Custom validation of Security Context Token

[CauchyPeano <de...@gmail.com>]

Hello

I am wondering what is the right way to configure validation for Security
Context Token. 

I have a following token:
<soapenv:Header>
  <wsse:Security>
    <wsc:SecurityContextToken>
     
<wsc:Identifier>bipro:up.JsKkyMqC5E5PyWencTY7AZbAMSBM8C</wsc:Identifier>
    </wsc:SecurityContextToken>
  </wsse:Security>
</soapenv:Header>

I need just to check on other service if this token is valid or not. I am
trying to understand where and how to write this code. I am implementing
following interface: org.apache.wss4j.dom.validate.Validator

So far I have following questions:
1. What do I need to set in Validator.validate in Credential result object
to indicate that validation was successful or not?
2. How do I access Credential data from my Cxf Service Endpoint
Implementation?

Thanks in advance
Igor



--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html

Re: Custom validation of Security Context Token

[Colm O hEigeartaigh <co...@apache.org>]

Answers inline.


> 1. What do I need to set in Validator.validate in Credential result object
> to indicate that validation was successful or not?
>

Validation is deemed to be successful if there is a valid Credential object
returned, and no exception is thrown.



> 2. How do I access Credential data from my Cxf Service Endpoint
> Implementation?
>

The SecurityContextToken is validated here:
https://github.com/apache/ws-wss4j/blob/a85fd33f2d41f92edabb1d629946a87f524d7fd7/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SecurityContextTokenProcessor.java

It stores the DOM Element corresponding to the SecurityContextToken, the
token Id, and a secret key associated with the token in a
WSSecurityEngineResult,
which can be accessed by CXF down the line.

Colm.


>
> Thanks in advance
> Igor
>
>
>
> --
> Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
>