You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@servicemix.apache.org by Philip <po...@googlemail.com> on 2010/01/04 11:16:29 UTC
Re: Read out header information with CXF-interceptor
Hi
first of all happy new year and thanks for your replies!
On Thu, Dec 17, 2009 at 2:33 PM, Freeman Fang <fr...@gmail.com>wrote:
>
> You needn't add JbiJAASInterceptor explicitly in spring bean, it's added by
> default for cxf bc consumer endpoint and passed in AuthenticationService as
> argument for constructor.
> The error you saw means JbiJAASInterceptor has no default constructor, it
> needs an argument for constructor.
>
What we have to do here exaxtly - do we have to add something like
<constructor-arg> in the xbean.xml?
Furthermore we don't really know ho to use the result-vector of this
Interceptor?
Thanks again,
Philip + Nicolas
Re: Read out header information with CXF-interceptor
Posted by Philip <po...@googlemail.com>.
Hi,
we like to thank everybody for the great help.
We solved our problem and got our cxf-bc running. We wrote the whole project
in a composition and uploaded to our homepage. Unfortunately it is written
in german.
But maybe somebody like to read it:
http://www.nhoppe.de/Sammelsurium/Eintrage/2010/2/1_Authentisierung_und_Autorisierung_am_Enterprise_Service_Bus.html
Best regards and again thank you!
N + P
On Wed, Jan 20, 2010 at 3:22 AM, Freeman Fang <fr...@gmail.com>wrote:
>
> On 2010-1-20, at 上午9:46, Philip wrote:
>
> Hi everybody,
>>
>> thanks again for your help.
>>
>> On Thu, Jan 14, 2010 at 3:07 AM, Freeman Fang <freeman.fang@gmail.com
>> >wrote:
>>
>> 2. We also added a SoapHeaderOutFilterInterceptor to clean the Header.
>>> The
>>>
>>>> reason for that is that the Provider shouldn't receive the secure
>>>> header.
>>>> Is
>>>> it possible to add a new header with different username/password?
>>>> Perhaps
>>>> with the WSS4JOutInterceptor?
>>>>
>>>> Yeah, you can configure WSS4JOutInterceptor for cxf bc provider
>>> endpoint
>>> which can add different username token ws-security header to the outgoing
>>> soap message.
>>>
>>
>> Freeman
>>
>>
>> we succesfully added the wss4joutinterceptor. now we just have one more
>> problem:
>>
>> the wss4joutinterceptor sets the attribute: soap:mustUnderstand="1"
>>
>> we have a WS-provider which doesn't understand soap, so we get a fault
>> message. do you know if it's possible to change the attribute to:
>> soap:mustUnderstand="0"?
>>
> Hi,
>
> I'm a little bit confused with your question, your external webservice need
> ws-security to do the auth, so you add WSS4JOutInterceptor, which add
> soap:mustUnderstand="1" for security headers. If your external webservice
> can't understand soap security headers, it can't auth with ws-security, why
> you need add WSS4JOutInterceptor for your cxf bc provider?
>
> I might be wrong for your scenario.
>
> Anyway as always you can write your interceptor to hack on-wire outgoing
> soap message and change the mustUnderstand flag.
>
> Freeman
>
Hi Freeman,
yeah you are completly right - it makes no sense. but our main project was a
research on cxf and cxf-bc.
we wanted to read out the header and save the header which is working now.
now we wanted to add another header.
worked with the ss
Re: Read out header information with CXF-interceptor
Posted by Freeman Fang <fr...@gmail.com>.
On 2010-1-20, at 上午9:46, Philip wrote:
> Hi everybody,
>
> thanks again for your help.
>
> On Thu, Jan 14, 2010 at 3:07 AM, Freeman Fang
> <fr...@gmail.com>wrote:
>
>> 2. We also added a SoapHeaderOutFilterInterceptor to clean the
>> Header. The
>>> reason for that is that the Provider shouldn't receive the secure
>>> header.
>>> Is
>>> it possible to add a new header with different username/password?
>>> Perhaps
>>> with the WSS4JOutInterceptor?
>>>
>> Yeah, you can configure WSS4JOutInterceptor for cxf bc provider
>> endpoint
>> which can add different username token ws-security header to the
>> outgoing
>> soap message.
