You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Martin Nielsen <mn...@gmail.com> on 2016/09/27 13:45:05 UTC
[DOSGI] How do i register an interceptor on an endpoint registered
through Declarative Services?
Hello everyone.
I am working with CXF DOSGi for the first time. The task at the moment is
to build a declarative services component which registeres an endpoint and
an interceptor. The endpoint will run on an 2way SSL enabled connection,
and the interceptor should read the incomming client certificate. SO far I
managed to get an endpoint working through a declarative services endpoint,
and i got one way SSL working (Maybe 2way as well, we will get to that).
Now i am trying to add an interceptor, which should read the incomming
client certificate.
And that is where i fail. The interceptor does not seem to be working. It
does not log anything, neither in the constructor or in the handleMessage
method.
Can someone please take a look and tell my where my mistake is? The
interceptor should be called before the end endpoint methods are invoked,
whenever the REST service is called. But right now i can call the endpoint
methods just fine though SSL, but the interceptor is never called, which
makes it hard for me to know if 2way SSL is currently working or not.
I don't expect 1 and 2way SSL to have anything at all to do with this, but
i am mentioning it because i'm ignorant (Just in case) :)
Versions:
CXF 3.1.6
CXF-DOSGI 1.8.0
My interceptor:
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.apache.cxf.security.transport.TLSSessionInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class CertificateInterceptor extends AbstractPhaseInterceptor {
private static final Logger LOGGER =
LoggerFactory.getLogger(CertificateInterceptor.class);
public CertificateInterceptor() {
super(Phase.RECEIVE);
LOGGER.debug("Starting certificate interceptor");
}
public void handleMessage(Message message) throws Fault {
LOGGER.debug("Handling message: "+message.getId());
TLSSessionInfo tlsSessionInfo = (TLSSessionInfo) message
.get(TLSSessionInfo.class);
if (tlsSessionInfo != null) {
Certificate[] peerCerts = tlsSessionInfo.getPeerCertificates();
LOGGER.info("Discovered TLSSession: "+tlsSessionInfo);
if (peerCerts != null) {
for (int i = 0; i < peerCerts.length; i++) {
X509Certificate x509certificate = (X509Certificate) peerCerts[i];
LOGGER.info("Retrieved certificate: " +
x509certificate.getSubjectDN().getName() + " pubkey: " +
x509certificate.getPublicKey());
}
}
} else {
LOGGER.info("NO x509certificate");
}
}
}
My endpoint:
@Component(property = {
"service.exported.interfaces=*", "service.exported.configs=org.apache.cxf.rs
",
"org.apache.cxf.rs.httpservice.context="+LicenseServiceEndpoint.endpoint,
"org.apache.cxf.rs.in.interceptors=com.polis.licensing.server.rest.interceptor.CertificateInterceptor"})
public class LicenseServiceEndpoint implements LicenseServiceRest{
public static final String endpoint = "/polis/licenseservice";
private List<ServiceRegistration<MessageBodyReader>> readerRefs = new
ArrayList<>();
private List<ServiceRegistration<MessageBodyWriter>> writerRefs = new
ArrayList<>();
...Various endpoint-methods...
@Activate
public void activate(BundleContext context) throws Exception{
registerProvider(context, new CertificateRequestProvider()); //<--- This is
a messagebodyreader/writer. It should be irrelevant for this question
}
@Deactivate
public void deactivate(BundleContext context) throws Exception{
for(int i = readerRefs.size()-1 ; i>=0 ; i--){
readerRefs.get(i).unregister();
readerRefs.remove(i);
}
for(int i = writerRefs.size()-1 ; i>=0 ; i--){
writerRefs.get(i).unregister();
writerRefs.remove(i);
}
}
private <E extends MessageBodyReader & MessageBodyWriter> void
registerProvider(BundleContext context, E provider){
readerRefs.add(context.registerService(MessageBodyReader.class, provider,
null));
writerRefs.add(context.registerService(MessageBodyWriter.class, provider,
null));
}
}
Thank you in advance for your usual helpful demeanor:)
-Martin
Re: [DOSGI] How do i register an interceptor on an endpoint
registered through Declarative Services?
Posted by Christian Schneider <ch...@die-schneider.net>.
Hmm .. that is a good point. For some of the intents it makes sense to
publish them to the discovery so the client also requires them but for
some it makes no sense.
I will address this on the osgi dev list as I am not sure how to do this
inside the current standard.
In any case what you can already do is implement an intent differently
on the client and server side. So it is the same name but does different
things.
Christian
On 28.09.2016 18:04, Sergey Beryozkin wrote:
> Waiting for the actual feedback from the users makes sense; I guess
> the question is if such 'internal' intents should be publishable (ex,
> the client does not need to know the server is using a logging
> interceptor), may be they can be marked as internal
>
> Sergey
--
Christian Schneider
http://www.liquid-reality.de
Open Source Architect
http://www.talend.com
Re: [DOSGI] How do i register an interceptor on an endpoint
registered through Declarative Services?
Posted by Sergey Beryozkin <sb...@gmail.com>.
