On Fri, Jul 12, 2013 at 5:09 PM, Colm O hEigeartaigh <co...@apache.org>wrote:
>
> If you follow the WS-SecurityPolicy approach then it will work, as all of
> the configuration is taken from the context rather than a properties Map.
>
> Colm.
>
>
> On Fri, Jul 12, 2013 at 4:01 PM, Thomas Manson <dev.mansonthomas@gmail.com
> > wrote:
>
>> I already does what you say as follow, but it mean one instance of the
>> client per user connected.
>>
>>
>> I've search quite some time dans didn't find a way to set something like
>> the password callback handler.
>>
>>
>>
>> JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
>>
>> factory.setServiceClass(WorkListService.class);
>>
>> factory.setAddress(this.endpoint);
>>
>> //
>> factory.setWsdlLocation("D:/ARTIC/SOURCE/artic/trunk/webapp/src/main/webapp/WSDL/brm.wsdl");
>>
>> factory.setServiceName(new QName("http://services.brm.n2.tibco.com",
>> "WorkListService"));
>>
>> WorkListService workListService = (WorkListService) factory.create();
>>
>>
>> Client client = ClientProxy.getClient(workListService);
>>
>>
>> Map<String, Object> properties = new HashMap<String, Object>();
>>
>> properties.put(WSHandlerConstants.ACTION ,
>> WSHandlerConstants.USERNAME_TOKEN);
>>
>> properties.put(WSHandlerConstants.USER , this.username);
>>
>> properties.put(WSHandlerConstants.PASSWORD_TYPE , WSConstants.
>> PW_TEXT);// "PasswordDigest"
>>
>> properties.put(WSHandlerConstants.PW_CALLBACK_REF , newPasswordCallbackHandler(
>> this.username, password, "password"));
>>
>>
>> client.getOutInterceptors().add(new WSS4JOutInterceptor(properties));
>>
>>
>> On Fri, Jul 12, 2013 at 4:36 PM, Colm O hEigeartaigh <coheigea@apache.org
>> > wrote:
>>
>>> ou could create a CXF interceptor that sets the username on the fly,
>>> before the WSS4JOutInterceptor is called.
>>
>>
>>
>>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
Re: CXF client - how to dynamically set user/password at runtime
Posted by Colm O hEigeartaigh <co...@apache.org>.
If you follow the WS-SecurityPolicy approach then it will work, as all of
the configuration is taken from the context rather than a properties Map.
Colm.
On Fri, Jul 12, 2013 at 4:01 PM, Thomas Manson
<de...@gmail.com>wrote:
> I already does what you say as follow, but it mean one instance of the
> client per user connected.
>
>
> I've search quite some time dans didn't find a way to set something like
> the password callback handler.
>
>
>
> JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
>
> factory.setServiceClass(WorkListService.class);
>
> factory.setAddress(this.endpoint);
>
> //
> factory.setWsdlLocation("D:/ARTIC/SOURCE/artic/trunk/webapp/src/main/webapp/WSDL/brm.wsdl");
>
> factory.setServiceName(new QName("http://services.brm.n2.tibco.com",
> "WorkListService"));
>
> WorkListService workListService = (WorkListService) factory.create();
>
>
> Client client = ClientProxy.getClient(workListService);
>
>
> Map<String, Object> properties = new HashMap<String, Object>();
>
> properties.put(WSHandlerConstants.ACTION ,
> WSHandlerConstants.USERNAME_TOKEN);
>
> properties.put(WSHandlerConstants.USER , this.username);
>
> properties.put(WSHandlerConstants.PASSWORD_TYPE , WSConstants.
> PW_TEXT);// "PasswordDigest"
>
> properties.put(WSHandlerConstants.PW_CALLBACK_REF , newPasswordCallbackHandler(
> this.username, password, "password"));
>
>
> client.getOutInterceptors().add(new WSS4JOutInterceptor(properties));
>
>
> On Fri, Jul 12, 2013 at 4:36 PM, Colm O hEigeartaigh <co...@apache.org>wrote:
>
>> ou could create a CXF interceptor that sets the username on the fly,
>> before the WSS4JOutInterceptor is called.