>
> Freeman
>
>
> we succesfully added the wss4joutinterceptor. now we just have one
> more
> problem:
>
> the wss4joutinterceptor sets the attribute: soap:mustUnderstand="1"
>
> we have a WS-provider which doesn't understand soap, so we get a fault
> message. do you know if it's possible to change the attribute to:
> soap:mustUnderstand="0"?
Hi,
I'm a little bit confused with your question, your external webservice
need ws-security to do the auth, so you add WSS4JOutInterceptor, which
add soap:mustUnderstand="1" for security headers. If your external
webservice can't understand soap security headers, it can't auth with
ws-security, why you need add WSS4JOutInterceptor for your cxf bc
provider?
I might be wrong for your scenario.
Anyway as always you can write your interceptor to hack on-wire
outgoing soap message and change the mustUnderstand flag.
Freeaman
>
> If not, do you know what we have to add to our WS to understand the
> SOAP
> message?
>
> Best regards,
> Nicolas and Philip
--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com
Re: Read out header information with CXF-interceptor
Posted by Philip <po...@googlemail.com>.
Hi everybody,
thanks again for your help.
On Thu, Jan 14, 2010 at 3:07 AM, Freeman Fang <fr...@gmail.com>wrote:
> 2. We also added a SoapHeaderOutFilterInterceptor to clean the Header. The
>> reason for that is that the Provider shouldn't receive the secure header.
>> Is
>> it possible to add a new header with different username/password? Perhaps
>> with the WSS4JOutInterceptor?
>>
> Yeah, you can configure WSS4JOutInterceptor for cxf bc provider endpoint
> which can add different username token ws-security header to the outgoing
> soap message.
Freeman
we succesfully added the wss4joutinterceptor. now we just have one more
problem:
the wss4joutinterceptor sets the attribute: soap:mustUnderstand="1"
we have a WS-provider which doesn't understand soap, so we get a fault
message. do you know if it's possible to change the attribute to:
soap:mustUnderstand="0"?
If not, do you know what we have to add to our WS to understand the SOAP
message?
Best regards,
Nicolas and Philip
Re: Read out header information with CXF-interceptor
Posted by Freeman Fang <fr...@gmail.com>.
On 2010-1-14, at 上午4:04, Philip wrote:
> Hi,
>
> we found a different way to solve our problem. It was possible to
> read and
> save our header information in our callback handler. Thanks a lot
> for your
> support. We just have two more questions to finish our project:
>
> 1. Is it possible to disable the SecuredBroke?. The reason is that
> we want
> to verify the user/password in the callback handler and not in the
> properties.
Hi,
Disable SecuredBroker doesn't work in your case IMHO, as it invoke
authenticationService.authenticate in JbiJAASInterceptor as long as
you have ws-security usertoken headers.
If you don't want to configure JAAS properties for SMX to do auth, you
can write your own interceptor for cxf bc consumer to remove
JbiJAASInterceptor from the interceptor chain. The key code should be
public void handleMessage(SoapMessage message) throws Fault {
for (Interceptor interceptor : message.getInterceptorChain()) {
if
(interceptor
.getClass
().getName
().equals("org.apache.servicemix.cxfbc.interceptors.JbiJAASInterceptor")
) {
message.getInterceptorChain().remove(interceptor);
}
}
}
I think I can add a flag later on to mark JbiJAASInterceptor as
optional if necessary.
>
> 2. We also added a SoapHeaderOutFilterInterceptor to clean the
> Header. The
> reason for that is that the Provider shouldn't receive the secure
> header. Is
> it possible to add a new header with different username/password?
> Perhaps
> with the WSS4JOutInterceptor?
Yeah, you can configure WSS4JOutInterceptor for cxf bc provider
endpoint which can add different username token ws-security header to
the outgoing soap message.
Freeman
>
> Best regards,
> Philip and Nicolas
>
> On Fri, Jan 8, 2010 at 3:33 AM, Freeman Fang
> <fr...@gmail.com> wrote:
>
>> Hi,
>>
>> Seems you are using SecuredBroker, which delegate the auth to
>> JAAS, but
>> you didn't add your user/password to the configuration, that's why
>> you saw
>> the exception.