Waiting for the actual feedback from the users makes sense; I guess the
question is if such 'internal' intents should be publishable (ex, the
client does not need to know the server is using a logging interceptor),
may be they can be marked as internal
Sergey
On 28/09/16 16:59, Christian Schneider wrote:
> Currently in DOSGi you would need an additional class to define a
> feature. You would use DS annotations to publish the feature as an intent.
> Inside the feature you would add the in interceptor.
> Then in the service you would add the intent.
>
> I am not sure if this added complexity is a problem or not.
> @Martin it would be great if you could port your application to
> CXF-DOSGi 2 soon and give some feedback on the current status.
> I can help in getting your started with the migration.
>
> I think we should look into feedback from users if they see the current
> intent and feature based solution as too complicated.
>
> Christian
>
> On 27.09.2016 22:32, Sergey Beryozkin wrote:
>> Good news, thanks for making it work.
>>
>> Christian - should we consider putting the ability to register
>> interceptors without going the intents path back to DOSGI 2.x ?
>> How what Martin did can be done in DOSGI 2.x ?
>>
>> (FYI, in DOSGI 1.8 the below approach works for JAXWS/JAXRS)
>>
>> Sergey
>> On 27/09/16 20:31, Martin Nielsen wrote:
>>> I made it work! I am sorry for wasting your time. The problem seems
>>> to have
>>> been that the interceptor was not exported properly from my bundle.
>>>
>>> But i will be careful when updating to DOSGi 2, if and when that
>>> happens.
>>>
>>> But for now i have a neat little solution with 2way SSL and Shiro
>>> authentication though the client certificate.
>>>
>>> I am a happy camper:)
>>>
>>> On Tue, Sep 27, 2016 at 5:05 PM, Sergey Beryozkin <sb...@gmail.com>
>>> wrote:
>>>
>>>> Hi
>>>>
>>>> There are two issues here.
>>>> First - why DOSGI JAX-RS code is not reacting to the in interceptor
>>>> class
>>>> name, can you put a breakpoint here please:
>>>>
>>>> https://github.com/apache/cxf-dosgi/blob/cxf-dosgi-ri-1.8.0/
>>>> cxf-dsw/src/main/java/org/apache/cxf/dosgi/dsw/handlers/Clas
>>>> sUtils.java#L97
>>>>
>>>> It might be that some different way of registering them is needed.
>>>>
>>>> Second: Christian removed this code in DOSGI 2.0 so the question is how
>>>> they can be registered in 2.0.
>>>>
>>>> Cheers, Sergey
>>>>
>>>>
>>>> On 27/09/16 14:45, Martin Nielsen wrote:
>>>>
>>>>> Hello everyone.
>>>>>
>>>>> I am working with CXF DOSGi for the first time. The task at the
>>>>> moment is
>>>>> to build a declarative services component which registeres an
>>>>> endpoint and
>>>>> an interceptor. The endpoint will run on an 2way SSL enabled
>>>>> connection,
>>>>> and the interceptor should read the incomming client certificate.
>>>>> SO far I
>>>>> managed to get an endpoint working through a declarative services
>>>>> endpoint,
>>>>> and i got one way SSL working (Maybe 2way as well, we will get to
>>>>> that).
>>>>> Now i am trying to add an interceptor, which should read the incomming
>>>>> client certificate.
>>>>>
>>>>> And that is where i fail. The interceptor does not seem to be
>>>>> working. It
>>>>> does not log anything, neither in the constructor or in the
>>>>> handleMessage
>>>>> method.
>>>>>
>>>>> Can someone please take a look and tell my where my mistake is? The
>>>>> interceptor should be called before the end endpoint methods are
>>>>> invoked,
>>>>> whenever the REST service is called. But right now i can call the
>>>>> endpoint
>>>>> methods just fine though SSL, but the interceptor is never called,
>>>>> which
>>>>> makes it hard for me to know if 2way SSL is currently working or not.
>>>>>
>>>>> I don't expect 1 and 2way SSL to have anything at all to do with
>>>>> this, but
>>>>> i am mentioning it because i'm ignorant (Just in case) :)
>>>>>
>>>>> Versions:
>>>>> CXF 3.1.6
>>>>> CXF-DOSGI 1.8.0
>>>>>
>>>>>
>>>>> My interceptor:
>>>>> import java.security.cert.Certificate;
>>>>> import java.security.cert.X509Certificate;
>>>>> import org.apache.cxf.interceptor.Fault;
>>>>> import org.apache.cxf.message.Message;
>>>>> import org.apache.cxf.phase.AbstractPhaseInterceptor;
>>>>> import org.apache.cxf.phase.Phase;
>>>>> import org.apache.cxf.security.transport.TLSSessionInfo;
>>>>> import org.slf4j.Logger;
>>>>> import org.slf4j.LoggerFactory;
>>>>>
>>>>> public class CertificateInterceptor extends AbstractPhaseInterceptor {
>>>>>
>>>>> private static final Logger LOGGER =
>>>>> LoggerFactory.getLogger(CertificateInterceptor.class);
>>>>>
>>>>> public CertificateInterceptor() {
>>>>> super(Phase.RECEIVE);
>>>>> LOGGER.debug("Starting certificate interceptor");
>>>>> }
>>>>>
>>>>> public void handleMessage(Message message) throws Fault {
>>>>> LOGGER.debug("Handling message: "+message.getId());
>>>>> TLSSessionInfo tlsSessionInfo = (TLSSessionInfo) message
>>>>> .get(TLSSessionInfo.class);
>>>>> if (tlsSessionInfo != null) {
>>>>> Certificate[] peerCerts = tlsSessionInfo.getPeerCertificates();
>>>>> LOGGER.info("Discovered TLSSession: "+tlsSessionInfo);
>>>>> if (peerCerts != null) {
>>>>> for (int i = 0; i < peerCerts.length; i++) {
>>>>> X509Certificate x509certificate = (X509Certificate) peerCerts[i];
>>>>> LOGGER.info("Retrieved certificate: " +
>>>>> x509certificate.getSubjectDN().getName() + " pubkey: " +
>>>>> x509certificate.getPublicKey());
>>>>> }
>>>>> }
>>>>>
>>>>> } else {
>>>>> LOGGER.info("NO x509certificate");
>>>>> }
>>>>> }
>>>>>
>>>>> }
>>>>>
>>>>>
>>>>> My endpoint:
>>>>>
>>>>>
>>>>> @Component(property = {
>>>>> "service.exported.interfaces=*", "service.exported.configs=org.