>
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: CXF client - how to dynamically set user/password at runtime
Posted by Thomas Manson <de...@gmail.com>.
I already does what you say as follow, but it mean one instance of the
client per user connected.
I've search quite some time dans didn't find a way to set something like
the password callback handler.
JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
factory.setServiceClass(WorkListService.class);
factory.setAddress(this.endpoint);
//
factory.setWsdlLocation("D:/ARTIC/SOURCE/artic/trunk/webapp/src/main/webapp/WSDL/brm.wsdl");
factory.setServiceName(new QName("http://services.brm.n2.tibco.com",
"WorkListService"));
WorkListService workListService = (WorkListService) factory.create();
Client client = ClientProxy.getClient(workListService);
Map<String, Object> properties = new HashMap<String, Object>();
properties.put(WSHandlerConstants.ACTION , WSHandlerConstants.
USERNAME_TOKEN);
properties.put(WSHandlerConstants.USER , this.username);
properties.put(WSHandlerConstants.PASSWORD_TYPE , WSConstants.PW_TEXT
);// "PasswordDigest"
properties.put(WSHandlerConstants.PW_CALLBACK_REF ,
newPasswordCallbackHandler(
this.username, password, "password"));
client.getOutInterceptors().add(new WSS4JOutInterceptor(properties));
On Fri, Jul 12, 2013 at 4:36 PM, Colm O hEigeartaigh <co...@apache.org>wrote:
> ou could create a CXF interceptor that sets the username on the fly,
> before the WSS4JOutInterceptor is called.
Re: CXF client - how to dynamically set user/password at runtime
Posted by Colm O hEigeartaigh <co...@apache.org>.
Hi Thomas,
The code snippet was only an example. You could create a CXF interceptor
that sets the username on the fly, before the WSS4JOutInterceptor is called.
Colm.
On Fri, Jul 12, 2013 at 3:30 PM, Thomas Manson
<de...@gmail.com>wrote:
> Hi Colm,
>
> In what you are showing, it create an instance of the client for each user.
> That's what I've coded so far, but If i've 2000 users connected
> simultanely on my webserver, it would be very resources consumming right ?
>
> Indeed, what I would like to do is dynamically set the unsername in the WSS4JOutInterceptor,
> but so far, I didn't find a way to do that.
>
> So maybe it's for security reason that we're not allowed to specify
> dynamically the credential on the client.
>
> Now I'm looking at SAML to call webservices (the client part, the server
> part is already implemented in a product, it use send voucher type)...
>
> It's quite difficult to enter in this subject :-/
>
> Thanks for your help,
> Thomas.
>
>
>
> On Fri, Jul 12, 2013 at 4:24 PM, Colm O hEigeartaigh <co...@apache.org>wrote:
>
>> It's easy to do if you use WS-SecurityPolicy, as this takes configuration
>> from the MessageContext. For example:
>>
>> Service service = Service.create(wsdl, SERVICE_QNAME);
>> QName portQName = new QName(NAMESPACE, "DoubleItPlaintextPrincipalPort");
>> DoubleItPortType utPort = service.getPort(portQName,
>> DoubleItPortType.class);
>>
>>
>> ((BindingProvider)utPort).getRequestContext().put(SecurityConstants.USERNAME,
>> "Alice");
>>
>> For the older "action" based approach you are using, I guess you could
>> provide access to the properties Map used to configure the
>> WSS4JOutInterceptor in a CXF Interceptor, that changes the username
>> property dynamically?
>>
>> Colm.
>>
>>
>> On Wed, Jul 10, 2013 at 5:29 PM, Thomas Manson
>> <de...@gmail.com>wrote:
>>
>> > Hi,
>> >
>> > I need to call a web service provider and specify on the fly the
>> > username/password (and later use SAML (header & body need to be
>> signed)).
>> >
>> > I'm in a context of a J2EE multiuser application, and I have to call
>> the
>> > web service provider with the credential of the user connected to the
>> web
>> > application.
