You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Selena85 <l....@gmail.com> on 2008/06/30 11:04:26 UTC
SOAP Header
Hello I'm newbie in CXF and Spring. My task is to prepear user
authenthication and to log user activities. Now I've got user
authenthication using WSS4JInInterceptor and callback - and it's work fine.
My problem is, how to pass authentication data (username) to the endpoint
implementor class (translatorServiceImpl). Is there any way to do this using
Spring (set a property in class translatorServiceImpl)?
<!-- Service endpoint -->
<jaxws:endpoint id="translatorService"
implementor="#translatorServiceImpl" address="/translation">
<jaxws:serviceFactory>
<ref bean="jaxws-and-aegis-service-factory" />
</jaxws:serviceFactory>
<jaxws:inInterceptors>
<bean
class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<constructor-arg>
<map>
<entry key="action" value="UsernameToken" />
<entry key="passwordType" value="PasswordText" />
<entry key="passwordCallbackClass"
value="pl.waga.service.ServerAuthorizationCallback" />
</map>
</constructor-arg>
</bean>
</jaxws:inInterceptors>
</jaxws:endpoint>
--
View this message in context: http://www.nabble.com/SOAP-Header-tp18191401p18191401.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: SOAP Header
Posted by Selena85 <l....@gmail.com>.
Dan It's really good idea to extends WSS4InInterceptor - in this way it's
possible to set context, but I still have some problem. I've got
ClassCastException in this line:
for (WSSecurityEngineResult o : recv)
I try to find some solution but documentation is realy poor (or I missed
it). Maybe You can help me one more time.
Regards
dkulp wrote:
>
>
> I just committed some code that will make this much easier in cxf
> 2.1.2/2.0.8, but that isn't going to help you right now.
>
> A couple of options...
>
> 1) Use a subclass of WSS4JInInterceptor (this would be my preferred
> approach as it mimics what I just committed). Basically, override the
> handleMessage call to do:
> public void handleMessage(SoapMessage msg) throws Fault {
> super.handleMessage(msg);
> List< WSSecurityEngineResult > recv =
> (List)msg.get("RECV_RESULTS");
> for (WSSecurityEngineResult o : recv) {
> final Principal p =
> (Principal)o.get(WSSecurityEngineResult.TAG_PRINCIPAL);
> if (p != null) {
> SecurityContext c = new SecurityContext() {
> public Principal getUserPrincipal() {
> return p;
> }
> public boolean isUserInRole(String role) {
> return false;
> }
> };
> msg.put(SecurityContext.class, c);
> break;
> }
> }
> }
>
> In your Impl, you then would just do:
>
> @Resource
> WebServiceContext ctx;
> .....
> Principal p = ctx.getUserPrincipal();
> and query whatever you need from that. (it would probably be a
> WSUsernameTokenPrincipal which has the password and other things
> stored in it, but if you use x509 certs, it would be a
> X509Principal) Once 2.1.2/2.0.8 comes out, you could remove the
> WSS4JInInterceptor subclass and the code would still work.
>
> 2) In you impl, you could do:
>
> @Resource
> WebServiceContext ctx;
> .....
> MessageContext ctx = (MessageContext) wsContext.getMessageContext();
> List recv = (List)ctx.get("RECV_RESULTS");
> WSHandlerResult wsResult = (WSHandlerResult)recv.get(0);
> WSSecurityEngineResult wsseResult =
> (WSSecurityEngineResult)wsResult.getResults().get(0);
> Principal principal =
> (Principal)wsseResult.get(WSSecurityEngineResult.TAG_PRINCIPAL);
>
>
> 3) Like (1), you could subclass WSS4JInInterceptor and copy stuff out
> of it and call "msg.put(key, value)" for anything you want. Then
> query them from the WebServiceContext.
>
>
> Dan
>
>
>
>
>
>
>
>
>
>
>
>
>
> On Jul 2, 2008, at 6:43 AM, Selena85 wrote:
>
>>
>> Dan I spend a lot of time trying to do it, but I still cannot achieve
>> success. Maybe You can show me some code snipet.
>> Regards
>>
>> dkulp wrote:
>>>
>>>
>>> On Jun 30, 2008, at 5:04 AM, Selena85 wrote:
>>>
>>>>
>>>> Hello I'm newbie in CXF and Spring. My task is to prepear user
>>>> authenthication and to log user activities. Now I've got user
>>>> authenthication using WSS4JInInterceptor and callback - and it's
>>>> work fine.
>>>> My problem is, how to pass authentication data (username) to the
>>>> endpoint
>>>> implementor class (translatorServiceImpl). Is there any way to do
>>>> this using
>>>> Spring (set a property in class translatorServiceImpl)?
>>>
>>> No, because there is a single instance of the Impl created and is
>>> used
>>> during all invocations. The way this is done is to add:
>>>
>>> @Resource
>>> WebServiceContext ctx;
>>>
>>> To your Impl and the context should get injected. From the context
>>> (which is thread local), you can query any items that are stored in
>>> the Message object in your interceptor.