>>>>> apache.cxf.rs
>>>>> ",
>>>>> "org.apache.cxf.rs.httpservice.context="+LicenseServiceEndpoint.endpoint,
>>>>>
>>>>> "org.apache.cxf.rs.in.interceptors=com.polis.licensing.
>>>>> server.rest.interceptor.CertificateInterceptor"})
>>>>> public class LicenseServiceEndpoint implements LicenseServiceRest{
>>>>> public static final String endpoint = "/polis/licenseservice";
>>>>> private List<ServiceRegistration<MessageBodyReader>> readerRefs
>>>>> = new
>>>>> ArrayList<>();
>>>>> private List<ServiceRegistration<MessageBodyWriter>> writerRefs
>>>>> = new
>>>>> ArrayList<>();
>>>>>
>>>>>
>>>>> ...Various endpoint-methods...
>>>>>
>>>>> @Activate
>>>>> public void activate(BundleContext context) throws Exception{
>>>>> registerProvider(context, new CertificateRequestProvider()); //<---
>>>>> This
>>>>> is
>>>>> a messagebodyreader/writer. It should be irrelevant for this question
>>>>> }
>>>>>
>>>>> @Deactivate
>>>>> public void deactivate(BundleContext context) throws Exception{
>>>>> for(int i = readerRefs.size()-1 ; i>=0 ; i--){
>>>>> readerRefs.get(i).unregister();
>>>>> readerRefs.remove(i);
>>>>> }
>>>>> for(int i = writerRefs.size()-1 ; i>=0 ; i--){
>>>>> writerRefs.get(i).unregister();
>>>>> writerRefs.remove(i);
>>>>> }
>>>>> }
>>>>>
>>>>> private <E extends MessageBodyReader & MessageBodyWriter> void
>>>>> registerProvider(BundleContext context, E provider){
>>>>> readerRefs.add(context.registerService(MessageBodyReader.class,
>>>>> provider,
>>>>> null));
>>>>> writerRefs.add(context.registerService(MessageBodyWriter.class,
>>>>> provider,
>>>>> null));
>>>>> }
>>>>>
>>>>> }
>>>>>
>>>>>
>>>>> Thank you in advance for your usual helpful demeanor:)
>>>>>
>>>>> -Martin
>>>>>
>>>>>
>>>>
>>>> --
>>>> Sergey Beryozkin
>>>>
>>>> Talend Community Coders
>>>> http://coders.talend.com/
>>>>
>>>
>>
>>
>
>
Re: [DOSGI] How do i register an interceptor on an endpoint
registered through Declarative Services?
Posted by Christian Schneider <ch...@die-schneider.net>.
Currently in DOSGi you would need an additional class to define a
feature. You would use DS annotations to publish the feature as an intent.
Inside the feature you would add the in interceptor.
Then in the service you would add the intent.
I am not sure if this added complexity is a problem or not.
@Martin it would be great if you could port your application to
CXF-DOSGi 2 soon and give some feedback on the current status.
I can help in getting your started with the migration.
I think we should look into feedback from users if they see the current
intent and feature based solution as too complicated.
Christian
On 27.09.2016 22:32, Sergey Beryozkin wrote:
> Good news, thanks for making it work.
>
> Christian - should we consider putting the ability to register
> interceptors without going the intents path back to DOSGI 2.x ?
> How what Martin did can be done in DOSGI 2.x ?
>
> (FYI, in DOSGI 1.8 the below approach works for JAXWS/JAXRS)
>
> Sergey
> On 27/09/16 20:31, Martin Nielsen wrote:
>> I made it work! I am sorry for wasting your time. The problem seems
>> to have
>> been that the interceptor was not exported properly from my bundle.
>>
>> But i will be careful when updating to DOSGi 2, if and when that
>> happens.
>>
>> But for now i have a neat little solution with 2way SSL and Shiro
>> authentication though the client certificate.