>> >
>> > Later I'll have to implement SAML implementation (and X509 if I've
>> time),
>> > and I would like to be able to put this in the same code base, where you
>> > switch authentication type by configuration.
>> >
>> >
>> > Here is below the current implémentation I've and that is working,
>> > I can see that I can use the PasswordCallback to get the password, but
>> I've
>> > no option to set dynamically the username.
>> >
>> > For the password, I was planning to use ThreadLocal to retrieve the
>> > password, If you have other suggestions, I'm eager to hear it.
>> >
>> >
>> > I've seen related to AbstractUsernameTokenInInterceptor, but I don't
>> have a
>> > full example with both username & password dynamically setted.
>> >
>> > If you have any full example, or documation to point me out, would be
>> great
>> > ;)
>> >
>> > Thanks,
>> > Thomas.
>> >
>> >
>> > *final* String password = *this*.password;
>> >
>> >
>> >
>> > JaxWsProxyFactoryBean factory = *new* JaxWsProxyFactoryBean();
>> >
>> > factory.setServiceClass(WorkListService.*class*);
>> >
>> > factory.setAddress(*this*.endpoint);
>> >
>> > //
>> >
>> >
>> factory.setWsdlLocation("D:/ARTIC/SOURCE/artic/trunk/webapp/src/main/webapp/WSDL/brm.wsdl");
>> >
>> > factory.setServiceName(*new* QName("
>> http://services.brm.n2.tibco.com",
>> > "WorkListService"));
>> >
>> > WorkListService workListService = (WorkListService)
>> factory.create();
>> >
>> >
>> >
>> > Client client = ClientProxy.*getClient*(workListService);
>> >
>> >
>> >
>> > Map<String, Object> properties = *new* HashMap<String, Object>();
>> >
>> > properties.put(WSHandlerConstants.*ACTION*, WSHandlerConstants.*
>> > USERNAME_TOKEN*);
>> >
>> > properties.put(WSHandlerConstants.*USER*, *this*.username);
>> >
>> > properties.put(WSHandlerConstants.*PASSWORD_TYPE*,
>> > WSConstants.*PW_TEXT*
>> > );// "PasswordDigest"
>> >
>> > properties.put(WSHandlerConstants.*PW_CALLBACK_REF*,
>> > *new*CallbackHandler()
>> >
>> > {
>> >
>> > *public* *void* handle(Callback[] callbacks) *throws* IOException,
>> > UnsupportedCallbackException
>> >
>> > {
>> >
>> > WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
>> >
>> > pc.setPassword(password);
>> >
>> > }
>> >
>> > });
>> >
>> >
>> >
>> > client.getOutInterceptors().add(*new*
>> WSS4JOutInterceptor(properties));
>> >
>> >
>> >
>> > HTTPConduit conduit = (HTTPConduit) client.getConduit();
>> >
>> >
>> >
>> > *long* timeoutMillis = timeout * 1000;
>> >
>> >
>> >
>> > HTTPClientPolicy policy = *new* HTTPClientPolicy();
>> >
>> > policy.setConnectionTimeout(timeoutMillis);
>> >
>> > policy.setReceiveTimeout(timeoutMillis);
>> >
>> >
>> >
>> > conduit.setClient(policy);
>> >
>>
>>
>>
>> --
>> Colm O hEigeartaigh
>>
>> Talend Community Coder
>> http://coders.talend.com
>>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: CXF client - how to dynamically set user/password at runtime
Posted by Thomas Manson <de...@gmail.com>.
Hi Colm,
In what you are showing, it create an instance of the client for each user.
That's what I've coded so far, but If i've 2000 users connected simultanely
on my webserver, it would be very resources consumming right ?
Indeed, what I would like to do is dynamically set the unsername in
the WSS4JOutInterceptor,
but so far, I didn't find a way to do that.
So maybe it's for security reason that we're not allowed to specify
dynamically the credential on the client.
Now I'm looking at SAML to call webservices (the client part, the server
part is already implemented in a product, it use send voucher type)...
