You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by dmadunic <do...@gmail.com> on 2007/08/30 03:09:45 UTC
WSS4JInInterceptor configuration
Hi all,
anoyne knows how can i configure multiple actions for WSS4JIn and Out
Interceptors?
For example signanin and UsernameToken
So far i have follwing lines in my applicationContext.xml:
<jaxws:endpoint id="helloWorld" implementor="demo.spring.HelloWorldImpl"
address="/HelloWorld" >
<jaxws:inInterceptors>
<bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"/>
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
<property name="properties">
<map>
<entry key="action" value="UsernameToken"/>
<entry key="passwordType" value="PasswordDigest"/>
<entry key="passwordCallbackClass"
value="demo.interceptors.AuthenticationCallbackHandler"/>
</map>
</property>
</bean>
<bean class="demo.interceptors.SecurityTokenAnalyser"/>
</jaxws:inInterceptors>
And i would also like to add signing action to WSS4JInInterceptor, any
suggestion how to doit?
thx
--
View this message in context: http://www.nabble.com/WSS4JInInterceptor-configuration-tf4351388.html#a12398844
Sent from the cxf-user mailing list archive at Nabble.com.
Re: WSS4JInInterceptor configuration
Posted by Fred Dushin <fr...@dushin.net>.
Have you tried chaining 2 WSS4J out interceptors? You should be able
to "augment" an existing WS-Security header, that way. (WSS4J will
let you do this, at any rate).
-Fred
On Aug 30, 2007, at 8:41 AM, dmadunic wrote:
> The problem is because it seems to me that i need to configure to
> users -
> one for UsernameToken and another to be used as alias for Signing
> and also
> two PasswordCallback classes?
> Any sugestions how to do it?
RE: WSS4JInInterceptor configuration
Posted by "O hEigeartaigh, Colm" <Co...@iona.com>.
Hi,
This doesn't seem to be possible using the WS-Handler architecture in
WSS4J as it presently stands, although it should be easy enough to fix.
I suggest you raise an enhancement request with WSS4J.
Colm.
-----Original Message-----
From: dmadunic [mailto:domagoj.madunic@gmail.com]
Sent: 30 August 2007 14:54
To: cxf-user@incubator.apache.org
Subject: RE: WSS4JInInterceptor configuration
Colm thx,
this solves problem of PasswordCallback - but what about users?
How do i specify 2 users, one for Signature and another for
UsernameToken
action?
This can happen in scenario where SOAP client is signing all of the
requests, but information sent in UsernameToken should belong to the
user
who logged in in application that is using this SOAP client to send
requests
to some service on ESB.
O hEigeartaigh, Colm wrote:
>
>
> Hi,
>
>> The problem is because it seems to me that i need to configure to
> users -
>> one for UsernameToken and another to be used as alias for Signing and
> also
>> two PasswordCallback classes?
>
> You could use a single PasswordCallback class, and retrieve the
> appropriate password by examining the getUsage() method of the
> WSPasswordCallback object. This will return
> WSPasswordCallback.USERNAME_TOKEN for the UsernameToken case, or
> WSPasswordCallback.SIGNATURE for signature, etc.
>
> Colm.
>
>
> -----Original Message-----
> From: dmadunic [mailto:domagoj.madunic@gmail.com]
> Sent: 30 August 2007 13:41
> To: cxf-user@incubator.apache.org
> Subject: Re: WSS4JInInterceptor configuration
>
>
> Thx a lot,
> so far i have managed to successfully configure both Signature and
> UsernameToken action, both combined with timestamp.
> Following are my beans:
>
> 1) UsernameToken Timestamp combination:
> <bean id="wss4jOutConfiguration"
> class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
> <property name="properties">
> <map>
> <entry key="action" value="UsernameToken
> Timestamp"/>
> <entry key="user" value="joe"/>
> <entry key="passwordType"
> value="PasswordDigest"/>
> <entry key="passwordCallbackClass"
> value="demo.interceptors.client.UsernamePasswordCallback"/>
> </map>
> </property>
> </bean>
>
> 2) Signature timestamp combination:
> <bean id="wss4jOutConfiguration"
> class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
> <property name="properties">
> <map>
> <entry key="action" value="Timestamp
> Signature"/>
> <entry key="signaturePropFile"
> value="client_sign.properties"/>
> <entry key="user" value="ws-client"/>
> <entry key="passwordCallbackClass"
> value="demo.interceptors.client.SignaturePasswordCallback"/>
> </map>
> </property>
> </bean>
>
> What bothers me now is how to produce combination both to have:
>
> <bean id="wss4jOutConfiguration"
> class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
> <property name="properties">
> <map>
> <entry key="action" value="UsernameToken
> Timestamp Signature"/>
> ...