>>
>> You need do
>> edit $SMX_HOME/conf/users-passwords.properties
>> add
>> wss4j=xyz
>>
>> edit $SMX_HOME/conf/groups.properties
>> replace
>> admin=smx
>> with
>> admin=smx,wss4j
>>
>> Freeman
>>
>> On 2010-1-7, at 下午10:42, Philip wrote:
>>
>> Hi,
>>>
>>>
>>> On Tue, Jan 5, 2010 at 2:46 PM, Freeman Fang
>>> <fr...@gmail.com>
>>> wrote:
>>>
>>> You also need add SAAJInInterceptor & WSS4JInInterceptor for cxf bc
>>> consumer
>>>
>>>> endpoint inInterceptors, which extract and save necessary info to
>>>> the
>>>> vector
>>>> You may need take a look at xbean-jaas.xml[1], to learn how it
>>>> could be
>>>>
>>>> [1]
>>>>
>>>> https://svn.apache.org/repos/asf/servicemix/components/bindings/servicemix-cxf-bc/trunk/src/test/resources/org/apache/servicemix/cxfbc/ws/security/xbean-jaas.xml
>>>>
>>>> Freeman
>>>>
>>>
>>>
>>> we added the SAAJ & WSS4J this way:
>>> <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"
>>> id="saajin" />
>>> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"
>>> id="wss4jin">
>>> <constructor-arg>
>>> <map>
>>> <entry key="action" value="UsernameToken"/>
>>> <entry key="passwordType" value="PasswordText"/>
>>> <entry key="user" value="wss4j"/>
>>> <entry key="passwordCallbackRef">
>>> <ref bean="myPasswordCallback"/>
>>> </entry>
>>> </map>
>>> </constructor-arg>
>>> </bean>
>>>
>>> with our callback class we can read out the Username and Password
>>> but we
>>> get
>>> following error:
>>>
>>> Caused by: javax.security.auth.login.FailedLoginException: User
>>> does not
>>> exist
>>>
>>> The username we send is "wss4j" and the password is "xyz". This is
>>> our
>>> callback handler class:
>>>
>>> public class ServerPasswordCallback implements CallbackHandler {
>>>
>>> private static final Log logger =
>>> LogFactory.getLog(ServerPasswordCallback.class);
>>> private static Map passwords = new HashMap();
>>>
>>> static {
>>> passwords.put("wss4j", "xyz");
>>> }
>>>
>>> public void handle(Callback[] callbacks) throws IOException,
>>> UnsupportedCallbackException {
>>> for (int i = 0; i < callbacks.length; i++) {
>>> WSPasswordCallback pc = (WSPasswordCallback)
>>> callbacks[i];
>>> String pass = (String)
>>> passwords.get(pc.getIdentifer());
>>>
>>> if (pass != null) {
>>> pc.setPassword(pass);
>>> }
>>> else { throw new
>>> UnsupportedCallbackException(callbacks[i], "Unrecognized
>>> Callback"); }
>>>
>>> logger.info("pw-callback done"); // we get this
>>> in the
>>> console
>>> }
>>> }
>>>
>>>
>>> Do you know what we have to do? Where does the Handler validate the
>>> username? Or what does this error mean?
>>>
>>> Thanks again,
>>> Nicolas and Philip
>>>
>>
>>
>> --
>> Freeman Fang
>> ------------------------
>> Open Source SOA: http://fusesource.com
>>
>>
--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com
Re: Read out header information with CXF-interceptor
Posted by Philip <po...@googlemail.com>.
Hi,
we found a different way to solve our problem. It was possible to read and
save our header information in our callback handler. Thanks a lot for your
support. We just have two more questions to finish our project:
1. Is it possible to disable the SecuredBroke?. The reason is that we want
to verify the user/password in the callback handler and not in the
properties.
2. We also added a SoapHeaderOutFilterInterceptor to clean the Header. The
reason for that is that the Provider shouldn't receive the secure header. Is
it possible to add a new header with different username/password? Perhaps
with the WSS4JOutInterceptor?
Best regards,
Philip and Nicolas
On Fri, Jan 8, 2010 at 3:33 AM, Freeman Fang <fr...@gmail.com> wrote:
> Hi,
>
> Seems you are using SecuredBroker, which delegate the auth to JAAS, but
> you didn't add your user/password to the configuration, that's why you saw
> the exception.
