You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Burkard Stephan <St...@visana.ch> on 2018/09/17 15:19:05 UTC
Configure SamlCallbackHandler for Dispatch client
Hi
I am trying to "decorate" an outgoing web service call with a SAML token for authentication. Therefore I have written a SamlCallbackHandler. It is for sure not yet complete, but I am already failing to configure it onto my CXF client which is a Dispatch client.
I have found that I need to configure the key SecurityConstants.SAML_CALLBACK_HANDLER with my SamlCallbackHandler instance.
I also found JAX-B based examples who configure the handler on the web service port type:
((BindingProvider)saml2Port).getRequestContext().put(
"ws-security.saml-callback-handler", new SamlCallbackHandler()
);
But my dispatch client has no port type class. It looks like this (simplified names):
@Bean
public Dispatch<Source> myClient(final SamlCallbackHandler samlCallbackHandler) {
QName serviceName = new QName("namespace", "service");
QName portName = new QName("namespace ", "port");
Service service = Service.create(serviceName);
service.addPort(portName, SOAPBinding.SOAP11HTTP_BINDING, "address");
Dispatch<Source> dispatch = service.createDispatch(portName, Source.class, Service.Mode.PAYLOAD);
Client client = ((org.apache.cxf.jaxws.DispatchImpl)dispatch).getClient();
client.getInInterceptors().add(new LoggingInInterceptor());
client.getOutInterceptors().add(new LoggingOutInterceptor());
return dispatch;
}
On this client I tried to configure my SamlCallbackHandler like this:
1. client.getRequestContext().put(SecurityConstants.SAML_CALLBACK_HANDLER, samlCallbackHandler);
2. client.getEndpoint().put(SecurityConstants.SAML_CALLBACK_HANDLER, samlCallbackHandler);
Unfortunately none of them works, the handle method of the handler is never called and therefore the outgoing request has no token.
How can I configure the SamlCallbackHandler on a Dispatch client? I did not found an example in the CXF project.
Thanks
Stephan
Re: Configure SamlCallbackHandler for Dispatch client
Posted by Colm O hEigeartaigh <co...@apache.org>.
The SecurityConstants configuration tags only apply to WS-SecurityPolicy
configuration, and not when you are using the WSS4JOutInterceptor. Instead
you can use "ConfigurationConstants.SAML_CALLBACK_CLASS".
Colm.
On Tue, Sep 18, 2018 at 10:38 AM Burkard Stephan <St...@visana.ch>
wrote:
> Thanks Colm
>
> I just found an example with a WSS4JOutInterceptor and my
> SamlCallbackHandler gets called now.
>
> What I noticed: On the WSS4JOutInterceptor I have to use
> ConfigurationConstants.SAML_CALLBACK_REF. When I use
> SecurityConstants.SAML_CALLBACK_HANDLER instead, I get an error saying that
> no SAML callback handler is defined.
>
> @Bean
> public WSS4JOutInterceptor wss4JOutInterceptor(final
> SamlCallbackHandler samlCallbackHandler) {
> Map<String, Object> properties = new HashMap<>();
> properties.put(ConfigurationConstants.ACTION,
> ConfigurationConstants.SAML_TOKEN_SIGNED);
> properties.put(ConfigurationConstants.SAML_CALLBACK_REF,
> samlCallbackHandler);
> return new WSS4JOutInterceptor(properties);
> }
>
> @Bean
> public Dispatch<Source> myClient (final WSS4JOutInterceptor
> wss4JOutInterceptor) {
> QName serviceName = new QName("namespace", "service");
> QName portName = new QName("namespace ", "port");
> Service service = Service.create(serviceName);
> service.addPort(portName, SOAPBinding.SOAP11HTTP_BINDING,
> "address");
> Dispatch<Source> dispatch = service.createDispatch(portName,
> Source.class, Service.Mode.PAYLOAD);
> Client client =
> ((org.apache.cxf.jaxws.DispatchImpl)dispatch).getClient();
> client.getInInterceptors().add(new LoggingInInterceptor());
> client.getOutInterceptors().add(new LoggingOutInterceptor());
> client.getOutInterceptors().add(wss4JOutInterceptor);
> return dispatch;
> }
>
> Stephan
>
>
> -----Ursprüngliche Nachricht-----
> Von: Colm O hEigeartaigh <co...@apache.org>
> Gesendet: Dienstag, 18. September 2018 11:21
> An: users@cxf.apache.org
> Betreff: Re: Configure SamlCallbackHandler for Dispatch client
>
> Putting it on the client request context should work. The question is
> though, how are you configuring that a SAML token is required? Setting the
> SAML CallbackHandler is not enough - either you need to have a SamlToken
> policy assertion in the WSDL (or in a local policy file) or else you need
> to set up the WSS4JOutInterceptor to configure it to include a SAML token.