>>>
>>> Dan
>>>
>>>
>>>
>>>>
>>>> <!-- Service endpoint -->
>>>> <jaxws:endpoint id="translatorService"
>>>> implementor="#translatorServiceImpl" address="/translation">
>>>> <jaxws:serviceFactory>
>>>> <ref bean="jaxws-and-aegis-service-factory" />
>>>> </jaxws:serviceFactory>
>>>> <jaxws:inInterceptors>
>>>> <bean
>>>>
>>>> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
>>>> <constructor-arg>
>>>> <map>
>>>> <entry key="action" value="UsernameToken" />
>>>> <entry key="passwordType"
>>>> value="PasswordText" />
>>>> <entry key="passwordCallbackClass"
>>>>
>>>> value="pl.waga.service.ServerAuthorizationCallback" />
>>>> </map>
>>>> </constructor-arg>
>>>> </bean>
>>>> </jaxws:inInterceptors>
>>>> </jaxws:endpoint>
>>>>
>>>> --
>>>> View this message in context:
>>>> http://www.nabble.com/SOAP-Header-tp18191401p18191401.html
>>>> Sent from the cxf-user mailing list archive at Nabble.com.
>>>>
>>>
>>> ---
>>> Daniel Kulp
>>> dkulp@apache.org
>>> http://www.dankulp.com/blog
>>>
>>>
>>>
>>>
>>>
>>>
>>
>> --
>> View this message in context:
>> http://www.nabble.com/SOAP-Header-tp18191401p18234718.html
>> Sent from the cxf-user mailing list archive at Nabble.com.
>>
>
> ---
> Daniel Kulp
> dkulp@apache.org
> http://www.dankulp.com/blog
>
>
>
>
>
>
--
View this message in context: http://www.nabble.com/SOAP-Header-tp18191401p18268719.html
Sent from the cxf-user mailing list archive at Nabble.com.
RE: SOAP Header
Posted by "Wolf, Chris (IT)" <Ch...@morganstanley.com>.
Dan,
Thanks a lot for this suggestion - this cleared up the problem.
The exact syntax that worked was:
<import resource="classpath:META-INF/cxf/cxf-extension-jaxws.xml" />
-Chris Wolf
-----Original Message-----
From: Daniel Kulp [mailto:dkulp@apache.org]
Sent: Thursday, July 03, 2008 3:04 PM
To: users@cxf.apache.org
Subject: Re: SOAP Header
On Jul 2, 2008, at 5:45 PM, Wolf, Chris (IT) wrote:
> Dan,
>
> I'm doing something similar to this, but in my case, the
> WebServiceContext is not being injected, even though this was working
> in a smaller-scale POC.
That's not good. Are you using spring proxies or anything fancy like
that? It's possible the annotations are hidden behind the proxy or
something.
You can try adding:
<import location="META-INF/cxf/cxf-extension-jaxws.xml"/>
to your spring config. That provides the spring level injection with
a WebServiceContext implementation. Ideally, you shouldn't need to
do that though as the JAX-WS frontend would inject it at startup time.
Worst case, just do:
ctx = new org.apache.cxf.jaxws.context.WebServiceContextImpl();
That should work just as well. (and is all the injection is really
doing anyway).
Dan
>
>
> I'm using setter injection rather then field injection, but as
> mentioned, this worked in my POC. So in my impl I have:
>
> @Resource
> public void setWebServiceContext(WebServiceContext ctx) {
> logger.debug("*** called setWebServiceContext: " +
> ctx.toString());
>
> ((WebServiceContextSettable)partyInfoPM).setWebServiceContext(ctx);
> }
>
> This is simply not being called at runtime. What controls this
> resource injection? Any ideas how I can debug this?
>
> Thanks,
>
> Chris Wolf
>
>
> -----Original Message-----
> From: Daniel Kulp [mailto:dkulp@apache.org]
> Sent: Wednesday, July 02, 2008 1:20 PM
> To: users@cxf.apache.org
> Subject: Re: SOAP Header
>
>
> I just committed some code that will make this much easier in cxf
> 2.1.2/2.0.8, but that isn't going to help you right now.
>
> A couple of options...
>
> 1) Use a subclass of WSS4JInInterceptor (this would be my preferred
> approach as it mimics what I just committed). Basically, override the
> handleMessage call to do:
> public void handleMessage(SoapMessage msg) throws Fault {
> super.handleMessage(msg);
> List< WSSecurityEngineResult > recv =
> (List)msg.get("RECV_RESULTS");
> for (WSSecurityEngineResult o : recv) {
> final Principal p =
> (Principal)o.get(WSSecurityEngineResult.TAG_PRINCIPAL);
> if (p != null) {
> SecurityContext c = new SecurityContext() {
> public Principal getUserPrincipal() {
> return p;
> }
> public boolean isUserInRole(String role) {
> return false;
> }
> };
> msg.put(SecurityContext.class, c);
> break;
> }
> }
> }
>
> In your Impl, you then would just do:
>
> @Resource
> WebServiceContext ctx;
> .....