>>
>> I am a happy camper:)
>>
>> On Tue, Sep 27, 2016 at 5:05 PM, Sergey Beryozkin <sb...@gmail.com>
>> wrote:
>>
>>> Hi
>>>
>>> There are two issues here.
>>> First - why DOSGI JAX-RS code is not reacting to the in interceptor
>>> class
>>> name, can you put a breakpoint here please:
>>>
>>> https://github.com/apache/cxf-dosgi/blob/cxf-dosgi-ri-1.8.0/
>>> cxf-dsw/src/main/java/org/apache/cxf/dosgi/dsw/handlers/Clas
>>> sUtils.java#L97
>>>
>>> It might be that some different way of registering them is needed.
>>>
>>> Second: Christian removed this code in DOSGI 2.0 so the question is how
>>> they can be registered in 2.0.
>>>
>>> Cheers, Sergey
>>>
>>>
>>> On 27/09/16 14:45, Martin Nielsen wrote:
>>>
>>>> Hello everyone.
>>>>
>>>> I am working with CXF DOSGi for the first time. The task at the
>>>> moment is
>>>> to build a declarative services component which registeres an
>>>> endpoint and
>>>> an interceptor. The endpoint will run on an 2way SSL enabled
>>>> connection,
>>>> and the interceptor should read the incomming client certificate.
>>>> SO far I
>>>> managed to get an endpoint working through a declarative services
>>>> endpoint,
>>>> and i got one way SSL working (Maybe 2way as well, we will get to
>>>> that).
>>>> Now i am trying to add an interceptor, which should read the incomming
>>>> client certificate.
>>>>
>>>> And that is where i fail. The interceptor does not seem to be
>>>> working. It
>>>> does not log anything, neither in the constructor or in the
>>>> handleMessage
>>>> method.
>>>>
>>>> Can someone please take a look and tell my where my mistake is? The
>>>> interceptor should be called before the end endpoint methods are
>>>> invoked,
>>>> whenever the REST service is called. But right now i can call the
>>>> endpoint
>>>> methods just fine though SSL, but the interceptor is never called,
>>>> which
>>>> makes it hard for me to know if 2way SSL is currently working or not.
>>>>
>>>> I don't expect 1 and 2way SSL to have anything at all to do with
>>>> this, but
>>>> i am mentioning it because i'm ignorant (Just in case) :)
>>>>
>>>> Versions:
>>>> CXF 3.1.6
>>>> CXF-DOSGI 1.8.0
>>>>
>>>>
>>>> My interceptor:
>>>> import java.security.cert.Certificate;
>>>> import java.security.cert.X509Certificate;
>>>> import org.apache.cxf.interceptor.Fault;
>>>> import org.apache.cxf.message.Message;
>>>> import org.apache.cxf.phase.AbstractPhaseInterceptor;
>>>> import org.apache.cxf.phase.Phase;
>>>> import org.apache.cxf.security.transport.TLSSessionInfo;
>>>> import org.slf4j.Logger;
>>>> import org.slf4j.LoggerFactory;
>>>>
>>>> public class CertificateInterceptor extends AbstractPhaseInterceptor {
>>>>
>>>> private static final Logger LOGGER =
>>>> LoggerFactory.getLogger(CertificateInterceptor.class);
>>>>
>>>> public CertificateInterceptor() {
>>>> super(Phase.RECEIVE);
>>>> LOGGER.debug("Starting certificate interceptor");
>>>> }
>>>>
>>>> public void handleMessage(Message message) throws Fault {
>>>> LOGGER.debug("Handling message: "+message.getId());
>>>> TLSSessionInfo tlsSessionInfo = (TLSSessionInfo) message
>>>> .get(TLSSessionInfo.class);
>>>> if (tlsSessionInfo != null) {
>>>> Certificate[] peerCerts = tlsSessionInfo.getPeerCertificates();
>>>> LOGGER.info("Discovered TLSSession: "+tlsSessionInfo);
>>>> if (peerCerts != null) {
>>>> for (int i = 0; i < peerCerts.length; i++) {
>>>> X509Certificate x509certificate = (X509Certificate) peerCerts[i];
>>>> LOGGER.info("Retrieved certificate: " +
>>>> x509certificate.getSubjectDN().getName() + " pubkey: " +
>>>> x509certificate.getPublicKey());
>>>> }
>>>> }
>>>>
>>>> } else {
>>>> LOGGER.info("NO x509certificate");
>>>> }
>>>> }
>>>>
>>>> }
>>>>
>>>>
>>>> My endpoint:
>>>>
>>>>
>>>> @Component(property = {
>>>> "service.exported.interfaces=*", "service.exported.configs=org.
>>>> apache.cxf.rs
>>>> ",
>>>> "org.apache.cxf.rs.httpservice.context="+LicenseServiceEndpoint.endpoint,
>>>>
>>>> "org.apache.cxf.rs.in.interceptors=com.polis.licensing.