>
> You need do
> edit $SMX_HOME/conf/users-passwords.properties
> add
> wss4j=xyz
>
> edit $SMX_HOME/conf/groups.properties
> replace
> admin=smx
> with
> admin=smx,wss4j
>
> Freeman
>
> On 2010-1-7, at 下午10:42, Philip wrote:
>
> Hi,
>>
>>
>> On Tue, Jan 5, 2010 at 2:46 PM, Freeman Fang <fr...@gmail.com>
>> wrote:
>>
>> You also need add SAAJInInterceptor & WSS4JInInterceptor for cxf bc
>> consumer
>>
>>> endpoint inInterceptors, which extract and save necessary info to the
>>> vector
>>> You may need take a look at xbean-jaas.xml[1], to learn how it could be
>>>
>>> [1]
>>>
>>> https://svn.apache.org/repos/asf/servicemix/components/bindings/servicemix-cxf-bc/trunk/src/test/resources/org/apache/servicemix/cxfbc/ws/security/xbean-jaas.xml
>>>
>>> Freeman
>>>
>>
>>
>> we added the SAAJ & WSS4J this way:
>> <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"
>> id="saajin" />
>> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"
>> id="wss4jin">
>> <constructor-arg>
>> <map>
>> <entry key="action" value="UsernameToken"/>
>> <entry key="passwordType" value="PasswordText"/>
>> <entry key="user" value="wss4j"/>
>> <entry key="passwordCallbackRef">
>> <ref bean="myPasswordCallback"/>
>> </entry>
>> </map>
>> </constructor-arg>
>> </bean>
>>
>> with our callback class we can read out the Username and Password but we
>> get
>> following error:
>>
>> Caused by: javax.security.auth.login.FailedLoginException: User does not
>> exist
>>
>> The username we send is "wss4j" and the password is "xyz". This is our
>> callback handler class:
>>
>> public class ServerPasswordCallback implements CallbackHandler {
>>
>> private static final Log logger =
>> LogFactory.getLog(ServerPasswordCallback.class);
>> private static Map passwords = new HashMap();
>>
>> static {
>> passwords.put("wss4j", "xyz");
>> }
>>
>> public void handle(Callback[] callbacks) throws IOException,
>> UnsupportedCallbackException {
>> for (int i = 0; i < callbacks.length; i++) {
>> WSPasswordCallback pc = (WSPasswordCallback)
>> callbacks[i];
>> String pass = (String) passwords.get(pc.getIdentifer());
>>
>> if (pass != null) {
>> pc.setPassword(pass);
>> }
>> else { throw new
>> UnsupportedCallbackException(callbacks[i], "Unrecognized Callback"); }
>>
>> logger.info("pw-callback done"); // we get this in the
>> console
>> }
>> }
>>
>>
>> Do you know what we have to do? Where does the Handler validate the
>> username? Or what does this error mean?
>>
>> Thanks again,
>> Nicolas and Philip
>>
>
>
> --
> Freeman Fang
> ------------------------
> Open Source SOA: http://fusesource.com
>
>
Re: Read out header information with CXF-interceptor
Posted by Philip <po...@googlemail.com>.
Hi,
thank you very much. This had been exactly our fault.
On Fri, Jan 8, 2010 at 3:33 AM, Freeman Fang <fr...@gmail.com> wrote:
> Seems you are using SecuredBroker, which delegate the auth to JAAS, but
> you didn't add your user/password to the configuration, that's why you saw
> the exception.
> You need do
> edit $SMX_HOME/conf/users-passwords.properties
> add
> wss4j=xyz
>
> edit $SMX_HOME/conf/groups.properties
> replace
> admin=smx
> with
> admin=smx,wss4j
> Freeman
Now we tried to deploy our project and got another error. This is the
interceptor:
public class SoapInInterceptor extends AbstractWSS4JInterceptor {
private String domain = "servicemix-domain";
private AuthenticationService authenticationService;
private ThreadLocal<Subject> currentSubject = new
ThreadLocal<Subject>();
public SoapInInterceptor(AuthenticationService authenticationService) {
super();
setPhase(Phase.PRE_PROTOCOL);
getAfter().add(WSS4JInInterceptor.class.getName()); //after
WSS4JInInterceptor?!?!?