> Principal p = ctx.getUserPrincipal();
> and query whatever you need from that. (it would probably be a
> WSUsernameTokenPrincipal which has the password and other things
> stored in it, but if you use x509 certs, it would be a
> X509Principal) Once 2.1.2/2.0.8 comes out, you could remove the
> WSS4JInInterceptor subclass and the code would still work.
>
> 2) In you impl, you could do:
>
> @Resource
> WebServiceContext ctx;
> .....
> MessageContext ctx = (MessageContext) wsContext.getMessageContext();
> List recv = (List)ctx.get("RECV_RESULTS"); WSHandlerResult wsResult =
> (WSHandlerResult)recv.get(0); WSSecurityEngineResult wsseResult =
> (WSSecurityEngineResult)wsResult.getResults().get(0);
> Principal principal =
> (Principal)wsseResult.get(WSSecurityEngineResult.TAG_PRINCIPAL);
>
>
> 3) Like (1), you could subclass WSS4JInInterceptor and copy stuff out
> of it and call "msg.put(key, value)" for anything you want. Then
> query them from the WebServiceContext.
>
>
> Dan
>
>
>
>
>
>
>
>
>
>
>
>
>
> On Jul 2, 2008, at 6:43 AM, Selena85 wrote:
>
>>
>> Dan I spend a lot of time trying to do it, but I still cannot achieve
>> success. Maybe You can show me some code snipet.
>> Regards
>>
>> dkulp wrote:
>>>
>>>
>>> On Jun 30, 2008, at 5:04 AM, Selena85 wrote:
>>>
>>>>
>>>> Hello I'm newbie in CXF and Spring. My task is to prepear user
>>>> authenthication and to log user activities. Now I've got user
>>>> authenthication using WSS4JInInterceptor and callback - and it's
>>>> work fine.
>>>> My problem is, how to pass authentication data (username) to the
>>>> endpoint implementor class (translatorServiceImpl). Is there any
>>>> way
>
>>>> to do this using Spring (set a property in class
>>>> translatorServiceImpl)?
>>>
>>> No, because there is a single instance of the Impl created and is
>>> used
>>> during all invocations. The way this is done is to add:
>>>
>>> @Resource
>>> WebServiceContext ctx;
>>>
>>> To your Impl and the context should get injected. From the context
>>> (which is thread local), you can query any items that are stored in
>>> the Message object in your interceptor.
>>>
>>> Dan
>>>
>>>
>>>
>>>>
>>>> <!-- Service endpoint -->
>>>> <jaxws:endpoint id="translatorService"
>>>> implementor="#translatorServiceImpl" address="/translation">
>>>> <jaxws:serviceFactory>
>>>> <ref bean="jaxws-and-aegis-service-factory" />
>>>> </jaxws:serviceFactory>
>>>> <jaxws:inInterceptors>
>>>> <bean
>>>>
>>>> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
>>>> <constructor-arg>
>>>> <map>
>>>> <entry key="action" value="UsernameToken" />
>>>> <entry key="passwordType"
>>>> value="PasswordText" />
>>>> <entry key="passwordCallbackClass"
>>>>
>>>> value="pl.waga.service.ServerAuthorizationCallback" />
>>>> </map>
>>>> </constructor-arg>
>>>> </bean>
>>>> </jaxws:inInterceptors>
>>>> </jaxws:endpoint>
>>>>
>>>> --
>>>> View this message in context:
>>>> http://www.nabble.com/SOAP-Header-tp18191401p18191401.html
>>>> Sent from the cxf-user mailing list archive at Nabble.com.
>>>>
>>>
>>> ---
>>> Daniel Kulp
>>> dkulp@apache.org
>>> http://www.dankulp.com/blog
>>>
>>>
>>>
>>>
>>>
>>>
>>
>> --
>> View this message in context:
>> http://www.nabble.com/SOAP-Header-tp18191401p18234718.html
>> Sent from the cxf-user mailing list archive at Nabble.com.
>>
>
> ---
> Daniel Kulp
> dkulp@apache.org
> http://www.dankulp.com/blog
> --------------------------------------------------------
>
> NOTICE: If received in error, please destroy and notify sender.
> Sender does not intend to waive confidentiality or privilege. Use of
> this email is prohibited when received in error.
---
Daniel Kulp
dkulp@apache.org
http://www.dankulp.com/blog
--------------------------------------------------------
NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.
Re: SOAP Header
Posted by Daniel Kulp <dk...@apache.org>.
On Jul 2, 2008, at 5:45 PM, Wolf, Chris (IT) wrote:
> Dan,
>
> I'm doing something similar to this, but in my case, the
> WebServiceContext
> is not being injected, even though this was working in a smaller-scale
> POC.
That's not good. Are you using spring proxies or anything fancy like
that? It's possible the annotations are hidden behind the proxy or
something.
You can try adding:
<import location="META-INF/cxf/cxf-extension-jaxws.xml"/>
to your spring config. That provides the spring level injection with
a WebServiceContext implementation. Ideally, you shouldn't need to
do that though as the JAX-WS frontend would inject it at startup time.
Worst case, just do:
ctx = new org.apache.cxf.jaxws.context.WebServiceContextImpl();
That should work just as well. (and is all the injection is really
doing anyway).
