You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cxf.apache.org by Isuranga Perera <is...@gmail.com> on 2017/08/08 09:51:09 UTC
[Dev] WSS4JStaxInInterceptor SecurityEvent
Hi
I'm using CXF security processing with stream security. There I was able to
find
List<SecurityEvent> requestSecurityEvents =
(List<SecurityEvent>)
soapMessage.getExchange().get(SecurityEvent.class.getName() + ".out");
Appreciate if you can explain how to set this SecurityEvent extension
manually and the purpose of it.
Best Regards
Re: [Dev] WSS4JStaxInInterceptor SecurityEvent
Posted by Colm O hEigeartaigh <co...@apache.org>.
The StartBodyInterceptor might help:
https://github.com/apache/cxf/blob/master/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/interceptor/StartBodyInterceptor.java
On Wed, Aug 9, 2017 at 4:18 PM, Isuranga Perera <is...@gmail.com>
wrote:
> I'm using CXF security policy enforcement without CXF transport. I convert
> the policy file to a Neethi object and used PolicyInInterceptor to get
> required interceptors to process the security header. I managed to verify
> security successfully with stream security enabled.
>
> But now I can't extract the soap body to pass to the service. I need to
> know about interceptors which can continue the process from here.
>
> On Wed, Aug 9, 2017 at 8:32 PM, Colm O hEigeartaigh <co...@apache.org>
> wrote:
>
>> What exactly are you trying to do with the streaming security
>> interceptors?
>>
>> Colm.
>>
>> On Tue, Aug 8, 2017 at 4:53 PM, Isuranga Perera <
>> isurangamperera@gmail.com> wrote:
>>
>>> Hi Colm
>>>
>>> Thanks for the immediate response. I managed to add stream security
>>> interceptors and process security headers. But I found out that they change
>>> message.getContent(StreamReader.class). So can you suggest a way to
>>> extract SOAPBody from the content?
>>>
>>> Best Regards
>>>
>>> On Tue, Aug 8, 2017 at 7:52 PM, Colm O hEigeartaigh <coheigea@apache.org
>>> > wrote:
>>>
>>>> It's not something that you should need to configure. It's used by the
>>>> streaming WS-Security code inside WSS4J to retrieve security "events"
>>>> from
>>>> either inbound or outbound processing. For example, on an inbound
>>>> request
>>>> you might decrypt a key which you might then need to use to secure the
>>>> message reply.
>>>>
>>>> Colm.
>>>>
>>>> On Tue, Aug 8, 2017 at 10:51 AM, Isuranga Perera <
>>>> isurangamperera@gmail.com>
>>>> wrote:
>>>>
>>>> > Hi
>>>> >
>>>> > I'm using CXF security processing with stream security. There I was
>>>> able
>>>> > to find
>>>> >
>>>> > List<SecurityEvent> requestSecurityEvents =
>>>> > (List<SecurityEvent>) soapMessage.getExchange().get(
>>>> SecurityEvent.class.getName()
>>>> > + ".out");
>>>> >
>>>> >
>>>> > Appreciate if you can explain how to set this SecurityEvent extension
>>>> > manually and the purpose of it.
>>>> >
>>>> > Best Regards
>>>> >
>>>>
>>>>
>>>>
>>>> --
>>>> Colm O hEigeartaigh
>>>>
>>>> Talend Community Coder
>>>> http://coders.talend.com
>>>>
>>>
>>>
>>
>>
>> --
>> Colm O hEigeartaigh
>>
>> Talend Community Coder
>> http://coders.talend.com
>>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: [Dev] WSS4JStaxInInterceptor SecurityEvent
Posted by Colm O hEigeartaigh <co...@apache.org>.