>
> Colm.
>
> On Mon, Sep 17, 2018 at 4:19 PM Burkard Stephan <Stephan.Burkard@visana.ch
> >
> wrote:
>
> > Hi
> >
> > I am trying to "decorate" an outgoing web service call with a SAML
> > token for authentication. Therefore I have written a
> > SamlCallbackHandler. It is for sure not yet complete, but I am already
> > failing to configure it onto my CXF client which is a Dispatch client.
> >
> > I have found that I need to configure the key
> > SecurityConstants.SAML_CALLBACK_HANDLER with my SamlCallbackHandler
> > instance.
> >
> > I also found JAX-B based examples who configure the handler on the web
> > service port type:
> > ((BindingProvider)saml2Port).getRequestContext().put(
> > "ws-security.saml-callback-handler", new SamlCallbackHandler()
> > );
> >
> > But my dispatch client has no port type class. It looks like this
> > (simplified names):
> >
> > @Bean
> > public Dispatch<Source> myClient(final SamlCallbackHandler
> > samlCallbackHandler) {
> > QName serviceName = new QName("namespace", "service");
> > QName portName = new QName("namespace ", "port");
> > Service service = Service.create(serviceName);
> > service.addPort(portName, SOAPBinding.SOAP11HTTP_BINDING,
> > "address");
> > Dispatch<Source> dispatch = service.createDispatch(portName,
> > Source.class, Service.Mode.PAYLOAD);
> > Client client =
> > ((org.apache.cxf.jaxws.DispatchImpl)dispatch).getClient();
> > client.getInInterceptors().add(new LoggingInInterceptor());
> > client.getOutInterceptors().add(new LoggingOutInterceptor());
> > return dispatch;
> > }
> >
> > On this client I tried to configure my SamlCallbackHandler like this:
> >
> > 1.
> > client.getRequestContext().put(SecurityConstants.SAML_CALLBACK_HANDLER
> > ,
> > samlCallbackHandler);
> > 2.
> > client.getEndpoint().put(SecurityConstants.SAML_CALLBACK_HANDLER,
> > samlCallbackHandler);
> >
> > Unfortunately none of them works, the handle method of the handler is
> > never called and therefore the outgoing request has no token.
> >
> > How can I configure the SamlCallbackHandler on a Dispatch client? I
> > did not found an example in the CXF project.
> >
> > Thanks
> > Stephan
> >
> >
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
AW: Configure SamlCallbackHandler for Dispatch client
Posted by Burkard Stephan <St...@visana.ch>.
Thanks Colm
I just found an example with a WSS4JOutInterceptor and my SamlCallbackHandler gets called now.
What I noticed: On the WSS4JOutInterceptor I have to use ConfigurationConstants.SAML_CALLBACK_REF. When I use SecurityConstants.SAML_CALLBACK_HANDLER instead, I get an error saying that no SAML callback handler is defined.
@Bean
public WSS4JOutInterceptor wss4JOutInterceptor(final SamlCallbackHandler samlCallbackHandler) {
Map<String, Object> properties = new HashMap<>();
properties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_SIGNED);
properties.put(ConfigurationConstants.SAML_CALLBACK_REF, samlCallbackHandler);
return new WSS4JOutInterceptor(properties);
}
@Bean
public Dispatch<Source> myClient (final WSS4JOutInterceptor wss4JOutInterceptor) {
QName serviceName = new QName("namespace", "service");
QName portName = new QName("namespace ", "port");
Service service = Service.create(serviceName);
service.addPort(portName, SOAPBinding.SOAP11HTTP_BINDING, "address");
Dispatch<Source> dispatch = service.createDispatch(portName, Source.class, Service.Mode.PAYLOAD);
Client client = ((org.apache.cxf.jaxws.DispatchImpl)dispatch).getClient();
client.getInInterceptors().add(new LoggingInInterceptor());
client.getOutInterceptors().add(new LoggingOutInterceptor());
client.getOutInterceptors().add(wss4JOutInterceptor);
return dispatch;
}
Stephan
-----Ursprüngliche Nachricht-----
Von: Colm O hEigeartaigh <co...@apache.org>
Gesendet: Dienstag, 18. September 2018 11:21
An: users@cxf.apache.org
Betreff: Re: Configure SamlCallbackHandler for Dispatch client
Putting it on the client request context should work. The question is though, how are you configuring that a SAML token is required? Setting the SAML CallbackHandler is not enough - either you need to have a SamlToken policy assertion in the WSDL (or in a local policy file) or else you need to set up the WSS4JOutInterceptor to configure it to include a SAML token.
Colm.
