You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by janb <ja...@sopera.com> on 2011/11/28 16:08:07 UTC
Can I use a SessionID from a Cookie for authentication?
Hi everyone,
this is my scenario I use the CXF STS for authentication. I developed my own
UsernamePasswordValidator to validate a SessionID provided as a password.
This works great. Now my next step would be to convince my cxf client (more
precisely my STS Client) to get and use a SessionID available from a HTTP
Cookie within my Webapplication.
My first idea was to write my own CallbackHander which inserts the Cookie
value as a password. But I do not know how to get access to my HTTP Request
within my CallbackHandler...
How can I get this to work, or is there a better way I should consider?
Kind regards
Jan
--
View this message in context: http://cxf.547215.n5.nabble.com/Can-I-use-a-SessionID-from-a-Cookie-for-authentication-tp5029119p5029119.html
Sent from the cxf-user mailing list archive at Nabble.com.
AW: Does the configured WS-Addressing policy require the
WSAddressingFeature enabled?
Posted by Oliver Wulff <ow...@talend.com>.
Hi Xilai
No, it isn't required.
There are two (well three) options to add the WS-Addressing related interceptors into the interceptor chain.
1) by adding all the interceptors in your spring config or using the API (I'd not recommend that)
2) by adding the feature in your spring config or using the API (if you don't use policy)
3) or by adding the policy in your WSDL or using WS-PolicyAttachment (ensure that you have added the cxf-ws-policy and cxf-ws-addr dependency in your pom).
If you want to figure out at runtime whether WS-Addressing is enabled you have to check whether the interceptors are in the chain. This is independent of how the interceptors were registered (feature, policy).
Thanks
Oli
________________________________________
Von: XiLai Dai [xldai@talend.com]
Gesendet: Freitag, 2. Dezember 2011 09:19
Bis: users@cxf.apache.org
Betreff: Does the configured WS-Addressing policy require the WSAddressingFeature enabled?
Hello,
We have configured the WS-Addressing policy in the wsdl.
<wsdl:service name="CRMServiceProvider">
<wsdl:port binding="tns:localhostBinding" name="CRMServicePort">
<soap:address location="http://localhost:8888/soap/CRMServiceProvider/"/>
<wsp:Policy xmlns:wsp="http://www.w3.org/ns/ws-policy">
<wsam:Addressing xmlns:wsam="http://www.w3.org/2007/02/addressing/metadata">
<wsp:Policy/>
</wsam:Addressing>
</wsp:Policy>
</wsdl:port>
</wsdl:service>
Add the policy attachment used in the application like this:
<attachments xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsp:PolicyAttachment>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>http://localhost:8040/services/CRMServiceProvider</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wsp:Policy>
<wsam:Addressing xmlns:wsam="http://www.w3.org/2007/02/addressing/metadata">
<wsp:Policy/>
</wsam:Addressing>
</wsp:Policy>
</wsp:PolicyAttachment>
</attachments>
When this service deployed and get invoked, the exception thrown out:
Caused by: org.apache.cxf.binding.soap.SoapFault: A required header representing a Message Addressing Property is not present
at org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(PolicyVerificationInInterceptor.java:109)
at org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:45)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:801)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1627)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1494)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1402)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:649)
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSende
rInterceptor.java:62)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:535)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:465)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:368)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:321)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:88)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
... 47 more
If adding the addressing feature into the beans.xml:
<jaxws:endpoint id="CRMService" ...
<jaxws:features>
<wsa:addressing xmlns:wsa="http://cxf.apache.org/ws/addressing"/>
</jaxws:features>
</jaxws:endpoint>
Then, it works ok!
Does the configured WS-Addressing policy still require the WSAddressingFeature enabled?
Thanks.
Xilai
Does the configured WS-Addressing policy require the
WSAddressingFeature enabled?
Posted by XiLai Dai <xl...@talend.com>.
Hello,
We have configured the WS-Addressing policy in the wsdl.
<wsdl:service name="CRMServiceProvider">
<wsdl:port binding="tns:localhostBinding" name="CRMServicePort">
<soap:address location="http://localhost:8888/soap/CRMServiceProvider/"/>
<wsp:Policy xmlns:wsp="http://www.w3.org/ns/ws-policy">
<wsam:Addressing xmlns:wsam="http://www.w3.org/2007/02/addressing/metadata">
<wsp:Policy/>
</wsam:Addressing>
</wsp:Policy>
</wsdl:port>
</wsdl:service>
Add the policy attachment used in the application like this:
<attachments xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsp:PolicyAttachment>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>http://localhost:8040/services/CRMServiceProvider</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wsp:Policy>
<wsam:Addressing xmlns:wsam="http://www.w3.org/2007/02/addressing/metadata">
<wsp:Policy/>
</wsam:Addressing>
</wsp:Policy>
</wsp:PolicyAttachment>
</attachments>
When this service deployed and get invoked, the exception thrown out:
Caused by: org.apache.cxf.binding.soap.SoapFault: A required header representing a Message Addressing Property is not present
at org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(PolicyVerificationInInterceptor.java:109)
at org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:45)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:801)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1627)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1494)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1402)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:649)
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSende
rInterceptor.java:62)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:535)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:465)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:368)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:321)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:88)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
... 47 more
If adding the addressing feature into the beans.xml:
<jaxws:endpoint id="CRMService" ...
<jaxws:features>
<wsa:addressing xmlns:wsa="http://cxf.apache.org/ws/addressing"/>
</jaxws:features>
</jaxws:endpoint>
Then, it works ok!
Does the configured WS-Addressing policy still require the WSAddressingFeature enabled?
Thanks.
Xilai
Re: Can I use a SessionID from a Cookie for authentication?
Posted by Colm O hEigeartaigh <co...@apache.org>.
Hi Jan,
I'm not sure if this will be any help, but you could take a look at
the ReceivedTokenCallbackHandler here:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/delegation/ReceivedTokenCallbackHandler.java?view=markup
This is used to insert a previously received token in an "OnBehalfOf"
element when requesting a security token from an STS.
Colm.
On Mon, Nov 28, 2011 at 3:08 PM, janb <ja...@sopera.com> wrote:
> Hi everyone,
>
> this is my scenario I use the CXF STS for authentication. I developed my own
> UsernamePasswordValidator to validate a SessionID provided as a password.
> This works great. Now my next step would be to convince my cxf client (more
> precisely my STS Client) to get and use a SessionID available from a HTTP
> Cookie within my Webapplication.
>
> My first idea was to write my own CallbackHander which inserts the Cookie
> value as a password. But I do not know how to get access to my HTTP Request
> within my CallbackHandler...
>
> How can I get this to work, or is there a better way I should consider?
>
> Kind regards
> Jan
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Can-I-use-a-SessionID-from-a-Cookie-for-authentication-tp5029119p5029119.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com