The StartBodyInterceptor might help:
https://github.com/apache/cxf/blob/master/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/interceptor/StartBodyInterceptor.java
On Wed, Aug 9, 2017 at 4:18 PM, Isuranga Perera <is...@gmail.com>
wrote:
> I'm using CXF security policy enforcement without CXF transport. I convert
> the policy file to a Neethi object and used PolicyInInterceptor to get
> required interceptors to process the security header. I managed to verify
> security successfully with stream security enabled.
>
> But now I can't extract the soap body to pass to the service. I need to
> know about interceptors which can continue the process from here.
>
> On Wed, Aug 9, 2017 at 8:32 PM, Colm O hEigeartaigh <co...@apache.org>
> wrote:
>
>> What exactly are you trying to do with the streaming security
>> interceptors?
>>
>> Colm.
>>
>> On Tue, Aug 8, 2017 at 4:53 PM, Isuranga Perera <
>> isurangamperera@gmail.com> wrote:
>>
>>> Hi Colm
>>>
>>> Thanks for the immediate response. I managed to add stream security
>>> interceptors and process security headers. But I found out that they change
>>> message.getContent(StreamReader.class). So can you suggest a way to
>>> extract SOAPBody from the content?
>>>
>>> Best Regards
>>>
>>> On Tue, Aug 8, 2017 at 7:52 PM, Colm O hEigeartaigh <coheigea@apache.org
>>> > wrote:
>>>
>>>> It's not something that you should need to configure. It's used by the
>>>> streaming WS-Security code inside WSS4J to retrieve security "events"
>>>> from
>>>> either inbound or outbound processing. For example, on an inbound
>>>> request
>>>> you might decrypt a key which you might then need to use to secure the
>>>> message reply.
>>>>
>>>> Colm.
>>>>
>>>> On Tue, Aug 8, 2017 at 10:51 AM, Isuranga Perera <
>>>> isurangamperera@gmail.com>
>>>> wrote:
>>>>
>>>> > Hi
>>>> >
>>>> > I'm using CXF security processing with stream security. There I was
>>>> able
>>>> > to find
>>>> >
>>>> > List<SecurityEvent> requestSecurityEvents =
>>>> > (List<SecurityEvent>) soapMessage.getExchange().get(
>>>> SecurityEvent.class.getName()
>>>> > + ".out");
>>>> >
>>>> >
>>>> > Appreciate if you can explain how to set this SecurityEvent extension
>>>> > manually and the purpose of it.
>>>> >
>>>> > Best Regards
>>>> >
>>>>
>>>>
>>>>
>>>> --
>>>> Colm O hEigeartaigh
>>>>
>>>> Talend Community Coder
>>>> http://coders.talend.com
>>>>
>>>
>>>
>>
>>
>> --
>> Colm O hEigeartaigh
>>
>> Talend Community Coder
>> http://coders.talend.com
>>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: [Dev] WSS4JStaxInInterceptor SecurityEvent
Posted by Isuranga Perera <is...@gmail.com>.
I'm using CXF security policy enforcement without CXF transport. I convert
the policy file to a Neethi object and used PolicyInInterceptor to get
required interceptors to process the security header. I managed to verify
security successfully with stream security enabled.
But now I can't extract the soap body to pass to the service. I need to
know about interceptors which can continue the process from here.
On Wed, Aug 9, 2017 at 8:32 PM, Colm O hEigeartaigh <co...@apache.org>
wrote:
> What exactly are you trying to do with the streaming security interceptors?
>
> Colm.
>
> On Tue, Aug 8, 2017 at 4:53 PM, Isuranga Perera <isurangamperera@gmail.com
> > wrote:
>
>> Hi Colm
>>
>> Thanks for the immediate response. I managed to add stream security
>> interceptors and process security headers. But I found out that they change
>> message.getContent(StreamReader.class). So can you suggest a way to
>> extract SOAPBody from the content?