>>>> server.rest.interceptor.CertificateInterceptor"})
>>>> public class LicenseServiceEndpoint implements LicenseServiceRest{
>>>> public static final String endpoint = "/polis/licenseservice";
>>>> private List<ServiceRegistration<MessageBodyReader>> readerRefs
>>>> = new
>>>> ArrayList<>();
>>>> private List<ServiceRegistration<MessageBodyWriter>> writerRefs
>>>> = new
>>>> ArrayList<>();
>>>>
>>>>
>>>> ...Various endpoint-methods...
>>>>
>>>> @Activate
>>>> public void activate(BundleContext context) throws Exception{
>>>> registerProvider(context, new CertificateRequestProvider()); //<---
>>>> This
>>>> is
>>>> a messagebodyreader/writer. It should be irrelevant for this question
>>>> }
>>>>
>>>> @Deactivate
>>>> public void deactivate(BundleContext context) throws Exception{
>>>> for(int i = readerRefs.size()-1 ; i>=0 ; i--){
>>>> readerRefs.get(i).unregister();
>>>> readerRefs.remove(i);
>>>> }
>>>> for(int i = writerRefs.size()-1 ; i>=0 ; i--){
>>>> writerRefs.get(i).unregister();
>>>> writerRefs.remove(i);
>>>> }
>>>> }
>>>>
>>>> private <E extends MessageBodyReader & MessageBodyWriter> void
>>>> registerProvider(BundleContext context, E provider){
>>>> readerRefs.add(context.registerService(MessageBodyReader.class,
>>>> provider,
>>>> null));
>>>> writerRefs.add(context.registerService(MessageBodyWriter.class,
>>>> provider,
>>>> null));
>>>> }
>>>>
>>>> }
>>>>
>>>>
>>>> Thank you in advance for your usual helpful demeanor:)
>>>>
>>>> -Martin
>>>>
>>>>
>>>
>>> --
>>> Sergey Beryozkin
>>>
>>> Talend Community Coders
>>> http://coders.talend.com/
>>>
>>
>
>
--
Christian Schneider
http://www.liquid-reality.de
Open Source Architect
http://www.talend.com
Re: [DOSGI] How do i register an interceptor on an endpoint
registered through Declarative Services?
Posted by Sergey Beryozkin <sb...@gmail.com>.
Good news, thanks for making it work.
Christian - should we consider putting the ability to register
interceptors without going the intents path back to DOSGI 2.x ?
How what Martin did can be done in DOSGI 2.x ?
(FYI, in DOSGI 1.8 the below approach works for JAXWS/JAXRS)
Sergey
On 27/09/16 20:31, Martin Nielsen wrote:
> I made it work! I am sorry for wasting your time. The problem seems to have
> been that the interceptor was not exported properly from my bundle.
>
> But i will be careful when updating to DOSGi 2, if and when that happens.
>
> But for now i have a neat little solution with 2way SSL and Shiro
> authentication though the client certificate.
>
> I am a happy camper:)
>
> On Tue, Sep 27, 2016 at 5:05 PM, Sergey Beryozkin <sb...@gmail.com>
> wrote:
>
>> Hi
>>
>> There are two issues here.
>> First - why DOSGI JAX-RS code is not reacting to the in interceptor class
>> name, can you put a breakpoint here please:
>>
>> https://github.com/apache/cxf-dosgi/blob/cxf-dosgi-ri-1.8.0/
>> cxf-dsw/src/main/java/org/apache/cxf/dosgi/dsw/handlers/Clas
>> sUtils.java#L97
>>
>> It might be that some different way of registering them is needed.
>>
>> Second: Christian removed this code in DOSGI 2.0 so the question is how
>> they can be registered in 2.0.
>>
>> Cheers, Sergey
>>
>>
>> On 27/09/16 14:45, Martin Nielsen wrote:
>>
>>> Hello everyone.
>>>
>>> I am working with CXF DOSGi for the first time. The task at the moment is
>>> to build a declarative services component which registeres an endpoint and
>>> an interceptor. The endpoint will run on an 2way SSL enabled connection,
>>> and the interceptor should read the incomming client certificate. SO far I
>>> managed to get an endpoint working through a declarative services
>>> endpoint,
>>> and i got one way SSL working (Maybe 2way as well, we will get to that).
>>> Now i am trying to add an interceptor, which should read the incomming
>>> client certificate.
>>>
>>> And that is where i fail. The interceptor does not seem to be working. It
>>> does not log anything, neither in the constructor or in the handleMessage
>>> method.
>>>
>>> Can someone please take a look and tell my where my mistake is? The
>>> interceptor should be called before the end endpoint methods are invoked,
>>> whenever the REST service is called. But right now i can call the endpoint
>>> methods just fine though SSL, but the interceptor is never called, which
>>> makes it hard for me to know if 2way SSL is currently working or not.
