You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Néstor Boscán <ne...@gmail.com> on 2015/06/08 23:28:42 UTC
How to dynamically set Basic Authentication username and password for
CXF SOAP client
Hi
I created a web service with an interceptor for Basic Authentication:
public class BasicAuthorizationInterceptor extends SoapHeaderInterceptor {
protected static final Logger logger =
LoggerFactory.getLogger(BasicAuthorizationInterceptor.class);
private WhitePagesBf whitePagesBf;
@Override
public void handleMessage(Message message) throws Fault {
AuthorizationPolicy policy = message.get(AuthorizationPolicy.class);
if (policy == null) {
sendErrorResponse(message, HttpURLConnection.HTTP_UNAUTHORIZED);
return;
}
if (!authenticate(policy.getUserName(), policy.getPassword())) {
logger.warn("Invalid username or password for user: " +
policy.getUserName());
sendErrorResponse(message, HttpURLConnection.HTTP_FORBIDDEN);
}
}
private boolean authenticate(String userName, String password) {
...
}
private void sendErrorResponse(Message message, int responseCode) {
Message outMessage = getOutMessage(message);
outMessage.put(Message.RESPONSE_CODE, responseCode);
Map responseHeaders = (Map) message.get(Message.PROTOCOL_HEADERS);
if (responseHeaders != null) {
responseHeaders.put("WWW-Authenticate", Arrays.asList(new
String[]{"Basic realm=realm"}));
responseHeaders.put("Content-length", Arrays.asList(new
String[]{"0"}));
}
message.getInterceptorChain().abort();
try {
getConduit(message).prepare(outMessage);
close(outMessage);
} catch (IOException e) {
logger.warn(e.getMessage(), e);
}
}
private Message getOutMessage(Message inMessage) {
Exchange exchange = inMessage.getExchange();
Message outMessage = exchange.getOutMessage();
if (outMessage == null) {
Endpoint endpoint = exchange.get(Endpoint.class);
outMessage = endpoint.getBinding().createMessage();
exchange.setOutMessage(outMessage);
}
outMessage.putAll(inMessage);
return outMessage;
}
private Conduit getConduit(Message inMessage) throws IOException {
Exchange exchange = inMessage.getExchange();
EndpointReferenceType target =
exchange.get(EndpointReferenceType.class);
Conduit conduit =
exchange.getDestination().getBackChannel(inMessage, null, target);
exchange.setConduit(conduit);
return conduit;
}
private void close(Message outMessage) throws IOException {
OutputStream os = outMessage.getContent(OutputStream.class);
os.flush();
os.close();
}
public void setWhitePagesBf(WhitePagesBf whitePagesBf) {
this.whitePagesBf = whitePagesBf;
}
public WhitePagesBf getWhitePagesBf() {
return whitePagesBf;
}
}
I'm trying to invoke this web service setting the username and password
like this:
((BindingProvider)
client).getRequestContext().put(BindingProvider.USERNAME_PROPERTY,
username);
((BindingProvider)
client).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY,
password);
But when I invoke in the Interceptor the policy Object is null.
Any ideas?
Regards,
Néstor
Re: How to dynamically set Basic Authentication username and password
for CXF SOAP client
Posted by Néstor Boscán <ne...@gmail.com>.
It looks like WebLogic or another Interceptor is blocking the execution of
my interceptor. If I send weblogics username and password then it will pass
and run my interceptor.
Regards,
Néstor
On Tue, Jun 9, 2015 at 5:59 AM, Colm O hEigeartaigh <co...@apache.org>
wrote:
> I tested the following and it does result in a Basic Auth header being
> created:
>
>
> ((BindingProvider)port).getRequestContext().put(BindingProvider.USERNAME_PROPERTY,
> "alice");
>
> ((BindingProvider)port).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY,
> "clarinet");
>
> It sounds like the problem is in your interceptor on the receiving side,
> and not on the client side. Enable message logging to take a look at the
> request + make sure that the header is being correctly added to the
> request.