this.authenticationService = authenticationService;
}
public void handleMessage(SoapMessage message) throws Fault {
try {
Subject subject = (Subject) currentSubject.get();
if (subject == null) {
subject = new Subject();
currentSubject.set(subject);
}
List<Object> results =
(Vector<Object>)message.get(WSHandlerConstants.RECV_RESULTS);
if (results == null) {
return;
}
for (Iterator iter = results.iterator(); iter.hasNext();) {
WSHandlerResult hr = (WSHandlerResult) iter.next();
if (hr == null || hr.getResults() == null) {
return;
}
for (Iterator it = hr.getResults().iterator();
it.hasNext();) {
WSSecurityEngineResult er = (WSSecurityEngineResult)
it.next();
WSUsernameTokenPrincipal p =
(WSUsernameTokenPrincipal)er.getPrincipal();
if (er != null && er.getPrincipal() instanceof
WSUsernameTokenPrincipal) {
subject.getPrincipals().add(p);
this.authenticationService.authenticate(subject,
domain, p.getName(), p.getPassword());
}
logger.info("nach 2. for-Schleife im SOAPInInterceptor");
}
logger.info("nach 1. for-Schleife im SOAPInInterceptor");
}
message.put(Subject.class, subject);
} catch (GeneralSecurityException e) {
throw new Fault(e);
} finally {
currentSubject.set(null);
}
}
}
And we got this error:
[java] ERROR - CxfBcComponent -
org.springframework.beans.factory.BeanCreationException: Error creating bean
with name 'org.apache.servicemix.cxfbc.CxfBcConsumer#0' defined in file
[C:\praxisseminar\apache-servicemix-3.3\data\smx\service-assemblies\SA-CALC-CXF-Teil2\version_2\sus\servicemix-cxf-bc\SU-CALC-CXF-BC\xbean.xml]:
Cannot create inner bean 'de.ps.SoapInInterceptor#0' of type
[de.ps.SoapInInterceptor] while setting bean property 'inInterceptors' with
key [3]; nested exception is
org.springframework.beans.factory.BeanCreationException: Error creating bean
with name 'de.ps.SoapInInterceptor#0' defined in file
[C:\praxisseminar\apache-servicemix-3.3\data\smx\service-assemblies\SA-CALC-CXF-Teil2\version_2\sus\servicemix-cxf-bc\SU-CALC-CXF-BC\xbean.xml]:
Instantiation of bean failed; nested exception is
org.springframework.beans.BeanInstantiationException: Could not instantiate
bean class [de.ps.SoapInInterceptor]: No default constructor found; nested
exception is java.lang.NoSuchMethodException:
de.ps.SoapInInterceptor.<init>()
[java] [Fatal Error] :13:979: The element type "init" must be
terminated by the matching end-tag "</init>".
[java] ERROR - AutoDeploymentService - Failed to update
Service Assembly...
Any ideas? I think we´ve got a problem with the authenticationService but we
can´t figure out where the problem is.
Thanks a lot.
Best regards,
N + P
Re: Read out header information with CXF-interceptor
Posted by Freeman Fang <fr...@gmail.com>.
Hi,
Seems you are using SecuredBroker, which delegate the auth to JAAS,
but you didn't add your user/password to the configuration, that's why
you saw the exception.