On Mon, Sep 17, 2018 at 4:19 PM Burkard Stephan <St...@visana.ch>
wrote:
> Hi
>
> I am trying to "decorate" an outgoing web service call with a SAML
> token for authentication. Therefore I have written a
> SamlCallbackHandler. It is for sure not yet complete, but I am already
> failing to configure it onto my CXF client which is a Dispatch client.
>
> I have found that I need to configure the key
> SecurityConstants.SAML_CALLBACK_HANDLER with my SamlCallbackHandler
> instance.
>
> I also found JAX-B based examples who configure the handler on the web
> service port type:
> ((BindingProvider)saml2Port).getRequestContext().put(
> "ws-security.saml-callback-handler", new SamlCallbackHandler()
> );
>
> But my dispatch client has no port type class. It looks like this
> (simplified names):
>
> @Bean
> public Dispatch<Source> myClient(final SamlCallbackHandler
> samlCallbackHandler) {
> QName serviceName = new QName("namespace", "service");
> QName portName = new QName("namespace ", "port");
> Service service = Service.create(serviceName);
> service.addPort(portName, SOAPBinding.SOAP11HTTP_BINDING,
> "address");
> Dispatch<Source> dispatch = service.createDispatch(portName,
> Source.class, Service.Mode.PAYLOAD);
> Client client =
> ((org.apache.cxf.jaxws.DispatchImpl)dispatch).getClient();
> client.getInInterceptors().add(new LoggingInInterceptor());
> client.getOutInterceptors().add(new LoggingOutInterceptor());
> return dispatch;
> }
>
> On this client I tried to configure my SamlCallbackHandler like this:
>
> 1.
> client.getRequestContext().put(SecurityConstants.SAML_CALLBACK_HANDLER
> ,
> samlCallbackHandler);
> 2.
> client.getEndpoint().put(SecurityConstants.SAML_CALLBACK_HANDLER,
> samlCallbackHandler);
>
> Unfortunately none of them works, the handle method of the handler is
> never called and therefore the outgoing request has no token.
>
> How can I configure the SamlCallbackHandler on a Dispatch client? I
> did not found an example in the CXF project.
>
> Thanks
> Stephan
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: Configure SamlCallbackHandler for Dispatch client
Posted by Colm O hEigeartaigh <co...@apache.org>.
Putting it on the client request context should work. The question is
though, how are you configuring that a SAML token is required? Setting the
SAML CallbackHandler is not enough - either you need to have a SamlToken
policy assertion in the WSDL (or in a local policy file) or else you need
to set up the WSS4JOutInterceptor to configure it to include a SAML token.
Colm.
On Mon, Sep 17, 2018 at 4:19 PM Burkard Stephan <St...@visana.ch>
wrote:
> Hi
>
> I am trying to "decorate" an outgoing web service call with a SAML token
> for authentication. Therefore I have written a SamlCallbackHandler. It is
> for sure not yet complete, but I am already failing to configure it onto my
> CXF client which is a Dispatch client.
>
> I have found that I need to configure the key
> SecurityConstants.SAML_CALLBACK_HANDLER with my SamlCallbackHandler
> instance.
>
> I also found JAX-B based examples who configure the handler on the web
> service port type:
> ((BindingProvider)saml2Port).getRequestContext().put(
> "ws-security.saml-callback-handler", new SamlCallbackHandler()
> );
>
> But my dispatch client has no port type class. It looks like this
> (simplified names):
>
> @Bean
> public Dispatch<Source> myClient(final SamlCallbackHandler
> samlCallbackHandler) {
> QName serviceName = new QName("namespace", "service");
> QName portName = new QName("namespace ", "port");
> Service service = Service.create(serviceName);
> service.addPort(portName, SOAPBinding.SOAP11HTTP_BINDING,
> "address");
> Dispatch<Source> dispatch = service.createDispatch(portName,
> Source.class, Service.Mode.PAYLOAD);
> Client client =
> ((org.apache.cxf.jaxws.DispatchImpl)dispatch).getClient();
> client.getInInterceptors().add(new LoggingInInterceptor());
> client.getOutInterceptors().add(new LoggingOutInterceptor());
> return dispatch;
> }
>
> On this client I tried to configure my SamlCallbackHandler like this:
>
> 1.
> client.getRequestContext().put(SecurityConstants.SAML_CALLBACK_HANDLER,
> samlCallbackHandler);
> 2. client.getEndpoint().put(SecurityConstants.SAML_CALLBACK_HANDLER,
> samlCallbackHandler);
>
> Unfortunately none of them works, the handle method of the handler is
> never called and therefore the outgoing request has no token.
>
> How can I configure the SamlCallbackHandler on a Dispatch client? I did
> not found an example in the CXF project.
>
> Thanks
> Stephan
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com