Dan
>
>
> I'm using setter injection rather then field injection, but as
> mentioned,
> this worked in my POC. So in my impl I have:
>
> @Resource
> public void setWebServiceContext(WebServiceContext ctx) {
> logger.debug("*** called setWebServiceContext: " +
> ctx.toString());
>
> ((WebServiceContextSettable)partyInfoPM).setWebServiceContext(ctx);
> }
>
> This is simply not being called at runtime. What controls this
> resource
> injection? Any ideas how I can debug this?
>
> Thanks,
>
> Chris Wolf
>
>
> -----Original Message-----
> From: Daniel Kulp [mailto:dkulp@apache.org]
> Sent: Wednesday, July 02, 2008 1:20 PM
> To: users@cxf.apache.org
> Subject: Re: SOAP Header
>
>
> I just committed some code that will make this much easier in cxf
> 2.1.2/2.0.8, but that isn't going to help you right now.
>
> A couple of options...
>
> 1) Use a subclass of WSS4JInInterceptor (this would be my preferred
> approach as it mimics what I just committed). Basically, override the
> handleMessage call to do:
> public void handleMessage(SoapMessage msg) throws Fault {
> super.handleMessage(msg);
> List< WSSecurityEngineResult > recv =
> (List)msg.get("RECV_RESULTS");
> for (WSSecurityEngineResult o : recv) {
> final Principal p =
> (Principal)o.get(WSSecurityEngineResult.TAG_PRINCIPAL);
> if (p != null) {
> SecurityContext c = new SecurityContext() {
> public Principal getUserPrincipal() {
> return p;
> }
> public boolean isUserInRole(String role) {
> return false;
> }
> };
> msg.put(SecurityContext.class, c);
> break;
> }
> }
> }
>
> In your Impl, you then would just do:
>
> @Resource
> WebServiceContext ctx;
> .....
> Principal p = ctx.getUserPrincipal();
> and query whatever you need from that. (it would probably be a
> WSUsernameTokenPrincipal which has the password and other things
> stored
> in it, but if you use x509 certs, it would be a
> X509Principal) Once 2.1.2/2.0.8 comes out, you could remove the
> WSS4JInInterceptor subclass and the code would still work.
>
> 2) In you impl, you could do:
>
> @Resource
> WebServiceContext ctx;
> .....
> MessageContext ctx = (MessageContext) wsContext.getMessageContext();
> List recv = (List)ctx.get("RECV_RESULTS"); WSHandlerResult wsResult =
> (WSHandlerResult)recv.get(0); WSSecurityEngineResult wsseResult =
> (WSSecurityEngineResult)wsResult.getResults().get(0);
> Principal principal =
> (Principal)wsseResult.get(WSSecurityEngineResult.TAG_PRINCIPAL);
>
>
> 3) Like (1), you could subclass WSS4JInInterceptor and copy stuff out
> of it and call "msg.put(key, value)" for anything you want. Then
> query them from the WebServiceContext.
>
>
> Dan
>
>
>
>
>
>
>
>
>
>
>
>
>
> On Jul 2, 2008, at 6:43 AM, Selena85 wrote:
>
>>
>> Dan I spend a lot of time trying to do it, but I still cannot achieve
>> success. Maybe You can show me some code snipet.
>> Regards
>>
>> dkulp wrote:
>>>
>>>
>>> On Jun 30, 2008, at 5:04 AM, Selena85 wrote:
>>>
>>>>
>>>> Hello I'm newbie in CXF and Spring. My task is to prepear user
>>>> authenthication and to log user activities. Now I've got user
>>>> authenthication using WSS4JInInterceptor and callback - and it's
>>>> work fine.
>>>> My problem is, how to pass authentication data (username) to the
>>>> endpoint implementor class (translatorServiceImpl). Is there any
>>>> way
>
>>>> to do this using Spring (set a property in class
>>>> translatorServiceImpl)?
>>>
>>> No, because there is a single instance of the Impl created and is
>>> used
>>> during all invocations. The way this is done is to add:
>>>
>>> @Resource
>>> WebServiceContext ctx;
>>>
>>> To your Impl and the context should get injected. From the context
>>> (which is thread local), you can query any items that are stored in
>>> the Message object in your interceptor.
>>>
>>> Dan
>>>
>>>
>>>
>>>>
>>>> <!-- Service endpoint -->
>>>> <jaxws:endpoint id="translatorService"
>>>> implementor="#translatorServiceImpl" address="/translation">
>>>> <jaxws:serviceFactory>
>>>> <ref bean="jaxws-and-aegis-service-factory" />
>>>> </jaxws:serviceFactory>
>>>> <jaxws:inInterceptors>
>>>> <bean
>>>>
>>>> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
>>>> <constructor-arg>
>>>> <map>
>>>> <entry key="action" value="UsernameToken" />
>>>> <entry key="passwordType"
>>>> value="PasswordText" />
>>>> <entry key="passwordCallbackClass"
>>>>
>>>> value="pl.waga.service.ServerAuthorizationCallback" />
>>>> </map>
>>>> </constructor-arg>
>>>> </bean>
>>>> </jaxws:inInterceptors>
>>>> </jaxws:endpoint>
>>>>
>>>> --
>>>> View this message in context:
>>>> http://www.nabble.com/SOAP-Header-tp18191401p18191401.html
>>>> Sent from the cxf-user mailing list archive at Nabble.com.