>>>
>>> I don't expect 1 and 2way SSL to have anything at all to do with this, but
>>> i am mentioning it because i'm ignorant (Just in case) :)
>>>
>>> Versions:
>>> CXF 3.1.6
>>> CXF-DOSGI 1.8.0
>>>
>>>
>>> My interceptor:
>>> import java.security.cert.Certificate;
>>> import java.security.cert.X509Certificate;
>>> import org.apache.cxf.interceptor.Fault;
>>> import org.apache.cxf.message.Message;
>>> import org.apache.cxf.phase.AbstractPhaseInterceptor;
>>> import org.apache.cxf.phase.Phase;
>>> import org.apache.cxf.security.transport.TLSSessionInfo;
>>> import org.slf4j.Logger;
>>> import org.slf4j.LoggerFactory;
>>>
>>> public class CertificateInterceptor extends AbstractPhaseInterceptor {
>>>
>>> private static final Logger LOGGER =
>>> LoggerFactory.getLogger(CertificateInterceptor.class);
>>>
>>> public CertificateInterceptor() {
>>> super(Phase.RECEIVE);
>>> LOGGER.debug("Starting certificate interceptor");
>>> }
>>>
>>> public void handleMessage(Message message) throws Fault {
>>> LOGGER.debug("Handling message: "+message.getId());
>>> TLSSessionInfo tlsSessionInfo = (TLSSessionInfo) message
>>> .get(TLSSessionInfo.class);
>>> if (tlsSessionInfo != null) {
>>> Certificate[] peerCerts = tlsSessionInfo.getPeerCertificates();
>>> LOGGER.info("Discovered TLSSession: "+tlsSessionInfo);
>>> if (peerCerts != null) {
>>> for (int i = 0; i < peerCerts.length; i++) {
>>> X509Certificate x509certificate = (X509Certificate) peerCerts[i];
>>> LOGGER.info("Retrieved certificate: " +
>>> x509certificate.getSubjectDN().getName() + " pubkey: " +
>>> x509certificate.getPublicKey());
>>> }
>>> }
>>>
>>> } else {
>>> LOGGER.info("NO x509certificate");
>>> }
>>> }
>>>
>>> }
>>>
>>>
>>> My endpoint:
>>>
>>>
>>> @Component(property = {
>>> "service.exported.interfaces=*", "service.exported.configs=org.
>>> apache.cxf.rs
>>> ",
>>> "org.apache.cxf.rs.httpservice.context="+LicenseServiceEndpoint.endpoint,
>>> "org.apache.cxf.rs.in.interceptors=com.polis.licensing.
>>> server.rest.interceptor.CertificateInterceptor"})
>>> public class LicenseServiceEndpoint implements LicenseServiceRest{
>>> public static final String endpoint = "/polis/licenseservice";
>>> private List<ServiceRegistration<MessageBodyReader>> readerRefs = new
>>> ArrayList<>();
>>> private List<ServiceRegistration<MessageBodyWriter>> writerRefs = new
>>> ArrayList<>();
>>>
>>>
>>> ...Various endpoint-methods...
>>>
>>> @Activate
>>> public void activate(BundleContext context) throws Exception{
>>> registerProvider(context, new CertificateRequestProvider()); //<--- This
>>> is
>>> a messagebodyreader/writer. It should be irrelevant for this question
>>> }
>>>
>>> @Deactivate
>>> public void deactivate(BundleContext context) throws Exception{
>>> for(int i = readerRefs.size()-1 ; i>=0 ; i--){
>>> readerRefs.get(i).unregister();
>>> readerRefs.remove(i);
>>> }
>>> for(int i = writerRefs.size()-1 ; i>=0 ; i--){
>>> writerRefs.get(i).unregister();
>>> writerRefs.remove(i);
>>> }
>>> }
>>>
>>> private <E extends MessageBodyReader & MessageBodyWriter> void
>>> registerProvider(BundleContext context, E provider){
>>> readerRefs.add(context.registerService(MessageBodyReader.class, provider,
>>> null));
>>> writerRefs.add(context.registerService(MessageBodyWriter.class, provider,
>>> null));
>>> }
>>>
>>> }
>>>
>>>
>>> Thank you in advance for your usual helpful demeanor:)
>>>
>>> -Martin
>>>
>>>
>>
>> --
>> Sergey Beryozkin
>>
>> Talend Community Coders
>> http://coders.talend.com/
>>
>
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Re: [DOSGI] How do i register an interceptor on an endpoint
registered through Declarative Services?
Posted by Martin Nielsen <mn...@gmail.com>.
I made it work! I am sorry for wasting your time. The problem seems to have
been that the interceptor was not exported properly from my bundle.
But i will be careful when updating to DOSGi 2, if and when that happens.
But for now i have a neat little solution with 2way SSL and Shiro
authentication though the client certificate.
I am a happy camper:)
On Tue, Sep 27, 2016 at 5:05 PM, Sergey Beryozkin <sb...@gmail.com>
wrote:
> Hi
>
> There are two issues here.
> First - why DOSGI JAX-RS code is not reacting to the in interceptor class
> name, can you put a breakpoint here please:
>
> https://github.com/apache/cxf-dosgi/blob/cxf-dosgi-ri-1.8.0/
> cxf-dsw/src/main/java/org/apache/cxf/dosgi/dsw/handlers/Clas
> sUtils.java#L97
>
> It might be that some different way of registering them is needed.
>
> Second: Christian removed this code in DOSGI 2.0 so the question is how
> they can be registered in 2.0.
>
> Cheers, Sergey
>
>
> On 27/09/16 14:45, Martin Nielsen wrote:
>
>> Hello everyone.