> </map>
> </property>
> </bean>
>
> The problem is because it seems to me that i need to configure to
users
> -
> one for UsernameToken and another to be used as alias for Signing and
> also
> two PasswordCallback classes?
> Any sugestions how to do it?
>
> thx
>
>
> Fred Dushin-3 wrote:
>>
>> See yesterday's post to this forum on this subject for an example of
>> multiple actions:
>>
>> http://tinyurl.com/253phq
>>
>> For signing, you need to add the Signature action, along with a
>> specification of the key material you need. See the CXF WS-Security
>> system test for an example, e.g.,
>>
>> http://tinyurl.com/2qv3ks
>>
>> On Aug 29, 2007, at 9:09 PM, dmadunic wrote:
>>
>>>
>>> Hi all,
>>> anoyne knows how can i configure multiple actions for WSS4JIn and
Out
>>> Interceptors?
>>> For example signanin and UsernameToken
>>> So far i have follwing lines in my applicationContext.xml:
>>>
>>> <jaxws:endpoint id="helloWorld"
>>> implementor="demo.spring.HelloWorldImpl"
>>> address="/HelloWorld" >
>>> <jaxws:inInterceptors>
>>> <bean
> class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"/>
>>> <bean
> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
>>> <property name="properties">
>>> <map>
>>> <entry key="action"
> value="UsernameToken"/>
>>> <entry key="passwordType"
> value="PasswordDigest"/>
>>> <entry
> key="passwordCallbackClass"
>>> value="demo.interceptors.AuthenticationCallbackHandler"/>
>>> </map>
>>> </property>
>>> </bean>
>>> <bean class="demo.interceptors.SecurityTokenAnalyser"/>
>>> </jaxws:inInterceptors>
>>>
>>> And i would also like to add signing action to WSS4JInInterceptor,
> any
>>> suggestion how to doit?
>>>
>>> thx
>>> --
>>> View this message in context: http://www.nabble.com/
>>> WSS4JInInterceptor-configuration-tf4351388.html#a12398844
>>> Sent from the cxf-user mailing list archive at Nabble.com.
>>>
>>>
>>
>>
>>
>
> --
> View this message in context:
>
http://www.nabble.com/WSS4JInInterceptor-configuration-tf4351388.html#a1
> 2406437
> Sent from the cxf-user mailing list archive at Nabble.com.
>
> ----------------------------
> IONA Technologies PLC (registered in Ireland)
> Registered Number: 171387
> Registered Address: The IONA Building, Shelbourne Road, Dublin 4,
Ireland
>
>
--
View this message in context:
http://www.nabble.com/WSS4JInInterceptor-configuration-tf4351388.html#a1
2407603
Sent from the cxf-user mailing list archive at Nabble.com.
----------------------------
IONA Technologies PLC (registered in Ireland)
Registered Number: 171387
Registered Address: The IONA Building, Shelbourne Road, Dublin 4, Ireland
RE: WSS4JInInterceptor configuration
Posted by dmadunic <do...@gmail.com>.
Colm thx,
this solves problem of PasswordCallback - but what about users?
How do i specify 2 users, one for Signature and another for UsernameToken
action?
This can happen in scenario where SOAP client is signing all of the
requests, but information sent in UsernameToken should belong to the user
who logged in in application that is using this SOAP client to send requests
to some service on ESB.
O hEigeartaigh, Colm wrote:
>
>
> Hi,
>
>> The problem is because it seems to me that i need to configure to
> users -
>> one for UsernameToken and another to be used as alias for Signing and
> also
>> two PasswordCallback classes?
>
> You could use a single PasswordCallback class, and retrieve the
> appropriate password by examining the getUsage() method of the
> WSPasswordCallback object. This will return
> WSPasswordCallback.USERNAME_TOKEN for the UsernameToken case, or
> WSPasswordCallback.SIGNATURE for signature, etc.
>
> Colm.
>
>
> -----Original Message-----
> From: dmadunic [mailto:domagoj.madunic@gmail.com]
> Sent: 30 August 2007 13:41
> To: cxf-user@incubator.apache.org
> Subject: Re: WSS4JInInterceptor configuration
>
>
> Thx a lot,
> so far i have managed to successfully configure both Signature and
> UsernameToken action, both combined with timestamp.