>>>>
>>>
>>> ---
>>> Daniel Kulp
>>> dkulp@apache.org
>>> http://www.dankulp.com/blog
>>>
>>>
>>>
>>>
>>>
>>>
>>
>> --
>> View this message in context:
>> http://www.nabble.com/SOAP-Header-tp18191401p18234718.html
>> Sent from the cxf-user mailing list archive at Nabble.com.
>>
>
> ---
> Daniel Kulp
> dkulp@apache.org
> http://www.dankulp.com/blog
> --------------------------------------------------------
>
> NOTICE: If received in error, please destroy and notify sender.
> Sender does not intend to waive confidentiality or privilege. Use of
> this email is prohibited when received in error.
---
Daniel Kulp
dkulp@apache.org
http://www.dankulp.com/blog
RE: SOAP Header
Posted by "Wolf, Chris (IT)" <Ch...@morganstanley.com>.
Dan,
I'm doing something similar to this, but in my case, the
WebServiceContext
is not being injected, even though this was working in a smaller-scale
POC.
I'm using setter injection rather then field injection, but as
mentioned,
this worked in my POC. So in my impl I have:
@Resource
public void setWebServiceContext(WebServiceContext ctx) {
logger.debug("*** called setWebServiceContext: " +
ctx.toString());
((WebServiceContextSettable)partyInfoPM).setWebServiceContext(ctx);
}
This is simply not being called at runtime. What controls this resource
injection? Any ideas how I can debug this?
Thanks,
Chris Wolf
-----Original Message-----
From: Daniel Kulp [mailto:dkulp@apache.org]
Sent: Wednesday, July 02, 2008 1:20 PM
To: users@cxf.apache.org
Subject: Re: SOAP Header
I just committed some code that will make this much easier in cxf
2.1.2/2.0.8, but that isn't going to help you right now.
A couple of options...
1) Use a subclass of WSS4JInInterceptor (this would be my preferred
approach as it mimics what I just committed). Basically, override the
handleMessage call to do:
public void handleMessage(SoapMessage msg) throws Fault {
super.handleMessage(msg);
List< WSSecurityEngineResult > recv =
(List)msg.get("RECV_RESULTS");
for (WSSecurityEngineResult o : recv) {
final Principal p =
(Principal)o.get(WSSecurityEngineResult.TAG_PRINCIPAL);
if (p != null) {
SecurityContext c = new SecurityContext() {
public Principal getUserPrincipal() {
return p;
}
public boolean isUserInRole(String role) {
return false;
}
};
msg.put(SecurityContext.class, c);
break;
}
}
}
In your Impl, you then would just do:
@Resource
WebServiceContext ctx;
.....
Principal p = ctx.getUserPrincipal();
and query whatever you need from that. (it would probably be a
WSUsernameTokenPrincipal which has the password and other things stored
in it, but if you use x509 certs, it would be a
X509Principal) Once 2.1.2/2.0.8 comes out, you could remove the
WSS4JInInterceptor subclass and the code would still work.
2) In you impl, you could do:
@Resource
WebServiceContext ctx;
.....
MessageContext ctx = (MessageContext) wsContext.getMessageContext();
List recv = (List)ctx.get("RECV_RESULTS"); WSHandlerResult wsResult =
(WSHandlerResult)recv.get(0); WSSecurityEngineResult wsseResult =
(WSSecurityEngineResult)wsResult.getResults().get(0);
Principal principal =
(Principal)wsseResult.get(WSSecurityEngineResult.TAG_PRINCIPAL);
3) Like (1), you could subclass WSS4JInInterceptor and copy stuff out
of it and call "msg.put(key, value)" for anything you want. Then
query them from the WebServiceContext.
Dan
On Jul 2, 2008, at 6:43 AM, Selena85 wrote:
>
> Dan I spend a lot of time trying to do it, but I still cannot achieve
> success. Maybe You can show me some code snipet.
> Regards
>
> dkulp wrote:
>>
>>
>> On Jun 30, 2008, at 5:04 AM, Selena85 wrote:
>>
>>>
>>> Hello I'm newbie in CXF and Spring. My task is to prepear user
>>> authenthication and to log user activities. Now I've got user
>>> authenthication using WSS4JInInterceptor and callback - and it's
>>> work fine.
>>> My problem is, how to pass authentication data (username) to the
>>> endpoint implementor class (translatorServiceImpl). Is there any way
>>> to do this using Spring (set a property in class
>>> translatorServiceImpl)?
>>
>> No, because there is a single instance of the Impl created and is
>> used
>> during all invocations. The way this is done is to add:
>>
>> @Resource
>> WebServiceContext ctx;
>>
>> To your Impl and the context should get injected. From the context
>> (which is thread local), you can query any items that are stored in
>> the Message object in your interceptor.
