You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@camel.apache.org by dm...@gmx.de on 2012/08/26 18:28:36 UTC
Camel-Spring-Security with CXF Web Service does not receive
Authentication header
Hello again,
as before: I'm using Camel 2.10.0 (Java 1.6), and I'm having two issues with the Camel-Spring-Security component.
The first one should be an easy one. It seems like the following dependency is missing when adding camel-spring-security to the pom:
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>3.1.0.RELEASE</version>
</dependency>
Without this dependency, server startup shows the error message java.lang.ClassNotFoundException: org.springframework.security.web.FilterChainProxy
My second issue is a little bit more complicated. I'm using a web service as entry point into my route:
@WebService
public interface MyService {
String getInformation(String id);
}
The route is configured with Spring Security (policy ref elements). Now take a simple JUnit test and add the subject:
Subject subject = new Subject();
subject.getPrincipals().add(new UsernamePasswordAuthenticationToken("test", "test"));
Processor processor = new Processor() {
@Override
public void process(Exchange exchange) throws Exception {
exchange.getIn().setHeader(Exchange.AUTHENTICATION, subject);
This does not work, checking for the CamelAuthentication header in the route shows that this value is null. However, it is not null when I'm e.g. using a direct: route instead of the web service as entry point. With direct, spring security checks are working fine. But not with a CXF endpoint. What's wrong here?
Thanks. Dominik
Re: Camel-Spring-Security with CXF Web Service does not receive
Authentication header
Posted by Willem jiang <wi...@gmail.com>.
On Monday, August 27, 2012 at 12:28 AM, dms79@gmx.de wrote:
> Hello again,
>
> as before: I'm using Camel 2.10.0 (Java 1.6), and I'm having two issues with the Camel-Spring-Security component.
>
> The first one should be an easy one. It seems like the following dependency is missing when adding camel-spring-security to the pom:
>
> <dependency>
> <groupId>org.springframework.security</groupId>
> <artifactId>spring-security-web</artifactId>
> <version>3.1.0.RELEASE</version>
> </dependency>
>
> Without this dependency, server startup shows the error message java.lang.ClassNotFoundException: org.springframework.security.web.FilterChainProxy (http://web.FilterChainProxy)
Thanks for reporting this, but camel-spring-security don't have the dependency on the spring web, and we can use it without help of spring web, so we don't need to add the dependency on the pom.
When you use it with spring web, you need to add the dependency on your application pom.
>
> My second issue is a little bit more complicated. I'm using a web service as entry point into my route:
>
> @WebService
> public interface MyService {
> String getInformation(String id);
> }
>
> The route is configured with Spring Security (policy ref elements). Now take a simple JUnit test and add the subject:
>
> Subject subject = new Subject();
> subject.getPrincipals().add(new UsernamePasswordAuthenticationToken("test", "test"));
> Processor processor = new Processor() {
> @Override
> public void process(Exchange exchange) throws Exception {
> exchange.getIn().setHeader(Exchange.AUTHENTICATION, subject);
>
> This does not work, checking for the CamelAuthentication header in the route shows that this value is null. However, it is not null when I'm e.g. using a direct: route instead of the web service as entry point. With direct, spring security checks are working fine. But not with a CXF endpoint. What's wrong here?
Current CXF doesn't send the Exchange properties across the endpoint,you need to build up the subject with help of WS-Security, and direct endpoint just copy exchange across the endpoint.
>
> Thanks. Dominik
--
Willem Jiang
FuseSource
Web: http://www.fusesource.com (http://www.fusesource.com/)
Blog: http://willemjiang.blogspot.com (http://willemjiang.blogspot.com/) (English)
http://jnn.javaeye.com (http://jnn.javaeye.com/) (Chinese)
Twitter: willemjiang
Weibo: willemjiang