>>
>> Best Regards
>>
>> On Tue, Aug 8, 2017 at 7:52 PM, Colm O hEigeartaigh <co...@apache.org>
>> wrote:
>>
>>> It's not something that you should need to configure. It's used by the
>>> streaming WS-Security code inside WSS4J to retrieve security "events"
>>> from
>>> either inbound or outbound processing. For example, on an inbound request
>>> you might decrypt a key which you might then need to use to secure the
>>> message reply.
>>>
>>> Colm.
>>>
>>> On Tue, Aug 8, 2017 at 10:51 AM, Isuranga Perera <
>>> isurangamperera@gmail.com>
>>> wrote:
>>>
>>> > Hi
>>> >
>>> > I'm using CXF security processing with stream security. There I was
>>> able
>>> > to find
>>> >
>>> > List<SecurityEvent> requestSecurityEvents =
>>> > (List<SecurityEvent>) soapMessage.getExchange().get(
>>> SecurityEvent.class.getName()
>>> > + ".out");
>>> >
>>> >
>>> > Appreciate if you can explain how to set this SecurityEvent extension
>>> > manually and the purpose of it.
>>> >
>>> > Best Regards
>>> >
>>>
>>>
>>>
>>> --
>>> Colm O hEigeartaigh
>>>
>>> Talend Community Coder
>>> http://coders.talend.com
>>>
>>
>>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
Re: [Dev] WSS4JStaxInInterceptor SecurityEvent
Posted by Isuranga Perera <is...@gmail.com>.
I'm using CXF security policy enforcement without CXF transport. I convert
the policy file to a Neethi object and used PolicyInInterceptor to get
required interceptors to process the security header. I managed to verify
security successfully with stream security enabled.
But now I can't extract the soap body to pass to the service. I need to
know about interceptors which can continue the process from here.
On Wed, Aug 9, 2017 at 8:32 PM, Colm O hEigeartaigh <co...@apache.org>
wrote:
> What exactly are you trying to do with the streaming security interceptors?
>
> Colm.
>
> On Tue, Aug 8, 2017 at 4:53 PM, Isuranga Perera <isurangamperera@gmail.com
> > wrote:
>
>> Hi Colm
>>
>> Thanks for the immediate response. I managed to add stream security
>> interceptors and process security headers. But I found out that they change
>> message.getContent(StreamReader.class). So can you suggest a way to
>> extract SOAPBody from the content?
>>
>> Best Regards
>>
>> On Tue, Aug 8, 2017 at 7:52 PM, Colm O hEigeartaigh <co...@apache.org>
>> wrote:
>>
>>> It's not something that you should need to configure. It's used by the
>>> streaming WS-Security code inside WSS4J to retrieve security "events"
>>> from
>>> either inbound or outbound processing. For example, on an inbound request
>>> you might decrypt a key which you might then need to use to secure the
>>> message reply.
>>>
>>> Colm.
>>>
>>> On Tue, Aug 8, 2017 at 10:51 AM, Isuranga Perera <
>>> isurangamperera@gmail.com>
>>> wrote:
>>>
>>> > Hi
>>> >
>>> > I'm using CXF security processing with stream security. There I was
>>> able
>>> > to find
>>> >
>>> > List<SecurityEvent> requestSecurityEvents =
>>> > (List<SecurityEvent>) soapMessage.getExchange().get(
>>> SecurityEvent.class.getName()
>>> > + ".out");
>>> >
>>> >
>>> > Appreciate if you can explain how to set this SecurityEvent extension
>>> > manually and the purpose of it.
>>> >
>>> > Best Regards
>>> >
>>>
>>>
>>>
>>> --
>>> Colm O hEigeartaigh
>>>
>>> Talend Community Coder
>>> http://coders.talend.com
>>>
>>
>>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
Re: [Dev] WSS4JStaxInInterceptor SecurityEvent
Posted by Colm O hEigeartaigh <co...@apache.org>.
What exactly are you trying to do with the streaming security interceptors?
Colm.
