You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@camel.apache.org by "martin.pelikan" <ma...@profinit.eu> on 2016/11/22 16:11:53 UTC

WS-SecurityPolicy and WS-Timestamp

Hi,

I have a simple SOAP Proxy (input is non-secured, backend is secured by
UsernameToken) in Spring, using Camel CXF and I would like to implement
WS-Timestamp on producer endpoint. We are using WS-SecurityPolicy to
authenticate against backend. As I understand there is one option - to
leverage wss4jOutInterceptor. But I would need to change the authentication
from WS-SecurityPolicy to wss4j which is not desired.

Is there any easy way how to add the functionality? I haven't find anything
on the official website (http://cxf.apache.org/docs/ws-securitypolicy.html).
Thank you very much.

cxfEndpoint for reference:
	<cxfEndpoint id="SendMessage1" serviceName="tns:SendMessageService" 
wsdlURL="classpath:/SendMessage.wsdl" address="${http.client.url}"
xmlns="http://camel.apache.org/schema/blueprint/cxf"
xmlns:tns="urn:send:message">
		<properties>
			<entry key="dataFormat" value="PAYLOAD"
xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" />
			<entry key="ws-security.username" value="${ws-security.username}"
xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" />
			<entry key="ws-security.password" value="${ws-security.password}"
xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" />
			<entry key="ws-security.security.token.lifetime" value="60000"
xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" />
		</properties>
		<inInterceptors />
		
		<features>
			<reference id="eventFeature"
interface="org.talend.esb.sam.agent.feature.EventFeature"
xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" />
			<wsa:addressing allowDuplicates="false"
xmlns:wsa="http://cxf.apache.org/ws/addressing" />
			<policies xmlns="http://cxf.apache.org/policy">
				<PolicyReference URI="etc/org.talend.esb.job.token.policy"
xmlns="http://www.w3.org/ns/ws-policy" />
			</policies>
		</features>
		<binding>
			<soap:soapBinding version="1.2"
xmlns:soap="http://cxf.apache.org/blueprint/bindings/soap" />
		</binding>
	</cxfEndpoint>



--
View this message in context: http://camel.465427.n5.nabble.com/WS-SecurityPolicy-and-WS-Timestamp-tp5790373.html
Sent from the Camel - Users mailing list archive at Nabble.com.

Re: WS-SecurityPolicy and WS-Timestamp

Posted by "martin.pelikan" <ma...@profinit.eu>.

Hi Claus,

I solved the problem. First approach was to leverage wss4jOutInterceptor. I
was able to generate WS-UsernameToken, WS-Timestamp and WS-Addressing in
request, but unfortunatelly in wrong order
(Timestamp->UsernameToken->Addressing). I wasn't able to change the element
order, thus had to find another solution.

Solution is rather simple - to create a policy file and insert policies
there and apply policy in cxfEndpoint--features.

<?xml version="1.0" encoding="UTF-8" ?>
<wsp:Policy wsu:Id="UsernameToken Timestamp" xmlns:wsu=
    
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
      xmlns:wsp="http://www.w3.org/ns/ws-policy">
    <wsp:ExactlyOne>
      <wsp:All>
	  	<sp:TransportBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
           <wsp:Policy>
				<sp:IncludeTimestamp/>
           </wsp:Policy>
        </sp:TransportBinding>
        <sp:SupportingTokens
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
          <wsp:Policy>
            <sp:UsernameToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"
>
                <wsp:Policy/>
            </sp:UsernameToken>
          </wsp:Policy>
        </sp:SupportingTokens>
      </wsp:All>
    </wsp:ExactlyOne>
</wsp:Policy>


<cxfEndpoint>
....
<features>
	<wsa:addressing allowDuplicates="false"
xmlns:wsa="http://cxf.apache.org/ws/addressing" />
	<policies xmlns="http://cxf.apache.org/policy">
		<PolicyReference xmlns="http://www.w3.org/ns/ws-policy"
URI="etc/org.talend.esb.job.token.ts.policy"/>
	</policies>
</features>
....
</cxfEndpoint>



--
View this message in context: http://camel.465427.n5.nabble.com/WS-SecurityPolicy-and-WS-Timestamp-tp5790373p5790550.html
Sent from the Camel - Users mailing list archive at Nabble.com.

Re: WS-SecurityPolicy and WS-Timestamp

Posted by Claus Ibsen <cl...@gmail.com>.

Hi

Try to get some attention from some of the CXF committers or ask on
CXF user mailing list as this question is more about CXF than Camel.
If you find an answer then you are very much welcome to write back so
others can find this in the future.

On Tue, Nov 22, 2016 at 5:11 PM, martin.pelikan
<ma...@profinit.eu> wrote:
> Hi,
>
> I have a simple SOAP Proxy (input is non-secured, backend is secured by
> UsernameToken) in Spring, using Camel CXF and I would like to implement
> WS-Timestamp on producer endpoint. We are using WS-SecurityPolicy to
> authenticate against backend. As I understand there is one option - to
> leverage wss4jOutInterceptor. But I would need to change the authentication
> from WS-SecurityPolicy to wss4j which is not desired.
>
> Is there any easy way how to add the functionality? I haven't find anything
> on the official website (http://cxf.apache.org/docs/ws-securitypolicy.html).
> Thank you very much.
>
> cxfEndpoint for reference:
>         <cxfEndpoint id="SendMessage1" serviceName="tns:SendMessageService"
> wsdlURL="classpath:/SendMessage.wsdl" address="${http.client.url}"
> xmlns="http://camel.apache.org/schema/blueprint/cxf"
> xmlns:tns="urn:send:message">
>                 <properties>
>                         <entry key="dataFormat" value="PAYLOAD"
> xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" />
>                         <entry key="ws-security.username" value="${ws-security.username}"
> xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" />
>                         <entry key="ws-security.password" value="${ws-security.password}"
> xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" />
>                         <entry key="ws-security.security.token.lifetime" value="60000"
> xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" />
>                 </properties>
>                 <inInterceptors />
>
>                 <features>
>                         <reference id="eventFeature"
> interface="org.talend.esb.sam.agent.feature.EventFeature"
> xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" />
>                         <wsa:addressing allowDuplicates="false"
> xmlns:wsa="http://cxf.apache.org/ws/addressing" />
>                         <policies xmlns="http://cxf.apache.org/policy">
>                                 <PolicyReference URI="etc/org.talend.esb.job.token.policy"
> xmlns="http://www.w3.org/ns/ws-policy" />
>                         </policies>
>                 </features>
>                 <binding>
>                         <soap:soapBinding version="1.2"
> xmlns:soap="http://cxf.apache.org/blueprint/bindings/soap" />
>                 </binding>
>         </cxfEndpoint>
>
>
>
> --
> View this message in context: http://camel.465427.n5.nabble.com/WS-SecurityPolicy-and-WS-Timestamp-tp5790373.html
> Sent from the Camel - Users mailing list archive at Nabble.com.



-- 
Claus Ibsen
-----------------
http://davsclaus.com @davsclaus
Camel in Action 2: https://www.manning.com/ibsen2