>>
>> Dan
>>
>>
>>
>>>
>>> <!-- Service endpoint -->
>>> <jaxws:endpoint id="translatorService"
>>> implementor="#translatorServiceImpl" address="/translation">
>>> <jaxws:serviceFactory>
>>> <ref bean="jaxws-and-aegis-service-factory" />
>>> </jaxws:serviceFactory>
>>> <jaxws:inInterceptors>
>>> <bean
>>>
>>> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
>>> <constructor-arg>
>>> <map>
>>> <entry key="action" value="UsernameToken" />
>>> <entry key="passwordType"
>>> value="PasswordText" />
>>> <entry key="passwordCallbackClass"
>>>
>>> value="pl.waga.service.ServerAuthorizationCallback" />
>>> </map>
>>> </constructor-arg>
>>> </bean>
>>> </jaxws:inInterceptors>
>>> </jaxws:endpoint>
>>>
>>> --
>>> View this message in context:
>>> http://www.nabble.com/SOAP-Header-tp18191401p18191401.html
>>> Sent from the cxf-user mailing list archive at Nabble.com.
>>>
>>
>> ---
>> Daniel Kulp
>> dkulp@apache.org
>> http://www.dankulp.com/blog
>>
>>
>>
>>
>>
>>
>
> --
> View this message in context:
> http://www.nabble.com/SOAP-Header-tp18191401p18234718.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
---
Daniel Kulp
dkulp@apache.org
http://www.dankulp.com/blog
--------------------------------------------------------
NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.
Re: SOAP Header
Posted by Daniel Kulp <dk...@apache.org>.
I just committed some code that will make this much easier in cxf
2.1.2/2.0.8, but that isn't going to help you right now.
A couple of options...
1) Use a subclass of WSS4JInInterceptor (this would be my preferred
approach as it mimics what I just committed). Basically, override the
handleMessage call to do:
public void handleMessage(SoapMessage msg) throws Fault {
super.handleMessage(msg);
List< WSSecurityEngineResult > recv =
(List)msg.get("RECV_RESULTS");
for (WSSecurityEngineResult o : recv) {
final Principal p =
(Principal)o.get(WSSecurityEngineResult.TAG_PRINCIPAL);
if (p != null) {
SecurityContext c = new SecurityContext() {
public Principal getUserPrincipal() {
return p;
}
public boolean isUserInRole(String role) {
return false;
}
};
msg.put(SecurityContext.class, c);
break;
}
}
}
In your Impl, you then would just do:
@Resource
WebServiceContext ctx;
.....
Principal p = ctx.getUserPrincipal();
and query whatever you need from that. (it would probably be a
WSUsernameTokenPrincipal which has the password and other things
stored in it, but if you use x509 certs, it would be a
X509Principal) Once 2.1.2/2.0.8 comes out, you could remove the
WSS4JInInterceptor subclass and the code would still work.
2) In you impl, you could do:
@Resource
WebServiceContext ctx;
.....
MessageContext ctx = (MessageContext) wsContext.getMessageContext();
List recv = (List)ctx.get("RECV_RESULTS");
WSHandlerResult wsResult = (WSHandlerResult)recv.get(0);
WSSecurityEngineResult wsseResult =
(WSSecurityEngineResult)wsResult.getResults().get(0);
Principal principal =
(Principal)wsseResult.get(WSSecurityEngineResult.TAG_PRINCIPAL);
3) Like (1), you could subclass WSS4JInInterceptor and copy stuff out
of it and call "msg.put(key, value)" for anything you want. Then
query them from the WebServiceContext.
Dan
On Jul 2, 2008, at 6:43 AM, Selena85 wrote:
>
> Dan I spend a lot of time trying to do it, but I still cannot achieve
> success. Maybe You can show me some code snipet.
> Regards
>
> dkulp wrote:
>>
>>
>> On Jun 30, 2008, at 5:04 AM, Selena85 wrote:
>>
>>>
>>> Hello I'm newbie in CXF and Spring. My task is to prepear user
>>> authenthication and to log user activities. Now I've got user
>>> authenthication using WSS4JInInterceptor and callback - and it's
>>> work fine.
>>> My problem is, how to pass authentication data (username) to the
>>> endpoint
>>> implementor class (translatorServiceImpl). Is there any way to do
>>> this using
>>> Spring (set a property in class translatorServiceImpl)?
>>
>> No, because there is a single instance of the Impl created and is
>> used
>> during all invocations. The way this is done is to add:
>>
>> @Resource
>> WebServiceContext ctx;
>>
>> To your Impl and the context should get injected. From the context
>> (which is thread local), you can query any items that are stored in
>> the Message object in your interceptor.
