You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@camel.apache.org by Charles Moulliard <ch...@gmail.com> on 2013/01/11 13:32:23 UTC

camel + cxf + JAAS

Hi,

Is there a way to tell to cxf or camel which realms we would like to use if
we have more than one name :

FuseESB:karaf@fuse-aviva> jaas:realms
Index Realm                Module Class

    1 karaf
 org.apache.karaf.jaas.modules.properties.PropertiesLoginModule

    2 karaf
 org.apache.karaf.jaas.modules.publickey.PublickeyLoginModule


    <cxf:cxfEndpoint id="WS"
                     address="http://0.0.0.0:9090/training/WebService"
                     serviceClass="com.fusesource.training.CustomerService">
        <cxf:outInterceptors>
            <ref bean="loggingOutInterceptor"/>
        </cxf:outInterceptors>
        <cxf:inInterceptors>
            <ref bean="loggingInInterceptor"/>
            <ref bean="wss4jInInterceptor"/>
            <ref bean="authenticationInterceptor"/>
        </cxf:inInterceptors>
        <cxf:properties>
            <!-- <entry key="ws-security.ut.no-callbacks" value="true"/> -->
            <entry key="ws-security.validate.token" value="false"/>
        </cxf:properties>
    </cxf:cxfEndpoint>

    <bean id="loggingOutInterceptor"
class="org.apache.cxf.interceptor.LoggingOutInterceptor"/>
    <bean id="loggingInInterceptor"
class="org.apache.cxf.interceptor.LoggingInInterceptor"/>

    <bean id="wss4jInInterceptor"
class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
        <constructor-arg>
            <map>
                <entry key="action" value="UsernameToken Timestamp"/>
                <entry key="passwordType" value="PasswordText"/>
            </map>
        </constructor-arg>
    </bean>

    <bean id="authenticationInterceptor"
class="org.apache.cxf.interceptor.security.JAASLoginInterceptor">
        <property name="contextName" value="karaf"/>
    </bean>

Regards,
-- 
Charles Moulliard
Apache Committer / Sr. Enterprise Architect (RedHat)
Twitter : @cmoulliard | Blog : http://cmoulliard.blogspot.com

Re: camel + cxf + JAAS

Posted by Willem jiang <wi...@gmail.com>.

Hi Charles,

I think you need to rename the realm name to let the org.apache.cxf.interceptor.security.JAASLoginInterceptor pick the right one for you.
As the JAAS supports to load the modules with the same name according to the code. If the user can login through one of the realms，the JAAS Interceptor will pass the request for further processing.


--  
Willem Jiang

Red Hat, Inc.
FuseSource is now part of Red Hat
Web: http://www.fusesource.com | http://www.redhat.com
Blog: http://willemjiang.blogspot.com (http://willemjiang.blogspot.com/) (English)
          http://jnn.iteye.com (http://jnn.javaeye.com/) (Chinese)
Twitter: willemjiang  
Weibo: 姜宁willem





On Friday, January 11, 2013 at 8:32 PM, Charles Moulliard wrote:

> Hi,
>  
> Is there a way to tell to cxf or camel which realms we would like to use if
> we have more than one name :
>  
> FuseESB:karaf@fuse-aviva> jaas:realms
> Index Realm Module Class
>  
> 1 karaf
> org.apache.karaf.jaas.modules.properties.PropertiesLoginModule
>  
> 2 karaf
> org.apache.karaf.jaas.modules.publickey.PublickeyLoginModule
>  
>  
> <cxf:cxfEndpoint id="WS"
> address="http://0.0.0.0:9090/training/WebService"
> serviceClass="com.fusesource.training.CustomerService">
> <cxf:outInterceptors>
> <ref bean="loggingOutInterceptor"/>
> </cxf:outInterceptors>
> <cxf:inInterceptors>
> <ref bean="loggingInInterceptor"/>
> <ref bean="wss4jInInterceptor"/>
> <ref bean="authenticationInterceptor"/>
> </cxf:inInterceptors>
> <cxf:properties>
> <!-- <entry key="ws-security.ut.no-callbacks" value="true"/> -->
> <entry key="ws-security.validate.token" value="false"/>
> </cxf:properties>
> </cxf:cxfEndpoint>
>  
> <bean id="loggingOutInterceptor"
> class="org.apache.cxf.interceptor.LoggingOutInterceptor"/>
> <bean id="loggingInInterceptor"
> class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
>  
> <bean id="wss4jInInterceptor"
> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
> <constructor-arg>
> <map>
> <entry key="action" value="UsernameToken Timestamp"/>
> <entry key="passwordType" value="PasswordText"/>
> </map>
> </constructor-arg>
> </bean>
>  
> <bean id="authenticationInterceptor"
> class="org.apache.cxf.interceptor.security.JAASLoginInterceptor">
> <property name="contextName" value="karaf"/>
> </bean>
>  
> Regards,
> --  
> Charles Moulliard
> Apache Committer / Sr. Enterprise Architect (RedHat)
> Twitter : @cmoulliard | Blog : http://cmoulliard.blogspot.com