> Following are my beans:
>
> 1) UsernameToken Timestamp combination:
> <bean id="wss4jOutConfiguration"
> class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
> <property name="properties">
> <map>
> <entry key="action" value="UsernameToken
> Timestamp"/>
> <entry key="user" value="joe"/>
> <entry key="passwordType"
> value="PasswordDigest"/>
> <entry key="passwordCallbackClass"
> value="demo.interceptors.client.UsernamePasswordCallback"/>
> </map>
> </property>
> </bean>
>
> 2) Signature timestamp combination:
> <bean id="wss4jOutConfiguration"
> class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
> <property name="properties">
> <map>
> <entry key="action" value="Timestamp
> Signature"/>
> <entry key="signaturePropFile"
> value="client_sign.properties"/>
> <entry key="user" value="ws-client"/>
> <entry key="passwordCallbackClass"
> value="demo.interceptors.client.SignaturePasswordCallback"/>
> </map>
> </property>
> </bean>
>
> What bothers me now is how to produce combination both to have:
>
> <bean id="wss4jOutConfiguration"
> class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
> <property name="properties">
> <map>
> <entry key="action" value="UsernameToken
> Timestamp Signature"/>
> ...
> </map>
> </property>
> </bean>
>
> The problem is because it seems to me that i need to configure to users
> -
> one for UsernameToken and another to be used as alias for Signing and
> also
> two PasswordCallback classes?
> Any sugestions how to do it?
>
> thx
>
>
> Fred Dushin-3 wrote:
>>
>> See yesterday's post to this forum on this subject for an example of
>> multiple actions:
>>
>> http://tinyurl.com/253phq
>>
>> For signing, you need to add the Signature action, along with a
>> specification of the key material you need. See the CXF WS-Security
>> system test for an example, e.g.,
>>
>> http://tinyurl.com/2qv3ks
>>
>> On Aug 29, 2007, at 9:09 PM, dmadunic wrote:
>>
>>>
>>> Hi all,
>>> anoyne knows how can i configure multiple actions for WSS4JIn and Out
>>> Interceptors?
>>> For example signanin and UsernameToken
>>> So far i have follwing lines in my applicationContext.xml:
>>>
>>> <jaxws:endpoint id="helloWorld"
>>> implementor="demo.spring.HelloWorldImpl"
>>> address="/HelloWorld" >
>>> <jaxws:inInterceptors>
>>> <bean
> class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"/>
>>> <bean
> class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
>>> <property name="properties">
>>> <map>
>>> <entry key="action"
> value="UsernameToken"/>
>>> <entry key="passwordType"
> value="PasswordDigest"/>
>>> <entry
> key="passwordCallbackClass"
>>> value="demo.interceptors.AuthenticationCallbackHandler"/>
>>> </map>
>>> </property>
>>> </bean>
>>> <bean class="demo.interceptors.SecurityTokenAnalyser"/>
>>> </jaxws:inInterceptors>
>>>
>>> And i would also like to add signing action to WSS4JInInterceptor,
> any
>>> suggestion how to doit?
>>>
>>> thx
>>> --
>>> View this message in context: http://www.nabble.com/
>>> WSS4JInInterceptor-configuration-tf4351388.html#a12398844
>>> Sent from the cxf-user mailing list archive at Nabble.com.
>>>
>>>
>>
>>
>>
>
> --
> View this message in context:
> http://www.nabble.com/WSS4JInInterceptor-configuration-tf4351388.html#a1
> 2406437
> Sent from the cxf-user mailing list archive at Nabble.com.
>
> ----------------------------
> IONA Technologies PLC (registered in Ireland)
> Registered Number: 171387
> Registered Address: The IONA Building, Shelbourne Road, Dublin 4, Ireland
>
>
--
View this message in context: http://www.nabble.com/WSS4JInInterceptor-configuration-tf4351388.html#a12407603
Sent from the cxf-user mailing list archive at Nabble.com.
RE: WSS4JInInterceptor configuration
Posted by "O hEigeartaigh, Colm" <Co...@iona.com>.
Hi,
> The problem is because it seems to me that i need to configure to
users -
> one for UsernameToken and another to be used as alias for Signing and
also
> two PasswordCallback classes?