>>
>> Dan
>>
>>
>>
>>>
>>> <!-- Service endpoint -->
>>> <jaxws:endpoint id="translatorService"
>>> implementor="#translatorServiceImpl" address="/translation">
>>> <jaxws:serviceFactory>
>>> <ref bean="jaxws-and-aegis-service-factory" />
>>> </jaxws:serviceFactory>
>>> <jaxws:inInterceptors>
>>> <bean
>>>
>>> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
>>> <constructor-arg>
>>> <map>
>>> <entry key="action" value="UsernameToken" />
>>> <entry key="passwordType"
>>> value="PasswordText" />
>>> <entry key="passwordCallbackClass"
>>>
>>> value="pl.waga.service.ServerAuthorizationCallback" />
>>> </map>
>>> </constructor-arg>
>>> </bean>
>>> </jaxws:inInterceptors>
>>> </jaxws:endpoint>
>>>
>>> --
>>> View this message in context:
>>> http://www.nabble.com/SOAP-Header-tp18191401p18191401.html
>>> Sent from the cxf-user mailing list archive at Nabble.com.
>>>
>>
>> ---
>> Daniel Kulp
>> dkulp@apache.org
>> http://www.dankulp.com/blog
>>
>>
>>
>>
>>
>>
>
> --
> View this message in context: http://www.nabble.com/SOAP-Header-tp18191401p18234718.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
---
Daniel Kulp
dkulp@apache.org
http://www.dankulp.com/blog
Re: SOAP Header
Posted by Selena85 <l....@gmail.com>.
Dan I spend a lot of time trying to do it, but I still cannot achieve
success. Maybe You can show me some code snipet.
Regards
dkulp wrote:
>
>
> On Jun 30, 2008, at 5:04 AM, Selena85 wrote:
>
>>
>> Hello I'm newbie in CXF and Spring. My task is to prepear user
>> authenthication and to log user activities. Now I've got user
>> authenthication using WSS4JInInterceptor and callback - and it's
>> work fine.
>> My problem is, how to pass authentication data (username) to the
>> endpoint
>> implementor class (translatorServiceImpl). Is there any way to do
>> this using
>> Spring (set a property in class translatorServiceImpl)?
>
> No, because there is a single instance of the Impl created and is used
> during all invocations. The way this is done is to add:
>
> @Resource
> WebServiceContext ctx;
>
> To your Impl and the context should get injected. From the context
> (which is thread local), you can query any items that are stored in
> the Message object in your interceptor.
>
> Dan
>
>
>
>>
>> <!-- Service endpoint -->
>> <jaxws:endpoint id="translatorService"
>> implementor="#translatorServiceImpl" address="/translation">
>> <jaxws:serviceFactory>
>> <ref bean="jaxws-and-aegis-service-factory" />
>> </jaxws:serviceFactory>
>> <jaxws:inInterceptors>
>> <bean
>>
>> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
>> <constructor-arg>
>> <map>
>> <entry key="action" value="UsernameToken" />
>> <entry key="passwordType"
>> value="PasswordText" />
>> <entry key="passwordCallbackClass"
>>
>> value="pl.waga.service.ServerAuthorizationCallback" />
>> </map>
>> </constructor-arg>
>> </bean>
>> </jaxws:inInterceptors>
>> </jaxws:endpoint>
>>
>> --
>> View this message in context:
>> http://www.nabble.com/SOAP-Header-tp18191401p18191401.html
>> Sent from the cxf-user mailing list archive at Nabble.com.
>>
>
> ---
> Daniel Kulp
> dkulp@apache.org
> http://www.dankulp.com/blog
>
>
>
>
>
>
--
View this message in context: http://www.nabble.com/SOAP-Header-tp18191401p18234718.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: SOAP Header
Posted by Ulhas Bhole <ul...@iona.com>.
http://cwiki.apache.org/CXF/faq.html#FAQ-HowcanIaddsoapheaderstotherequest%252Fresponse%253F
This might be of interest to you. Check the section on Headers.
What you are asking probably is the option 4 in this section which
allows you to get handle to the JAX-WS Request Context and add the
header their which will be available at the other end in
WebServiceContext when you add the resource injection as suggested by Dan.
If you need more help take a look at the system test here:
http://svn.apache.org/repos/asf/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/outofband/header/
Regards,
Ulhas Bhole
Selena85 wrote:
> Hey, could You show me how to inject the username into context. It should be
> done in Spring or in Java code?
>
> dkulp wrote:
>
>> On Jun 30, 2008, at 5:04 AM, Selena85 wrote:
>>
>>
>>> Hello I'm newbie in CXF and Spring. My task is to prepear user
>>> authenthication and to log user activities. Now I've got user
>>> authenthication using WSS4JInInterceptor and callback - and it's
>>> work fine.
>>> My problem is, how to pass authentication data (username) to the
>>> endpoint
>>> implementor class (translatorServiceImpl). Is there any way to do
>>> this using
>>> Spring (set a property in class translatorServiceImpl)?
>>>
>> No, because there is a single instance of the Impl created and is used
>> during all invocations. The way this is done is to add:
>>
>> @Resource
>> WebServiceContext ctx;
>>
>> To your Impl and the context should get injected. From the context
>> (which is thread local), you can query any items that are stored in
>> the Message object in your interceptor.
