You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@camel.apache.org by Charles Moulliard <ch...@gmail.com> on 2013/01/11 13:32:23 UTC
camel + cxf + JAAS
Hi,
Is there a way to tell to cxf or camel which realms we would like to use if
we have more than one name :
FuseESB:karaf@fuse-aviva> jaas:realms
Index Realm Module Class
1 karaf
org.apache.karaf.jaas.modules.properties.PropertiesLoginModule
2 karaf
org.apache.karaf.jaas.modules.publickey.PublickeyLoginModule
<cxf:cxfEndpoint id="WS"
address="http://0.0.0.0:9090/training/WebService"
serviceClass="com.fusesource.training.CustomerService">
<cxf:outInterceptors>
<ref bean="loggingOutInterceptor"/>
</cxf:outInterceptors>
<cxf:inInterceptors>
<ref bean="loggingInInterceptor"/>
<ref bean="wss4jInInterceptor"/>
<ref bean="authenticationInterceptor"/>
</cxf:inInterceptors>
<cxf:properties>
<!-- <entry key="ws-security.ut.no-callbacks" value="true"/> -->
<entry key="ws-security.validate.token" value="false"/>
</cxf:properties>
</cxf:cxfEndpoint>
<bean id="loggingOutInterceptor"
class="org.apache.cxf.interceptor.LoggingOutInterceptor"/>
<bean id="loggingInInterceptor"
class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
<bean id="wss4jInInterceptor"
class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
<map>
<entry key="action" value="UsernameToken Timestamp"/>
<entry key="passwordType" value="PasswordText"/>
</map>
</constructor-arg>
</bean>
<bean id="authenticationInterceptor"
class="org.apache.cxf.interceptor.security.JAASLoginInterceptor">
<property name="contextName" value="karaf"/>
</bean>
Regards,
--
Charles Moulliard
Apache Committer / Sr. Enterprise Architect (RedHat)
Twitter : @cmoulliard | Blog : http://cmoulliard.blogspot.com
Re: camel + cxf + JAAS
Posted by Willem jiang <wi...@gmail.com>.
Hi Charles,
I think you need to rename the realm name to let the org.apache.cxf.interceptor.security.JAASLoginInterceptor pick the right one for you.
As the JAAS supports to load the modules with the same name according to the code. If the user can login through one of the realms,the JAAS Interceptor will pass the request for further processing.
--
Willem Jiang
Red Hat, Inc.
FuseSource is now part of Red Hat
Web: http://www.fusesource.com | http://www.redhat.com
Blog: http://willemjiang.blogspot.com (http://willemjiang.blogspot.com/) (English)
http://jnn.iteye.com (http://jnn.javaeye.com/) (Chinese)
Twitter: willemjiang
Weibo: 姜宁willem
On Friday, January 11, 2013 at 8:32 PM, Charles Moulliard wrote:
> Hi,
>
> Is there a way to tell to cxf or camel which realms we would like to use if
> we have more than one name :
>
> FuseESB:karaf@fuse-aviva> jaas:realms
> Index Realm Module Class
>
> 1 karaf
> org.apache.karaf.jaas.modules.properties.PropertiesLoginModule
>
> 2 karaf
> org.apache.karaf.jaas.modules.publickey.PublickeyLoginModule
>
>
> <cxf:cxfEndpoint id="WS"
> address="http://0.0.0.0:9090/training/WebService"
> serviceClass="com.fusesource.training.CustomerService">
> <cxf:outInterceptors>
> <ref bean="loggingOutInterceptor"/>
> </cxf:outInterceptors>
> <cxf:inInterceptors>
> <ref bean="loggingInInterceptor"/>
> <ref bean="wss4jInInterceptor"/>
> <ref bean="authenticationInterceptor"/>
> </cxf:inInterceptors>
> <cxf:properties>
> <!-- <entry key="ws-security.ut.no-callbacks" value="true"/> -->
> <entry key="ws-security.validate.token" value="false"/>
> </cxf:properties>
> </cxf:cxfEndpoint>
>
> <bean id="loggingOutInterceptor"
> class="org.apache.cxf.interceptor.LoggingOutInterceptor"/>
> <bean id="loggingInInterceptor"
> class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
>
> <bean id="wss4jInInterceptor"
> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
> <constructor-arg>
> <map>
> <entry key="action" value="UsernameToken Timestamp"/>
> <entry key="passwordType" value="PasswordText"/>
> </map>
> </constructor-arg>
> </bean>
>
> <bean id="authenticationInterceptor"
> class="org.apache.cxf.interceptor.security.JAASLoginInterceptor">
> <property name="contextName" value="karaf"/>
> </bean>
>
> Regards,
> --
> Charles Moulliard
> Apache Committer / Sr. Enterprise Architect (RedHat)
> Twitter : @cmoulliard | Blog : http://cmoulliard.blogspot.com