You could use a single PasswordCallback class, and retrieve the
appropriate password by examining the getUsage() method of the
WSPasswordCallback object. This will return
WSPasswordCallback.USERNAME_TOKEN for the UsernameToken case, or
WSPasswordCallback.SIGNATURE for signature, etc.
Colm.
-----Original Message-----
From: dmadunic [mailto:domagoj.madunic@gmail.com]
Sent: 30 August 2007 13:41
To: cxf-user@incubator.apache.org
Subject: Re: WSS4JInInterceptor configuration
Thx a lot,
so far i have managed to successfully configure both Signature and
UsernameToken action, both combined with timestamp.
Following are my beans:
1) UsernameToken Timestamp combination:
<bean id="wss4jOutConfiguration"
class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<property name="properties">
<map>
<entry key="action" value="UsernameToken
Timestamp"/>
<entry key="user" value="joe"/>
<entry key="passwordType"
value="PasswordDigest"/>
<entry key="passwordCallbackClass"
value="demo.interceptors.client.UsernamePasswordCallback"/>
</map>
</property>
</bean>
2) Signature timestamp combination:
<bean id="wss4jOutConfiguration"
class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<property name="properties">
<map>
<entry key="action" value="Timestamp
Signature"/>
<entry key="signaturePropFile"
value="client_sign.properties"/>
<entry key="user" value="ws-client"/>
<entry key="passwordCallbackClass"
value="demo.interceptors.client.SignaturePasswordCallback"/>
</map>
</property>
</bean>
What bothers me now is how to produce combination both to have:
<bean id="wss4jOutConfiguration"
class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<property name="properties">
<map>
<entry key="action" value="UsernameToken
Timestamp Signature"/>
...
</map>
</property>
</bean>
The problem is because it seems to me that i need to configure to users
-
one for UsernameToken and another to be used as alias for Signing and
also
two PasswordCallback classes?
Any sugestions how to do it?
thx
Fred Dushin-3 wrote:
>
> See yesterday's post to this forum on this subject for an example of
> multiple actions:
>
> http://tinyurl.com/253phq
>
> For signing, you need to add the Signature action, along with a
> specification of the key material you need. See the CXF WS-Security
> system test for an example, e.g.,
>
> http://tinyurl.com/2qv3ks
>
> On Aug 29, 2007, at 9:09 PM, dmadunic wrote:
>
>>
>> Hi all,
>> anoyne knows how can i configure multiple actions for WSS4JIn and Out
>> Interceptors?
>> For example signanin and UsernameToken
>> So far i have follwing lines in my applicationContext.xml:
>>
>> <jaxws:endpoint id="helloWorld"
>> implementor="demo.spring.HelloWorldImpl"
>> address="/HelloWorld" >
>> <jaxws:inInterceptors>
>> <bean
class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"/>
>> <bean
class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
>> <property name="properties">
>> <map>
>> <entry key="action"
value="UsernameToken"/>
>> <entry key="passwordType"
value="PasswordDigest"/>
>> <entry
key="passwordCallbackClass"
>> value="demo.interceptors.AuthenticationCallbackHandler"/>
>> </map>
>> </property>
>> </bean>
>> <bean class="demo.interceptors.SecurityTokenAnalyser"/>
>> </jaxws:inInterceptors>
>>
>> And i would also like to add signing action to WSS4JInInterceptor,
any
>> suggestion how to doit?
>>
>> thx
>> --
>> View this message in context: http://www.nabble.com/
>> WSS4JInInterceptor-configuration-tf4351388.html#a12398844
>> Sent from the cxf-user mailing list archive at Nabble.com.
>>
>>
>
>
>
--
View this message in context:
http://www.nabble.com/WSS4JInInterceptor-configuration-tf4351388.html#a1
2406437
Sent from the cxf-user mailing list archive at Nabble.com.
----------------------------
IONA Technologies PLC (registered in Ireland)
Registered Number: 171387
Registered Address: The IONA Building, Shelbourne Road, Dublin 4, Ireland
Re: WSS4JInInterceptor configuration
Posted by dmadunic <do...@gmail.com>.
Thx a lot,
so far i have managed to successfully configure both Signature and
UsernameToken action, both combined with timestamp.