On Tue, Aug 8, 2017 at 4:53 PM, Isuranga Perera <is...@gmail.com>
wrote:
> Hi Colm
>
> Thanks for the immediate response. I managed to add stream security
> interceptors and process security headers. But I found out that they change
> message.getContent(StreamReader.class). So can you suggest a way to
> extract SOAPBody from the content?
>
> Best Regards
>
> On Tue, Aug 8, 2017 at 7:52 PM, Colm O hEigeartaigh <co...@apache.org>
> wrote:
>
>> It's not something that you should need to configure. It's used by the
>> streaming WS-Security code inside WSS4J to retrieve security "events" from
>> either inbound or outbound processing. For example, on an inbound request
>> you might decrypt a key which you might then need to use to secure the
>> message reply.
>>
>> Colm.
>>
>> On Tue, Aug 8, 2017 at 10:51 AM, Isuranga Perera <
>> isurangamperera@gmail.com>
>> wrote:
>>
>> > Hi
>> >
>> > I'm using CXF security processing with stream security. There I was able
>> > to find
>> >
>> > List<SecurityEvent> requestSecurityEvents =
>> > (List<SecurityEvent>) soapMessage.getExchange().get(
>> SecurityEvent.class.getName()
>> > + ".out");
>> >
>> >
>> > Appreciate if you can explain how to set this SecurityEvent extension
>> > manually and the purpose of it.
>> >
>> > Best Regards
>> >
>>
>>
>>
>> --
>> Colm O hEigeartaigh
>>
>> Talend Community Coder
>> http://coders.talend.com
>>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: [Dev] WSS4JStaxInInterceptor SecurityEvent
Posted by Colm O hEigeartaigh <co...@apache.org>.
What exactly are you trying to do with the streaming security interceptors?
Colm.
On Tue, Aug 8, 2017 at 4:53 PM, Isuranga Perera <is...@gmail.com>
wrote:
> Hi Colm
>
> Thanks for the immediate response. I managed to add stream security
> interceptors and process security headers. But I found out that they change
> message.getContent(StreamReader.class). So can you suggest a way to
> extract SOAPBody from the content?
>
> Best Regards
>
> On Tue, Aug 8, 2017 at 7:52 PM, Colm O hEigeartaigh <co...@apache.org>
> wrote:
>
>> It's not something that you should need to configure. It's used by the
>> streaming WS-Security code inside WSS4J to retrieve security "events" from
>> either inbound or outbound processing. For example, on an inbound request
>> you might decrypt a key which you might then need to use to secure the
>> message reply.
>>
>> Colm.
>>
>> On Tue, Aug 8, 2017 at 10:51 AM, Isuranga Perera <
>> isurangamperera@gmail.com>
>> wrote:
>>
>> > Hi
>> >
>> > I'm using CXF security processing with stream security. There I was able
>> > to find
>> >
>> > List<SecurityEvent> requestSecurityEvents =
>> > (List<SecurityEvent>) soapMessage.getExchange().get(
>> SecurityEvent.class.getName()
>> > + ".out");
>> >
>> >
>> > Appreciate if you can explain how to set this SecurityEvent extension
>> > manually and the purpose of it.
>> >
>> > Best Regards
>> >
>>
>>
>>
>> --
>> Colm O hEigeartaigh
>>
>> Talend Community Coder
>> http://coders.talend.com
>>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: [Dev] WSS4JStaxInInterceptor SecurityEvent
Posted by Isuranga Perera <is...@gmail.com>.
Hi Colm
Thanks for the immediate response. I managed to add stream security
interceptors and process security headers. But I found out that they change
message.getContent(StreamReader.class). So can you suggest a way to extract
SOAPBody from the content?
Best Regards
On Tue, Aug 8, 2017 at 7:52 PM, Colm O hEigeartaigh <co...@apache.org>
wrote:
> It's not something that you should need to configure. It's used by the
> streaming WS-Security code inside WSS4J to retrieve security "events" from
> either inbound or outbound processing. For example, on an inbound request
> you might decrypt a key which you might then need to use to secure the
> message reply.
