You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Vassilis Virvilis <v....@biovista.com> on 2012/08/01 11:10:45 UTC
ws-security and javascript
Hello everybody,
We are evaluating the use of CXF directly in the browser and we have the
following problem.
Some of our services are WS-security enabled. For these services we
cannot get the http://server/service?js auto-generated script to produce
any proxies to our services. For the non WS-security enabled everything
works.
We looked all over the web but we didn't find a way to configure the
WSS4JOutInterceptor for the javascript client. Is this a known
limitation? Is it possible to use javascript and WS-security at all? We
are currently using 2.3.3 but we are considering upgrading if that would
help.
Thanks in advance
--
__________________________________
Vassilis Virvilis Ph.D.
Head of IT
Biovista Inc.
US Offices
2421 Ivy Road
Charlottesville, VA 22903
USA
T: +1.434.971.1141
F: +1.434.971.1144
European Offices
34 Rodopoleos Street
Ellinikon, Athens 16777
GREECE
T: +30.210.9629848
F: +30.210.9647606
www.biovista.com
Biovista is a privately held biotechnology company that finds novel uses
for existing drugs, and profiles their side effects using their
mechanism of action. Biovista develops its own pipeline of drugs in CNS,
oncology, auto-immune and rare diseases. Biovista is collaborating with
biopharmaceutical companies on indication expansion and de-risking of
their portfolios and with the FDA on adverse event prediction.
Re: ws-security and javascript
Posted by Vassilis Virvilis <v....@biovista.com>.
Hello Dan,
Thanks for the quick reply. I have a note and a question.
On 01/08/2012 10:13 μμ, Daniel Kulp wrote:
> On Wednesday, August 01, 2012 12:10:45 PM Vassilis Virvilis wrote:
>> We looked all over the web but we didn't find a way to configure the
>> WSS4JOutInterceptor for the javascript client. Is this a known
>> limitation? Is it possible to use javascript and WS-security at all?
>
> No. At this time, the javascript clients really just support basic
> soap/http services.
>
> Dan
>
Note: Looking at the documentation we found the page
http://cxf.apache.org/docs/javascript-client-limitations.html mentioning
"""
No Authentication
Hypothetically, the XMLHttpRequest object in the browsers supports
authentication. The utilities do not expose this support.
"""
We thought (actually hoped) that the documentation was referring to
Webserver http/https authentication and not to the ws-security. Or it is
both?. In my opinion the documentation should explicitly mention
ws-security in the limitations of the javascript client.
If you think it is worthy I could file a documentation bug with a
suggested wording...
Question:
What is the scope of the work for this feature? How hard is to be done?
Is it blocked by other parts of cxf? From where one should start?
org/apache/cxf/javascript? Are there implications in other parts of cxf?
Again If you think it is proper I could file a bug for the missing
functionality.
Thanks again
--
__________________________________
Vassilis Virvilis Ph.D.
Head of IT
Biovista Inc.
US Offices
2421 Ivy Road
Charlottesville, VA 22903
USA
T: +1.434.971.1141
F: +1.434.971.1144
European Offices
34 Rodopoleos Street
Ellinikon, Athens 16777
GREECE
T: +30.210.9629848
F: +30.210.9647606
www.biovista.com
Biovista is a privately held biotechnology company that finds novel uses
for existing drugs, and profiles their side effects using their
mechanism of action. Biovista develops its own pipeline of drugs in CNS,
oncology, auto-immune and rare diseases. Biovista is collaborating with
biopharmaceutical companies on indication expansion and de-risking of
their portfolios and with the FDA on adverse event prediction.
Re: ws-security and javascript
Posted by Daniel Kulp <dk...@apache.org>.
On Wednesday, August 01, 2012 12:10:45 PM Vassilis Virvilis wrote:
> Hello everybody,
>
> We are evaluating the use of CXF directly in the browser and we have the
> following problem.
>
> Some of our services are WS-security enabled. For these services we
> cannot get the http://server/service?js auto-generated script to produce
> any proxies to our services. For the non WS-security enabled everything
> works.
>
> We looked all over the web but we didn't find a way to configure the
> WSS4JOutInterceptor for the javascript client. Is this a known
> limitation? Is it possible to use javascript and WS-security at all?
No. At this time, the javascript clients really just support basic
soap/http services.
Dan
> We
> are currently using 2.3.3 but we are considering upgrading if that would
> help.
>
> Thanks in advance
--
Daniel Kulp
dkulp@apache.org - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com