Following are my beans:
1) UsernameToken Timestamp combination:
<bean id="wss4jOutConfiguration"
class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<property name="properties">
<map>
<entry key="action" value="UsernameToken Timestamp"/>
<entry key="user" value="joe"/>
<entry key="passwordType" value="PasswordDigest"/>
<entry key="passwordCallbackClass"
value="demo.interceptors.client.UsernamePasswordCallback"/>
</map>
</property>
</bean>
2) Signature timestamp combination:
<bean id="wss4jOutConfiguration"
class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<property name="properties">
<map>
<entry key="action" value="Timestamp Signature"/>
<entry key="signaturePropFile" value="client_sign.properties"/>
<entry key="user" value="ws-client"/>
<entry key="passwordCallbackClass"
value="demo.interceptors.client.SignaturePasswordCallback"/>
</map>
</property>
</bean>
What bothers me now is how to produce combination both to have:
<bean id="wss4jOutConfiguration"
class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<property name="properties">
<map>
<entry key="action" value="UsernameToken Timestamp Signature"/>
...
</map>
</property>
</bean>
The problem is because it seems to me that i need to configure to users -
one for UsernameToken and another to be used as alias for Signing and also
two PasswordCallback classes?
Any sugestions how to do it?
thx
Fred Dushin-3 wrote:
>
> See yesterday's post to this forum on this subject for an example of
> multiple actions:
>
> http://tinyurl.com/253phq
>
> For signing, you need to add the Signature action, along with a
> specification of the key material you need. See the CXF WS-Security
> system test for an example, e.g.,
>
> http://tinyurl.com/2qv3ks
>
> On Aug 29, 2007, at 9:09 PM, dmadunic wrote:
>
>>
>> Hi all,
>> anoyne knows how can i configure multiple actions for WSS4JIn and Out
>> Interceptors?
>> For example signanin and UsernameToken
>> So far i have follwing lines in my applicationContext.xml:
>>
>> <jaxws:endpoint id="helloWorld"
>> implementor="demo.spring.HelloWorldImpl"
>> address="/HelloWorld" >
>> <jaxws:inInterceptors>
>> <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"/>
>> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
>> <property name="properties">
>> <map>
>> <entry key="action" value="UsernameToken"/>
>> <entry key="passwordType" value="PasswordDigest"/>
>> <entry key="passwordCallbackClass"
>> value="demo.interceptors.AuthenticationCallbackHandler"/>
>> </map>
>> </property>
>> </bean>
>> <bean class="demo.interceptors.SecurityTokenAnalyser"/>
>> </jaxws:inInterceptors>
>>
>> And i would also like to add signing action to WSS4JInInterceptor, any
>> suggestion how to doit?
>>
>> thx
>> --
>> View this message in context: http://www.nabble.com/
>> WSS4JInInterceptor-configuration-tf4351388.html#a12398844
>> Sent from the cxf-user mailing list archive at Nabble.com.
>>
>>
>
>
>
--
View this message in context: http://www.nabble.com/WSS4JInInterceptor-configuration-tf4351388.html#a12406437
Sent from the cxf-user mailing list archive at Nabble.com.
Re: WSS4JInInterceptor configuration
Posted by Fred Dushin <fr...@dushin.net>.
See yesterday's post to this forum on this subject for an example of
multiple actions:
http://tinyurl.com/253phq
For signing, you need to add the Signature action, along with a
specification of the key material you need. See the CXF WS-Security
system test for an example, e.g.,
http://tinyurl.com/2qv3ks
On Aug 29, 2007, at 9:09 PM, dmadunic wrote:
>
> Hi all,
> anoyne knows how can i configure multiple actions for WSS4JIn and Out
> Interceptors?
> For example signanin and UsernameToken
> So far i have follwing lines in my applicationContext.xml:
>
> <jaxws:endpoint id="helloWorld"
> implementor="demo.spring.HelloWorldImpl"
> address="/HelloWorld" >
> <jaxws:inInterceptors>
> <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"/>
> <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
> <property name="properties">
> <map>
> <entry key="action" value="UsernameToken"/>
> <entry key="passwordType" value="PasswordDigest"/>
> <entry key="passwordCallbackClass"
> value="demo.interceptors.AuthenticationCallbackHandler"/>
> </map>
> </property>
> </bean>
> <bean class="demo.interceptors.SecurityTokenAnalyser"/>
> </jaxws:inInterceptors>
>
> And i would also like to add signing action to WSS4JInInterceptor, any
> suggestion how to doit?
>
> thx
> --
> View this message in context: http://www.nabble.com/
> WSS4JInInterceptor-configuration-tf4351388.html#a12398844
> Sent from the cxf-user mailing list archive at Nabble.com.
>
>