>>
>> I am working with CXF DOSGi for the first time. The task at the moment is
>> to build a declarative services component which registeres an endpoint and
>> an interceptor. The endpoint will run on an 2way SSL enabled connection,
>> and the interceptor should read the incomming client certificate. SO far I
>> managed to get an endpoint working through a declarative services
>> endpoint,
>> and i got one way SSL working (Maybe 2way as well, we will get to that).
>> Now i am trying to add an interceptor, which should read the incomming
>> client certificate.
>>
>> And that is where i fail. The interceptor does not seem to be working. It
>> does not log anything, neither in the constructor or in the handleMessage
>> method.
>>
>> Can someone please take a look and tell my where my mistake is? The
>> interceptor should be called before the end endpoint methods are invoked,
>> whenever the REST service is called. But right now i can call the endpoint
>> methods just fine though SSL, but the interceptor is never called, which
>> makes it hard for me to know if 2way SSL is currently working or not.
>>
>> I don't expect 1 and 2way SSL to have anything at all to do with this, but
>> i am mentioning it because i'm ignorant (Just in case) :)
>>
>> Versions:
>> CXF 3.1.6
>> CXF-DOSGI 1.8.0
>>
>>
>> My interceptor:
>> import java.security.cert.Certificate;
>> import java.security.cert.X509Certificate;
>> import org.apache.cxf.interceptor.Fault;
>> import org.apache.cxf.message.Message;
>> import org.apache.cxf.phase.AbstractPhaseInterceptor;
>> import org.apache.cxf.phase.Phase;
>> import org.apache.cxf.security.transport.TLSSessionInfo;
>> import org.slf4j.Logger;
>> import org.slf4j.LoggerFactory;
>>
>> public class CertificateInterceptor extends AbstractPhaseInterceptor {
>>
>> private static final Logger LOGGER =
>> LoggerFactory.getLogger(CertificateInterceptor.class);
>>
>> public CertificateInterceptor() {
>> super(Phase.RECEIVE);
>> LOGGER.debug("Starting certificate interceptor");
>> }
>>
>> public void handleMessage(Message message) throws Fault {
>> LOGGER.debug("Handling message: "+message.getId());
>> TLSSessionInfo tlsSessionInfo = (TLSSessionInfo) message
>> .get(TLSSessionInfo.class);
>> if (tlsSessionInfo != null) {
>> Certificate[] peerCerts = tlsSessionInfo.getPeerCertificates();
>> LOGGER.info("Discovered TLSSession: "+tlsSessionInfo);
>> if (peerCerts != null) {
>> for (int i = 0; i < peerCerts.length; i++) {
>> X509Certificate x509certificate = (X509Certificate) peerCerts[i];
>> LOGGER.info("Retrieved certificate: " +
>> x509certificate.getSubjectDN().getName() + " pubkey: " +
>> x509certificate.getPublicKey());
>> }
>> }
>>
>> } else {
>> LOGGER.info("NO x509certificate");
>> }
>> }
>>
>> }
>>
>>
>> My endpoint:
>>
>>
>> @Component(property = {
>> "service.exported.interfaces=*", "service.exported.configs=org.
>> apache.cxf.rs
>> ",
>> "org.apache.cxf.rs.httpservice.context="+LicenseServiceEndpoint.endpoint,
>> "org.apache.cxf.rs.in.interceptors=com.polis.licensing.
>> server.rest.interceptor.CertificateInterceptor"})
>> public class LicenseServiceEndpoint implements LicenseServiceRest{
>> public static final String endpoint = "/polis/licenseservice";
>> private List<ServiceRegistration<MessageBodyReader>> readerRefs = new
>> ArrayList<>();
>> private List<ServiceRegistration<MessageBodyWriter>> writerRefs = new
>> ArrayList<>();
>>
>>
>> ...Various endpoint-methods...
>>
>> @Activate
>> public void activate(BundleContext context) throws Exception{
>> registerProvider(context, new CertificateRequestProvider()); //<--- This
>> is
>> a messagebodyreader/writer. It should be irrelevant for this question
>> }
>>
>> @Deactivate
>> public void deactivate(BundleContext context) throws Exception{
>> for(int i = readerRefs.size()-1 ; i>=0 ; i--){
>> readerRefs.get(i).unregister();
>> readerRefs.remove(i);
>> }
>> for(int i = writerRefs.size()-1 ; i>=0 ; i--){
>> writerRefs.get(i).unregister();
>> writerRefs.remove(i);
>> }
>> }
>>
>> private <E extends MessageBodyReader & MessageBodyWriter> void
>> registerProvider(BundleContext context, E provider){
>> readerRefs.add(context.registerService(MessageBodyReader.class, provider,
>> null));
>> writerRefs.add(context.registerService(MessageBodyWriter.class, provider,
>> null));
>> }
>>
>> }
>>
>>
>> Thank you in advance for your usual helpful demeanor:)
>>
>> -Martin
>>
>>
>
> --
> Sergey Beryozkin
>
> Talend Community Coders
> http://coders.talend.com/
>
Re: [DOSGI] How do i register an interceptor on an endpoint
registered through Declarative Services?
Posted by Sergey Beryozkin <sb...@gmail.com>.
Hi
There are two issues here.