You need do
edit $SMX_HOME/conf/users-passwords.properties
add
wss4j=xyz
edit $SMX_HOME/conf/groups.properties
replace
admin=smx
with
admin=smx,wss4j
Freeman
On 2010-1-7, at 下午10:42, Philip wrote:
> Hi,
>
>
> On Tue, Jan 5, 2010 at 2:46 PM, Freeman Fang
> <fr...@gmail.com> wrote:
>
> You also need add SAAJInInterceptor & WSS4JInInterceptor for cxf bc
> consumer
>> endpoint inInterceptors, which extract and save necessary info to
>> the vector
>> You may need take a look at xbean-jaas.xml[1], to learn how it
>> could be
>>
>> [1]
>> https://svn.apache.org/repos/asf/servicemix/components/bindings/servicemix-cxf-bc/trunk/src/test/resources/org/apache/servicemix/cxfbc/ws/security/xbean-jaas.xml
>>
>> Freeman
>
>
> we added the SAAJ & WSS4J this way:
> <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"
> id="saajin" />
> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"
> id="wss4jin">
> <constructor-arg>
> <map>
> <entry key="action" value="UsernameToken"/>
> <entry key="passwordType" value="PasswordText"/>
> <entry key="user" value="wss4j"/>
> <entry key="passwordCallbackRef">
> <ref bean="myPasswordCallback"/>
> </entry>
> </map>
> </constructor-arg>
> </bean>
>
> with our callback class we can read out the Username and Password
> but we get
> following error:
>
> Caused by: javax.security.auth.login.FailedLoginException: User does
> not
> exist
>
> The username we send is "wss4j" and the password is "xyz". This is our
> callback handler class:
>
> public class ServerPasswordCallback implements CallbackHandler {
>
> private static final Log logger =
> LogFactory.getLog(ServerPasswordCallback.class);
> private static Map passwords = new HashMap();
>
> static {
> passwords.put("wss4j", "xyz");
> }
>
> public void handle(Callback[] callbacks) throws IOException,
> UnsupportedCallbackException {
> for (int i = 0; i < callbacks.length; i++) {
> WSPasswordCallback pc = (WSPasswordCallback)
> callbacks[i];
> String pass = (String)
> passwords.get(pc.getIdentifer());
>
> if (pass != null) {
> pc.setPassword(pass);
> }
> else { throw new
> UnsupportedCallbackException(callbacks[i], "Unrecognized Callback"); }
>
> logger.info("pw-callback done"); // we get this
> in the
> console
> }
> }
>
>
> Do you know what we have to do? Where does the Handler validate the
> username? Or what does this error mean?
>
> Thanks again,
> Nicolas and Philip
--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com
Re: Read out header information with CXF-interceptor
Posted by Philip <po...@googlemail.com>.
Hi,
On Tue, Jan 5, 2010 at 2:46 PM, Freeman Fang <fr...@gmail.com> wrote:
You also need add SAAJInInterceptor & WSS4JInInterceptor for cxf bc consumer
> endpoint inInterceptors, which extract and save necessary info to the vector
> You may need take a look at xbean-jaas.xml[1], to learn how it could be
>
> [1]
> https://svn.apache.org/repos/asf/servicemix/components/bindings/servicemix-cxf-bc/trunk/src/test/resources/org/apache/servicemix/cxfbc/ws/security/xbean-jaas.xml
>
> Freeman
we added the SAAJ & WSS4J this way:
<bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"
id="saajin" />
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"
id="wss4jin">
<constructor-arg>
<map>
<entry key="action" value="UsernameToken"/>
<entry key="passwordType" value="PasswordText"/>
<entry key="user" value="wss4j"/>
<entry key="passwordCallbackRef">
<ref bean="myPasswordCallback"/>
</entry>
</map>
</constructor-arg>
</bean>
with our callback class we can read out the Username and Password but we get
following error:
Caused by: javax.security.auth.login.FailedLoginException: User does not
exist
The username we send is "wss4j" and the password is "xyz". This is our
callback handler class:
public class ServerPasswordCallback implements CallbackHandler {
private static final Log logger =
LogFactory.getLog(ServerPasswordCallback.class);
private static Map passwords = new HashMap();
static {
passwords.put("wss4j", "xyz");
}
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
WSPasswordCallback pc = (WSPasswordCallback)
callbacks[i];
String pass = (String) passwords.get(pc.getIdentifer());
if (pass != null) {
pc.setPassword(pass);
}
else { throw new
UnsupportedCallbackException(callbacks[i], "Unrecognized Callback"); }
logger.info("pw-callback done"); // we get this in the
console
}
}
Do you know what we have to do? Where does the Handler validate the
username? Or what does this error mean?
Thanks again,
Nicolas and Philip
Re: Read out header information with CXF-interceptor
Posted by Freeman Fang <fr...@gmail.com>.
Hi,
You also need add SAAJInInterceptor & WSS4JInInterceptor for cxf bc
consumer endpoint inInterceptors, which extract and save necessary
info to the vector
You may need take a look at xbean-jaas.xml[1], to learn how it could be
[1]https://svn.apache.org/repos/asf/servicemix/components/bindings/servicemix-cxf-bc/trunk/src/test/resources/org/apache/servicemix/cxfbc/ws/security/xbean-jaas.xml
Freeman
On 2010-1-5, at 下午6:09, Philip wrote:
> Hi,
>
> thanks for your patient help. We integrated the interceptor as you
> explained
> and tested it with the following soap-message:
>
> <soapenv:Header>
> <wsse:Security>
> <wsse:usernameToken wsu:Id="UsernameToken"
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> ">
> <wsse:username>Peter</wsse:username>
> <wsse:password>xyz</wsse:password>
> </wsse:usernameToken>
> </wsse:Security>
> </soapenv:Header>
>
> We tried to read out the results vector but didn´t get an output.