It's quite difficult to enter in this subject :-/
Thanks for your help,
Thomas.
On Fri, Jul 12, 2013 at 4:24 PM, Colm O hEigeartaigh <co...@apache.org>wrote:
> It's easy to do if you use WS-SecurityPolicy, as this takes configuration
> from the MessageContext. For example:
>
> Service service = Service.create(wsdl, SERVICE_QNAME);
> QName portQName = new QName(NAMESPACE, "DoubleItPlaintextPrincipalPort");
> DoubleItPortType utPort = service.getPort(portQName,
> DoubleItPortType.class);
>
>
> ((BindingProvider)utPort).getRequestContext().put(SecurityConstants.USERNAME,
> "Alice");
>
> For the older "action" based approach you are using, I guess you could
> provide access to the properties Map used to configure the
> WSS4JOutInterceptor in a CXF Interceptor, that changes the username
> property dynamically?
>
> Colm.
>
>
> On Wed, Jul 10, 2013 at 5:29 PM, Thomas Manson
> <de...@gmail.com>wrote:
>
> > Hi,
> >
> > I need to call a web service provider and specify on the fly the
> > username/password (and later use SAML (header & body need to be signed)).
> >
> > I'm in a context of a J2EE multiuser application, and I have to call
> the
> > web service provider with the credential of the user connected to the web
> > application.
> >
> > Later I'll have to implement SAML implementation (and X509 if I've
> time),
> > and I would like to be able to put this in the same code base, where you
> > switch authentication type by configuration.
> >
> >
> > Here is below the current implémentation I've and that is working,
> > I can see that I can use the PasswordCallback to get the password, but
> I've
> > no option to set dynamically the username.
> >
> > For the password, I was planning to use ThreadLocal to retrieve the
> > password, If you have other suggestions, I'm eager to hear it.
> >
> >
> > I've seen related to AbstractUsernameTokenInInterceptor, but I don't
> have a
> > full example with both username & password dynamically setted.
> >
> > If you have any full example, or documation to point me out, would be
> great
> > ;)
> >
> > Thanks,
> > Thomas.
> >
> >
> > *final* String password = *this*.password;
> >
> >
> >
> > JaxWsProxyFactoryBean factory = *new* JaxWsProxyFactoryBean();
> >
> > factory.setServiceClass(WorkListService.*class*);
> >
> > factory.setAddress(*this*.endpoint);
> >
> > //
> >
> >
> factory.setWsdlLocation("D:/ARTIC/SOURCE/artic/trunk/webapp/src/main/webapp/WSDL/brm.wsdl");
> >
> > factory.setServiceName(*new* QName("http://services.brm.n2.tibco.com
> ",
> > "WorkListService"));
> >
> > WorkListService workListService = (WorkListService) factory.create();
> >
> >
> >
> > Client client = ClientProxy.*getClient*(workListService);
> >
> >
> >
> > Map<String, Object> properties = *new* HashMap<String, Object>();
> >
> > properties.put(WSHandlerConstants.*ACTION*, WSHandlerConstants.*
> > USERNAME_TOKEN*);
> >
> > properties.put(WSHandlerConstants.*USER*, *this*.username);
> >
> > properties.put(WSHandlerConstants.*PASSWORD_TYPE*,
> > WSConstants.*PW_TEXT*
> > );// "PasswordDigest"
> >
> > properties.put(WSHandlerConstants.*PW_CALLBACK_REF*,
> > *new*CallbackHandler()
> >
> > {
> >
> > *public* *void* handle(Callback[] callbacks) *throws* IOException,
> > UnsupportedCallbackException
> >
> > {
> >
> > WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
> >
> > pc.setPassword(password);
> >
> > }
> >
> > });
> >
> >
> >
> > client.getOutInterceptors().add(*new*
> WSS4JOutInterceptor(properties));
> >
> >
> >
> > HTTPConduit conduit = (HTTPConduit) client.getConduit();
> >
> >
> >
> > *long* timeoutMillis = timeout * 1000;
> >
> >
> >
> > HTTPClientPolicy policy = *new* HTTPClientPolicy();
> >
> > policy.setConnectionTimeout(timeoutMillis);
> >
> > policy.setReceiveTimeout(timeoutMillis);
> >
> >
> >
> > conduit.setClient(policy);
> >
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
Re: CXF client - how to dynamically set user/password at runtime
Posted by Colm O hEigeartaigh <co...@apache.org>.