First - why DOSGI JAX-RS code is not reacting to the in interceptor
class name, can you put a breakpoint here please:
https://github.com/apache/cxf-dosgi/blob/cxf-dosgi-ri-1.8.0/cxf-dsw/src/main/java/org/apache/cxf/dosgi/dsw/handlers/ClassUtils.java#L97
It might be that some different way of registering them is needed.
Second: Christian removed this code in DOSGI 2.0 so the question is how
they can be registered in 2.0.
Cheers, Sergey
On 27/09/16 14:45, Martin Nielsen wrote:
> Hello everyone.
>
> I am working with CXF DOSGi for the first time. The task at the moment is
> to build a declarative services component which registeres an endpoint and
> an interceptor. The endpoint will run on an 2way SSL enabled connection,
> and the interceptor should read the incomming client certificate. SO far I
> managed to get an endpoint working through a declarative services endpoint,
> and i got one way SSL working (Maybe 2way as well, we will get to that).
> Now i am trying to add an interceptor, which should read the incomming
> client certificate.
>
> And that is where i fail. The interceptor does not seem to be working. It
> does not log anything, neither in the constructor or in the handleMessage
> method.
>
> Can someone please take a look and tell my where my mistake is? The
> interceptor should be called before the end endpoint methods are invoked,
> whenever the REST service is called. But right now i can call the endpoint
> methods just fine though SSL, but the interceptor is never called, which
> makes it hard for me to know if 2way SSL is currently working or not.
>
> I don't expect 1 and 2way SSL to have anything at all to do with this, but
> i am mentioning it because i'm ignorant (Just in case) :)
>
> Versions:
> CXF 3.1.6
> CXF-DOSGI 1.8.0
>
>
> My interceptor:
> import java.security.cert.Certificate;
> import java.security.cert.X509Certificate;
> import org.apache.cxf.interceptor.Fault;
> import org.apache.cxf.message.Message;
> import org.apache.cxf.phase.AbstractPhaseInterceptor;
> import org.apache.cxf.phase.Phase;
> import org.apache.cxf.security.transport.TLSSessionInfo;
> import org.slf4j.Logger;
> import org.slf4j.LoggerFactory;
>
> public class CertificateInterceptor extends AbstractPhaseInterceptor {
>
> private static final Logger LOGGER =
> LoggerFactory.getLogger(CertificateInterceptor.class);
>
> public CertificateInterceptor() {
> super(Phase.RECEIVE);
> LOGGER.debug("Starting certificate interceptor");
> }
>
> public void handleMessage(Message message) throws Fault {
> LOGGER.debug("Handling message: "+message.getId());
> TLSSessionInfo tlsSessionInfo = (TLSSessionInfo) message
> .get(TLSSessionInfo.class);
> if (tlsSessionInfo != null) {
> Certificate[] peerCerts = tlsSessionInfo.getPeerCertificates();
> LOGGER.info("Discovered TLSSession: "+tlsSessionInfo);
> if (peerCerts != null) {
> for (int i = 0; i < peerCerts.length; i++) {
> X509Certificate x509certificate = (X509Certificate) peerCerts[i];
> LOGGER.info("Retrieved certificate: " +
> x509certificate.getSubjectDN().getName() + " pubkey: " +
> x509certificate.getPublicKey());
> }
> }
>
> } else {
> LOGGER.info("NO x509certificate");
> }
> }
>
> }
>
>
> My endpoint:
>
>
> @Component(property = {
> "service.exported.interfaces=*", "service.exported.configs=org.apache.cxf.rs
> ",
> "org.apache.cxf.rs.httpservice.context="+LicenseServiceEndpoint.endpoint,
> "org.apache.cxf.rs.in.interceptors=com.polis.licensing.server.rest.interceptor.CertificateInterceptor"})
> public class LicenseServiceEndpoint implements LicenseServiceRest{
> public static final String endpoint = "/polis/licenseservice";
> private List<ServiceRegistration<MessageBodyReader>> readerRefs = new
> ArrayList<>();
> private List<ServiceRegistration<MessageBodyWriter>> writerRefs = new
> ArrayList<>();
>
>
> ...Various endpoint-methods...
>
> @Activate
> public void activate(BundleContext context) throws Exception{
> registerProvider(context, new CertificateRequestProvider()); //<--- This is
> a messagebodyreader/writer. It should be irrelevant for this question
> }
>
> @Deactivate
> public void deactivate(BundleContext context) throws Exception{
> for(int i = readerRefs.size()-1 ; i>=0 ; i--){
> readerRefs.get(i).unregister();
> readerRefs.remove(i);
> }
> for(int i = writerRefs.size()-1 ; i>=0 ; i--){
> writerRefs.get(i).unregister();
> writerRefs.remove(i);
> }
> }
>
> private <E extends MessageBodyReader & MessageBodyWriter> void
> registerProvider(BundleContext context, E provider){
> readerRefs.add(context.registerService(MessageBodyReader.class, provider,
> null));
> writerRefs.add(context.registerService(MessageBodyWriter.class, provider,
> null));
> }
>
> }
>
>
> Thank you in advance for your usual helpful demeanor:)
>
> -Martin
>
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/