>
> Colm.
>
> On Mon, Jun 8, 2015 at 10:28 PM, Néstor Boscán <ne...@gmail.com> wrote:
>
> > Hi
> >
> > I created a web service with an interceptor for Basic Authentication:
> >
> > public class BasicAuthorizationInterceptor extends SoapHeaderInterceptor
> {
> > protected static final Logger logger =
> > LoggerFactory.getLogger(BasicAuthorizationInterceptor.class);
> >
> > private WhitePagesBf whitePagesBf;
> >
> > @Override
> > public void handleMessage(Message message) throws Fault {
> > AuthorizationPolicy policy =
> > message.get(AuthorizationPolicy.class);
> >
> > if (policy == null) {
> > sendErrorResponse(message,
> > HttpURLConnection.HTTP_UNAUTHORIZED);
> > return;
> > }
> >
> > if (!authenticate(policy.getUserName(), policy.getPassword())) {
> > logger.warn("Invalid username or password for user: " +
> > policy.getUserName());
> > sendErrorResponse(message, HttpURLConnection.HTTP_FORBIDDEN);
> > }
> > }
> >
> > private boolean authenticate(String userName, String password) {
> > ...
> > }
> >
> > private void sendErrorResponse(Message message, int responseCode) {
> > Message outMessage = getOutMessage(message);
> > outMessage.put(Message.RESPONSE_CODE, responseCode);
> >
> > Map responseHeaders = (Map)
> message.get(Message.PROTOCOL_HEADERS);
> > if (responseHeaders != null) {
> > responseHeaders.put("WWW-Authenticate", Arrays.asList(new
> > String[]{"Basic realm=realm"}));
> > responseHeaders.put("Content-length", Arrays.asList(new
> > String[]{"0"}));
> > }
> > message.getInterceptorChain().abort();
> > try {
> > getConduit(message).prepare(outMessage);
> > close(outMessage);
> > } catch (IOException e) {
> > logger.warn(e.getMessage(), e);
> > }
> > }
> >
> > private Message getOutMessage(Message inMessage) {
> > Exchange exchange = inMessage.getExchange();
> > Message outMessage = exchange.getOutMessage();
> > if (outMessage == null) {
> > Endpoint endpoint = exchange.get(Endpoint.class);
> > outMessage = endpoint.getBinding().createMessage();
> > exchange.setOutMessage(outMessage);
> > }
> > outMessage.putAll(inMessage);
> > return outMessage;
> > }
> >
> > private Conduit getConduit(Message inMessage) throws IOException {
> > Exchange exchange = inMessage.getExchange();
> > EndpointReferenceType target =
> > exchange.get(EndpointReferenceType.class);
> > Conduit conduit =
> > exchange.getDestination().getBackChannel(inMessage, null, target);
> > exchange.setConduit(conduit);
> > return conduit;
> > }
> >
> > private void close(Message outMessage) throws IOException {
> > OutputStream os = outMessage.getContent(OutputStream.class);
> > os.flush();
> > os.close();
> > }
> >
> > public void setWhitePagesBf(WhitePagesBf whitePagesBf) {
> > this.whitePagesBf = whitePagesBf;
> > }
> >
> > public WhitePagesBf getWhitePagesBf() {
> > return whitePagesBf;
> > }
> > }
> >
> > I'm trying to invoke this web service setting the username and password
> > like this:
> >
> > ((BindingProvider)
> > client).getRequestContext().put(BindingProvider.USERNAME_PROPERTY,
> > username);
> > ((BindingProvider)
> > client).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY,
> > password);
> >
> > But when I invoke in the Interceptor the policy Object is null.
> >
> > Any ideas?
> >
> > Regards,
> >
> > Néstor
> >
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
Re: How to dynamically set Basic Authentication username and password
for CXF SOAP client
Posted by Colm O hEigeartaigh <co...@apache.org>.