> Furthermore we added a logger to locate the error. In our opinion
> the vector
> is null. Is our SOAP message correct? Any ideas?
>
>
> On Mon, Jan 4, 2010 at 1:36 PM, Freeman Fang
> <fr...@gmail.com> wrote:
>
>>
>> List<Object> results =
>> (Vector<Object>)message.get(WSHandlerConstants.RECV_RESULTS);
>> if (results == null) {
>>
>
> logger.info("vector null?"); // the console shows this message
>
> return;
>> }
>>
>
> logger.info("not null"); // no message in cosole
>
> for (Iterator iter = results.iterator(); iter.hasNext();) {
>> WSHandlerResult hr = (WSHandlerResult) iter.next();
>> if (hr == null || hr.getResults() == null) {
>> return;
>> }
>>
>> for (Iterator it = hr.getResults().iterator();
>> it.hasNext();) {
>> WSSecurityEngineResult er =
>> (WSSecurityEngineResult)
>> it.next();
>>
>> if (er != null && er.getPrincipal() instanceof
>> WSUsernameTokenPrincipal) {
>> WSUsernameTokenPrincipal p =
>> (WSUsernameTokenPrincipal)er.getPrincipal();
>> p.getName();//here you get the username
>> p.getPassword();//here you get the password
>> }
>> }
>> }
>>
>
> Thanks in advance
> Nicolas and Philip
--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com
Re: Read out header information with CXF-interceptor
Posted by Philip <po...@googlemail.com>.
Hi,
thanks for your patient help. We integrated the interceptor as you explained
and tested it with the following soap-message:
<soapenv:Header>
<wsse:Security>
<wsse:usernameToken wsu:Id="UsernameToken"
xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
">
<wsse:username>Peter</wsse:username>
<wsse:password>xyz</wsse:password>
</wsse:usernameToken>
</wsse:Security>
</soapenv:Header>
We tried to read out the results vector but didn´t get an output.
Furthermore we added a logger to locate the error. In our opinion the vector
is null. Is our SOAP message correct? Any ideas?
On Mon, Jan 4, 2010 at 1:36 PM, Freeman Fang <fr...@gmail.com> wrote:
>
> List<Object> results =
> (Vector<Object>)message.get(WSHandlerConstants.RECV_RESULTS);
> if (results == null) {
>
logger.info("vector null?"); // the console shows this message
return;
> }
>
logger.info("not null"); // no message in cosole
for (Iterator iter = results.iterator(); iter.hasNext();) {
> WSHandlerResult hr = (WSHandlerResult) iter.next();
> if (hr == null || hr.getResults() == null) {
> return;
> }
>
> for (Iterator it = hr.getResults().iterator();
> it.hasNext();) {
> WSSecurityEngineResult er = (WSSecurityEngineResult)
> it.next();
>
> if (er != null && er.getPrincipal() instanceof
> WSUsernameTokenPrincipal) {
> WSUsernameTokenPrincipal p =
> (WSUsernameTokenPrincipal)er.getPrincipal();
> p.getName();//here you get the username
> p.getPassword();//here you get the password
> }
> }
> }
>
Thanks in advance
Nicolas and Philip
Re: Read out header information with CXF-interceptor
Posted by Freeman Fang <fr...@gmail.com>.
On 2010-1-4, at 下午7:34, Philip wrote:
>>
>>> On Thu, Dec 17, 2009 at 2:33 PM, Freeman Fang
>>> <freeman.fang@gmail.com
>>>> wrote:
>>>
>> I just suggest you take a look at this JbiJAASInterceptor and learn
>> how to
>> extract username token from wss4j soap headers, I believe that's
>> what you
>> want to do.
>
>
> Right, this is what we like to do. We understood how the interceptor
> reads
> the username etc. But where we have to put the interceptor? Is it
> right to
> put the JbiJAASInterceptor in the xbean of the cxf-bc (consumer-
> part)? Or do
> we have to use an own interceptor and include the JbiJAAS?