It's easy to do if you use WS-SecurityPolicy, as this takes configuration
from the MessageContext. For example:
Service service = Service.create(wsdl, SERVICE_QNAME);
QName portQName = new QName(NAMESPACE, "DoubleItPlaintextPrincipalPort");
DoubleItPortType utPort = service.getPort(portQName,
DoubleItPortType.class);
((BindingProvider)utPort).getRequestContext().put(SecurityConstants.USERNAME,
"Alice");
For the older "action" based approach you are using, I guess you could
provide access to the properties Map used to configure the
WSS4JOutInterceptor in a CXF Interceptor, that changes the username
property dynamically?
Colm.
On Wed, Jul 10, 2013 at 5:29 PM, Thomas Manson
<de...@gmail.com>wrote:
> Hi,
>
> I need to call a web service provider and specify on the fly the
> username/password (and later use SAML (header & body need to be signed)).
>
> I'm in a context of a J2EE multiuser application, and I have to call the
> web service provider with the credential of the user connected to the web
> application.
>
> Later I'll have to implement SAML implementation (and X509 if I've time),
> and I would like to be able to put this in the same code base, where you
> switch authentication type by configuration.
>
>
> Here is below the current implémentation I've and that is working,
> I can see that I can use the PasswordCallback to get the password, but I've
> no option to set dynamically the username.
>
> For the password, I was planning to use ThreadLocal to retrieve the
> password, If you have other suggestions, I'm eager to hear it.
>
>
> I've seen related to AbstractUsernameTokenInInterceptor, but I don't have a
> full example with both username & password dynamically setted.
>
> If you have any full example, or documation to point me out, would be great
> ;)
>
> Thanks,
> Thomas.
>
>
> *final* String password = *this*.password;
>
>
>
> JaxWsProxyFactoryBean factory = *new* JaxWsProxyFactoryBean();
>
> factory.setServiceClass(WorkListService.*class*);
>
> factory.setAddress(*this*.endpoint);
>
> //
>
> factory.setWsdlLocation("D:/ARTIC/SOURCE/artic/trunk/webapp/src/main/webapp/WSDL/brm.wsdl");
>
> factory.setServiceName(*new* QName("http://services.brm.n2.tibco.com",
> "WorkListService"));
>
> WorkListService workListService = (WorkListService) factory.create();
>
>
>
> Client client = ClientProxy.*getClient*(workListService);
>
>
>
> Map<String, Object> properties = *new* HashMap<String, Object>();
>
> properties.put(WSHandlerConstants.*ACTION*, WSHandlerConstants.*
> USERNAME_TOKEN*);
>
> properties.put(WSHandlerConstants.*USER*, *this*.username);
>
> properties.put(WSHandlerConstants.*PASSWORD_TYPE*,
> WSConstants.*PW_TEXT*
> );// "PasswordDigest"
>
> properties.put(WSHandlerConstants.*PW_CALLBACK_REF*,
> *new*CallbackHandler()
>
> {
>
> *public* *void* handle(Callback[] callbacks) *throws* IOException,
> UnsupportedCallbackException
>
> {
>
> WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
>
> pc.setPassword(password);
>
> }
>
> });
>
>
>
> client.getOutInterceptors().add(*new* WSS4JOutInterceptor(properties));
>
>
>
> HTTPConduit conduit = (HTTPConduit) client.getConduit();
>
>
>
> *long* timeoutMillis = timeout * 1000;
>
>
>
> HTTPClientPolicy policy = *new* HTTPClientPolicy();
>
> policy.setConnectionTimeout(timeoutMillis);
>
> policy.setReceiveTimeout(timeoutMillis);
>
>
>
> conduit.setClient(policy);
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com