I tested the following and it does result in a Basic Auth header being
created:
((BindingProvider)port).getRequestContext().put(BindingProvider.USERNAME_PROPERTY,
"alice");
((BindingProvider)port).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY,
"clarinet");
It sounds like the problem is in your interceptor on the receiving side,
and not on the client side. Enable message logging to take a look at the
request + make sure that the header is being correctly added to the request.
Colm.
On Mon, Jun 8, 2015 at 10:28 PM, Néstor Boscán <ne...@gmail.com> wrote:
> Hi
>
> I created a web service with an interceptor for Basic Authentication:
>
> public class BasicAuthorizationInterceptor extends SoapHeaderInterceptor {
> protected static final Logger logger =
> LoggerFactory.getLogger(BasicAuthorizationInterceptor.class);
>
> private WhitePagesBf whitePagesBf;
>
> @Override
> public void handleMessage(Message message) throws Fault {
> AuthorizationPolicy policy =
> message.get(AuthorizationPolicy.class);
>
> if (policy == null) {
> sendErrorResponse(message,
> HttpURLConnection.HTTP_UNAUTHORIZED);
> return;
> }
>
> if (!authenticate(policy.getUserName(), policy.getPassword())) {
> logger.warn("Invalid username or password for user: " +
> policy.getUserName());
> sendErrorResponse(message, HttpURLConnection.HTTP_FORBIDDEN);
> }
> }
>
> private boolean authenticate(String userName, String password) {
> ...
> }
>
> private void sendErrorResponse(Message message, int responseCode) {
> Message outMessage = getOutMessage(message);
> outMessage.put(Message.RESPONSE_CODE, responseCode);
>
> Map responseHeaders = (Map) message.get(Message.PROTOCOL_HEADERS);
> if (responseHeaders != null) {
> responseHeaders.put("WWW-Authenticate", Arrays.asList(new
> String[]{"Basic realm=realm"}));
> responseHeaders.put("Content-length", Arrays.asList(new
> String[]{"0"}));
> }
> message.getInterceptorChain().abort();
> try {
> getConduit(message).prepare(outMessage);
> close(outMessage);
> } catch (IOException e) {
> logger.warn(e.getMessage(), e);
> }
> }
>
> private Message getOutMessage(Message inMessage) {
> Exchange exchange = inMessage.getExchange();
> Message outMessage = exchange.getOutMessage();
> if (outMessage == null) {
> Endpoint endpoint = exchange.get(Endpoint.class);
> outMessage = endpoint.getBinding().createMessage();
> exchange.setOutMessage(outMessage);
> }
> outMessage.putAll(inMessage);
> return outMessage;
> }
>
> private Conduit getConduit(Message inMessage) throws IOException {
> Exchange exchange = inMessage.getExchange();
> EndpointReferenceType target =
> exchange.get(EndpointReferenceType.class);
> Conduit conduit =
> exchange.getDestination().getBackChannel(inMessage, null, target);
> exchange.setConduit(conduit);
> return conduit;
> }
>
> private void close(Message outMessage) throws IOException {
> OutputStream os = outMessage.getContent(OutputStream.class);
> os.flush();
> os.close();
> }
>
> public void setWhitePagesBf(WhitePagesBf whitePagesBf) {
> this.whitePagesBf = whitePagesBf;
> }
>
> public WhitePagesBf getWhitePagesBf() {
> return whitePagesBf;
> }
> }
>
> I'm trying to invoke this web service setting the username and password
> like this:
>
> ((BindingProvider)
> client).getRequestContext().put(BindingProvider.USERNAME_PROPERTY,
> username);
> ((BindingProvider)
> client).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY,
> password);
>
> But when I invoke in the Interceptor the policy Object is null.
>
> Any ideas?
>
> Regards,
>
> Néstor
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com