>
> If its right to include the JbiJAASInterceptor directly in the
> xbean.xml
> (inInterceptor): what we have to do to fix the contructor/argument
> error at
> deploy?
>
Hi,
No, you shouldn't include the JbiJAASInterceptor directly in the
xbean.xml.
You need write your own interceptor, assume your interceptor is
your_interceptor_package.your_interceptor_class
put the code piece like
List<Object> results =
(Vector<Object>)message.get(WSHandlerConstants.RECV_RESULTS);
if (results == null) {
return;
}
for (Iterator iter = results.iterator(); iter.hasNext();) {
WSHandlerResult hr = (WSHandlerResult) iter.next();
if (hr == null || hr.getResults() == null) {
return;
}
for (Iterator it = hr.getResults().iterator();
it.hasNext();) {
WSSecurityEngineResult er =
(WSSecurityEngineResult) it.next();
if (er != null && er.getPrincipal() instanceof
WSUsernameTokenPrincipal) {
WSUsernameTokenPrincipal p =
(WSUsernameTokenPrincipal)er.getPrincipal();
p.getName();//here you get the username
p.getPassword();//here you get the password
}
}
}
in your interceptor, and in the xbean.xml for your cxf bc consumer,
add your interceptor like
<cxfbc:inInterceptors>
<bean
class="your_interceptor_package.your_interceptor_class"/>
</cxfbc:inInterceptors>
Freeman
> Thanks!
> N./P.
--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com
Re: Read out header information with CXF-interceptor
Posted by Philip <po...@googlemail.com>.
>
>> On Thu, Dec 17, 2009 at 2:33 PM, Freeman Fang <freeman.fang@gmail.com
>> >wrote:
>>
> I just suggest you take a look at this JbiJAASInterceptor and learn how to
> extract username token from wss4j soap headers, I believe that's what you
> want to do.
Right, this is what we like to do. We understood how the interceptor reads
the username etc. But where we have to put the interceptor? Is it right to
put the JbiJAASInterceptor in the xbean of the cxf-bc (consumer-part)? Or do
we have to use an own interceptor and include the JbiJAAS?
If its right to include the JbiJAASInterceptor directly in the xbean.xml
(inInterceptor): what we have to do to fix the contructor/argument error at
deploy?
Thanks!
N./P.
Re: Read out header information with CXF-interceptor
Posted by Freeman Fang <fr...@gmail.com>.
On 2010-1-4, at 下午6:16, Philip wrote:
> Hi
>
> first of all happy new year and thanks for your replies!
>
> On Thu, Dec 17, 2009 at 2:33 PM, Freeman Fang
> <fr...@gmail.com>wrote:
>
>>
>> You needn't add JbiJAASInterceptor explicitly in spring bean, it's
>> added by
>> default for cxf bc consumer endpoint and passed in
>> AuthenticationService as
>> argument for constructor.
>> The error you saw means JbiJAASInterceptor has no default
>> constructor, it
>> needs an argument for constructor.
>>
>
> What we have to do here exaxtly - do we have to add something like
> <constructor-arg> in the xbean.xml?
Hi,
No, you needn't add <constructor-arg> as JbiJAASInterceptor is added
by default already.
I just suggest you take a look at this JbiJAASInterceptor and learn
how to extract username token from wss4j soap headers, I believe
that's what you want to do.
>
> Furthermore we don't really know ho to use the result-vector of this
> Interceptor?
Basically you can just iterate this vector to find
WSUsernameTokenPrincipal, then you can get username/password from it.
The main code already in JbiJAASInterceptor, something like
List<Object> results =
(Vector<Object>)message.get(WSHandlerConstants.RECV_RESULTS);
if (results == null) {
return;
}
for (Iterator iter = results.iterator(); iter.hasNext();) {
WSHandlerResult hr = (WSHandlerResult) iter.next();
if (hr == null || hr.getResults() == null) {
return;
}
for (Iterator it = hr.getResults().iterator();
it.hasNext();) {
WSSecurityEngineResult er =
(WSSecurityEngineResult) it.next();
if (er != null && er.getPrincipal() instanceof
WSUsernameTokenPrincipal) {
WSUsernameTokenPrincipal p =
(WSUsernameTokenPrincipal)er.getPrincipal();
p.getName();//here you get the username
p.getPassword();//here you get the password
}
}
}
Freeman
>
> Thanks again,
> Philip + Nicolas
--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com