>
> Colm.
>
> On Tue, Aug 8, 2017 at 10:51 AM, Isuranga Perera <
> isurangamperera@gmail.com>
> wrote:
>
> > Hi
> >
> > I'm using CXF security processing with stream security. There I was able
> > to find
> >
> > List<SecurityEvent> requestSecurityEvents =
> > (List<SecurityEvent>) soapMessage.getExchange().get(
> SecurityEvent.class.getName()
> > + ".out");
> >
> >
> > Appreciate if you can explain how to set this SecurityEvent extension
> > manually and the purpose of it.
> >
> > Best Regards
> >
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
Re: [Dev] WSS4JStaxInInterceptor SecurityEvent
Posted by Isuranga Perera <is...@gmail.com>.
Hi Colm
Thanks for the immediate response. I managed to add stream security
interceptors and process security headers. But I found out that they change
message.getContent(StreamReader.class). So can you suggest a way to extract
SOAPBody from the content?
Best Regards
On Tue, Aug 8, 2017 at 7:52 PM, Colm O hEigeartaigh <co...@apache.org>
wrote:
> It's not something that you should need to configure. It's used by the
> streaming WS-Security code inside WSS4J to retrieve security "events" from
> either inbound or outbound processing. For example, on an inbound request
> you might decrypt a key which you might then need to use to secure the
> message reply.
>
> Colm.
>
> On Tue, Aug 8, 2017 at 10:51 AM, Isuranga Perera <
> isurangamperera@gmail.com>
> wrote:
>
> > Hi
> >
> > I'm using CXF security processing with stream security. There I was able
> > to find
> >
> > List<SecurityEvent> requestSecurityEvents =
> > (List<SecurityEvent>) soapMessage.getExchange().get(
> SecurityEvent.class.getName()
> > + ".out");
> >
> >
> > Appreciate if you can explain how to set this SecurityEvent extension
> > manually and the purpose of it.
> >
> > Best Regards
> >
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
Re: [Dev] WSS4JStaxInInterceptor SecurityEvent
Posted by Colm O hEigeartaigh <co...@apache.org>.
It's not something that you should need to configure. It's used by the
streaming WS-Security code inside WSS4J to retrieve security "events" from
either inbound or outbound processing. For example, on an inbound request
you might decrypt a key which you might then need to use to secure the
message reply.
Colm.
On Tue, Aug 8, 2017 at 10:51 AM, Isuranga Perera <is...@gmail.com>
wrote:
> Hi
>
> I'm using CXF security processing with stream security. There I was able
> to find
>
> List<SecurityEvent> requestSecurityEvents =
> (List<SecurityEvent>) soapMessage.getExchange().get(SecurityEvent.class.getName()
> + ".out");
>
>
> Appreciate if you can explain how to set this SecurityEvent extension
> manually and the purpose of it.
>
> Best Regards
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: [Dev] WSS4JStaxInInterceptor SecurityEvent
Posted by Colm O hEigeartaigh <co...@apache.org>.
It's not something that you should need to configure. It's used by the
streaming WS-Security code inside WSS4J to retrieve security "events" from
either inbound or outbound processing. For example, on an inbound request
you might decrypt a key which you might then need to use to secure the
message reply.
Colm.
On Tue, Aug 8, 2017 at 10:51 AM, Isuranga Perera <is...@gmail.com>
wrote:
> Hi
>
> I'm using CXF security processing with stream security. There I was able
> to find
>
> List<SecurityEvent> requestSecurityEvents =
> (List<SecurityEvent>) soapMessage.getExchange().get(SecurityEvent.class.getName()
> + ".out");
>
>
> Appreciate if you can explain how to set this SecurityEvent extension
> manually and the purpose of it.
>
> Best Regards
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com