You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@camel.apache.org by sram <sr...@hotmail.com> on 2012/02/28 15:14:46 UTC

Camel/CXF Security Policy Collision?

I have two endpoints, one derived from jaxws:endpoint and other via Provider
interface. Both have different service ports, names but share same binding.
Both are wired with WS-Security policy.

CXF enabled w/ WS-Security:

<service name="Service1">   
        <port name="ServicePort" binding="tns:ReportServiceBinding">
            <soap:address location="http://localhost/reportService/" />
        </port>
    </service>
    <service name="Service2">   
        <port name="ServiceRouterPort" binding="tns:ReportServiceBinding">
            <soap:address
location="http://L151ATS033040:9081/ewbservice/soap/praService" />
        </port>
    </service>

Service 1 is jaxws:endpoint with jaxws:inInterceptor

<jaxws:endpoint id="service1" endpointName="s:ServicePort"
                serviceName="s:MyService" implementor="#ServiceEndpoint"
                xmlns:s="http://services.mycomp.com/services"               
                address="/Service1">

                <jaxws:inInterceptors>
                        <ref bean="logInbound" />
                        <ref bean="ValidationInterceptor" />
                </jaxws:inInterceptors>

                <jaxws:properties>
                        <entry key="mtom-enabled" value="true" />
                        <entry key="ws-security.ut.validator">
                                <ref bean="SecurityInterceptor" />
                        </entry>
                </jaxws:properties>

</jaxws:endpoint>

Service 2, is a provider endpoint, where after authentication I route
request via camel to an external webservice

<cxf-camel:cxfEndpoint id="Service2" address="/praService"
                endpointName="s:ServiceRouterPort" serviceName="s:Service2"
                xmlns:s="http://services.mycomp.com/services"               
                serviceClass="#otherServiceEndpoint">

                <cxf-camel:properties>
                        <entry key="ws-security.ut.validator">
                                <ref bean="SecurityInterceptor" />
                        </entry>
                </cxf-camel:properties>


        </cxf-camel:cxfEndpoint>


While testing with security policies enabled,  

1. Service 2 works as expected.

2. Service 1 works as expected when Service 2 is not wired to security
policy. Note: My custom interceptors are still active but CXF executes
policyInterceptor first.

3. Service 1, and 2 works as expected when both wired to security policy AND
ValidationInterceptor on Service 1 is disabled. Note: LoggingInInterceptor
is still active and is called even before PolicyInterceptor. If I do not
disable my custom interceptor, it is called first before running any
security policies, contrary to above step# 2.

ValidationInterceptor extends HolderInInterceptor in my implemenation.

I use WSDL first, but tried to inject policies via annotation and as well
WSDL. I can see the policies on ?WSDL in both cases.

I'm on CXF2.5.2 and Camel 2.6.0, posted the same on CXF thread to hear Dan's
thoughts and he was not sure. This issue can only be noticed when Security
policy is wired to both camel and cxf jaxws endpoint and my hunch is cxf
interceptors are re-wired out of order when camel initializes. Any thoughts
please.

http://cxf.547215.n5.nabble.com/Multiple-endpoints-and-security-policy-td5519904.html#a5521905

--
View this message in context: http://camel.465427.n5.nabble.com/Camel-CXF-Security-Policy-Collision-tp5521940p5521940.html
Sent from the Camel - Users mailing list archive at Nabble.com.