>>
>> Dan
>>
>>
>>
>>
>>> <!-- Service endpoint -->
>>> <jaxws:endpoint id="translatorService"
>>> implementor="#translatorServiceImpl" address="/translation">
>>> <jaxws:serviceFactory>
>>> <ref bean="jaxws-and-aegis-service-factory" />
>>> </jaxws:serviceFactory>
>>> <jaxws:inInterceptors>
>>> <bean
>>>
>>> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
>>> <constructor-arg>
>>> <map>
>>> <entry key="action" value="UsernameToken" />
>>> <entry key="passwordType"
>>> value="PasswordText" />
>>> <entry key="passwordCallbackClass"
>>>
>>> value="pl.waga.service.ServerAuthorizationCallback" />
>>> </map>
>>> </constructor-arg>
>>> </bean>
>>> </jaxws:inInterceptors>
>>> </jaxws:endpoint>
>>>
>>> --
>>> View this message in context:
>>> http://www.nabble.com/SOAP-Header-tp18191401p18191401.html
>>> Sent from the cxf-user mailing list archive at Nabble.com.
>>>
>>>
>> ---
>> Daniel Kulp
>> dkulp@apache.org
>> http://www.dankulp.com/blog
>>
>>
>>
>>
>>
>>
>>
>
>
----------------------------
IONA Technologies PLC (registered in Ireland)
Registered Number: 171387
Registered Address: The IONA Building, Shelbourne Road, Dublin 4, Ireland
Re: SOAP Header
Posted by Selena85 <l....@gmail.com>.
Hey, could You show me how to inject the username into context. It should be
done in Spring or in Java code?
dkulp wrote:
>
>
> On Jun 30, 2008, at 5:04 AM, Selena85 wrote:
>
>>
>> Hello I'm newbie in CXF and Spring. My task is to prepear user
>> authenthication and to log user activities. Now I've got user
>> authenthication using WSS4JInInterceptor and callback - and it's
>> work fine.
>> My problem is, how to pass authentication data (username) to the
>> endpoint
>> implementor class (translatorServiceImpl). Is there any way to do
>> this using
>> Spring (set a property in class translatorServiceImpl)?
>
> No, because there is a single instance of the Impl created and is used
> during all invocations. The way this is done is to add:
>
> @Resource
> WebServiceContext ctx;
>
> To your Impl and the context should get injected. From the context
> (which is thread local), you can query any items that are stored in
> the Message object in your interceptor.
>
> Dan
>
>
>
>>
>> <!-- Service endpoint -->
>> <jaxws:endpoint id="translatorService"
>> implementor="#translatorServiceImpl" address="/translation">
>> <jaxws:serviceFactory>
>> <ref bean="jaxws-and-aegis-service-factory" />
>> </jaxws:serviceFactory>
>> <jaxws:inInterceptors>
>> <bean
>>
>> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
>> <constructor-arg>
>> <map>
>> <entry key="action" value="UsernameToken" />
>> <entry key="passwordType"
>> value="PasswordText" />
>> <entry key="passwordCallbackClass"
>>
>> value="pl.waga.service.ServerAuthorizationCallback" />
>> </map>
>> </constructor-arg>
>> </bean>
>> </jaxws:inInterceptors>
>> </jaxws:endpoint>
>>
>> --
>> View this message in context:
>> http://www.nabble.com/SOAP-Header-tp18191401p18191401.html
>> Sent from the cxf-user mailing list archive at Nabble.com.
>>
>
> ---
> Daniel Kulp
> dkulp@apache.org
> http://www.dankulp.com/blog
>
>
>
>
>
>
--
View this message in context: http://www.nabble.com/SOAP-Header-tp18191401p18211757.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: SOAP Header
Posted by Daniel Kulp <dk...@apache.org>.
On Jun 30, 2008, at 5:04 AM, Selena85 wrote:
>
> Hello I'm newbie in CXF and Spring. My task is to prepear user
> authenthication and to log user activities. Now I've got user
> authenthication using WSS4JInInterceptor and callback - and it's
> work fine.
> My problem is, how to pass authentication data (username) to the
> endpoint
> implementor class (translatorServiceImpl). Is there any way to do
> this using
> Spring (set a property in class translatorServiceImpl)?
No, because there is a single instance of the Impl created and is used
during all invocations. The way this is done is to add:
@Resource
WebServiceContext ctx;
To your Impl and the context should get injected. From the context
(which is thread local), you can query any items that are stored in
the Message object in your interceptor.
Dan
>
> <!-- Service endpoint -->
> <jaxws:endpoint id="translatorService"
> implementor="#translatorServiceImpl" address="/translation">
> <jaxws:serviceFactory>
> <ref bean="jaxws-and-aegis-service-factory" />
> </jaxws:serviceFactory>
> <jaxws:inInterceptors>
> <bean
>
> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
> <constructor-arg>
> <map>
> <entry key="action" value="UsernameToken" />
> <entry key="passwordType"
> value="PasswordText" />
> <entry key="passwordCallbackClass"
>
> value="pl.waga.service.ServerAuthorizationCallback" />
> </map>
> </constructor-arg>
> </bean>
> </jaxws:inInterceptors>
> </jaxws:endpoint>
>
> --
> View this message in context: http://www.nabble.com/SOAP-Header-tp18191401p18191401.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
---
Daniel Kulp
dkulp@apache.org
http://www.dankulp.com/blog