You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Benjamin Coiffe <bc...@inforsense.com> on 2008/02/12 14:12:20 UTC
saml holder of key and CXF
Hi there,
Does anybody have a sample demoing the use of SAML Hok, WSS4J and CXF?
Any help appreciated!
I have a code snippet at the end of this email but it keeps throwing the
same exception:
12-Feb-2008 13:04:40
org.apache.cxf.endpoint.dynamic.DynamicClientFactory outputDebug
INFO: Created classes: com.chemspider.ArrayOfString,
com.chemspider.GetCompoundDetails,
com.chemspider.GetCompoundDetailsResponse, com.chemspider.GetDatabases,
com.chemspider.GetDatabasesResponse, com.chemspider.ObjectFactory,
com.chemspider.SearchByFormula, com.chemspider.SearchByFormula2,
com.chemspider.SearchByFormula2Response,
com.chemspider.SearchByFormulaResponse, com.chemspider.SearchByMass,
com.chemspider.SearchByMass2, com.chemspider.SearchByMass2Response,
com.chemspider.SearchByMassResponse
log4j:WARN No appenders could be found for logger
(org.apache.xml.security.Init).
log4j:WARN Please initialize the log4j system properly.
java.lang.ClassCastException:
com.sun.org.apache.xerces.internal.dom.DocumentImpl
at
com.sun.xml.messaging.saaj.soap.impl.ElementImpl.getOwnerDocument(Elemen
tImpl.java:104)
at
com.sun.org.apache.xerces.internal.dom.ParentNode.internalInsertBefore(P
arentNode.java:388)
at
com.sun.org.apache.xerces.internal.dom.ParentNode.insertBefore(ParentNod
e.java:321)
at
com.sun.org.apache.xerces.internal.dom.NodeImpl.appendChild(NodeImpl.jav
a:275)
at org.opensaml.SAMLSubject.toDOM(Unknown Source)
at org.opensaml.SAMLSubjectStatement.toDOM(Unknown Source)
at org.opensaml.SAMLAuthenticationStatement.toDOM(Unknown Source)
at org.opensaml.SAMLAssertion.toDOM(Unknown Source)
at org.opensaml.SAMLObject.toDOM(Unknown Source)
at org.opensaml.SAMLSignedObject.toDOM(Unknown Source)
at org.opensaml.SAMLObject.toDOM(Unknown Source)
at org.opensaml.SAMLSignedObject.sign(Unknown Source)
at org.opensaml.SAMLSignedObject.sign(Unknown Source)
at
org.apache.ws.security.saml.SAMLIssuerImpl.newAssertion(SAMLIssuerImpl.j
ava:193)
at
org.apache.ws.security.action.SAMLTokenSignedAction.execute(SAMLTokenSig
nedAction.java:55)
at
org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:1
92)
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.handleMessage(WSS4J
OutInterceptor.java:169)
at
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.handleMessage(WSS4J
OutInterceptor.java:43)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC
hain.java:208)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:276)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:222)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:180)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:200)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:186)
at Test.testSAMLSignedHoK(Test.java:103)
at Test.main(Test.java:129)
public static void testSAMLSignedHoK(){
CXFBusFactory busFactory = new CXFBusFactory();
DynamicClientFactory f =
DynamicClientFactory.newInstance(busFactory.createBus());
Client client =
f.createClient("http://www.chemspider.com/massspecapi.asmx?WSDL");
client.getOutInterceptors().add(new
org.apache.cxf.interceptor.LoggingOutInterceptor());
client.getInInterceptors().add(new
org.apache.cxf.interceptor.LoggingInInterceptor());
Map<String, Object> configuration = new
HashMap<String,Object>();
configuration.put(WSHandlerConstants.SAML_PROP_FILE,"saml2.properties");
configuration.put(WSHandlerConstants.ACTION,WSHandlerConstants.SAML_TOKE
N_SIGNED );
configuration.put(WSHandlerConstants.SIG_PROP_REF_ID,
"C:/eclipse3.2.1/workspace/Kensington.SILVER/plugins/webservicestudio/te
st/security/certs/clientKS.jks");
configuration.put(WSHandlerConstants.PW_CALLBACK_REF, new
CallbackHandler(){
public void handle(Callback[] callbacks) throws
IOException,
UnsupportedCallbackException {
WSPasswordCallback pc = (WSPasswordCallback)
callbacks[0];
pc.setPassword("change_on_install");
}});
//configuration.put(WSHandlerConstants.SIG_KEY_ID,
"DirectReference");
Properties properties = new Properties();
properties.put("org.apache.ws.security.crypto.provider","org.apache.ws.s
ecurity.components.crypto.Merlin");
properties.put("org.apache.ws.security.crypto.merlin.keystore.type","JKS
");
properties.put("org.apache.ws.security.crypto.merlin.keystore.password",
"password");
properties.put("org.apache.ws.security.crypto.merlin.file","C:/eclipse3.
2.1/workspace/Kensington.SILVER/plugins/webservicestudio/test/security/c
erts/clientKS.jks");
configuration.put("C:/eclipse3.2.1/workspace/Kensington.SILVER/plugins/w
ebservicestudio/test/security/certs/clientKS.jks", properties);
configuration.put(WSHandlerConstants.USER, "admin");
client.getOutInterceptors().add(new
WSS4JOutInterceptor(configuration));
client.getOutInterceptors().add(new SAAJOutInterceptor());
try {
Object o = client.invoke("GetDatabases", new
Object[0]);
System.out.println(o);
} catch (Exception e) {
e.printStackTrace();
}
}
Benjamin Coiffe
Re: saml holder of key and CXF
Posted by Fred Dushin <fr...@dushin.net>.
I'm pretty sure WSS4J does not support processing of SAML
SubjectConfirmation methods, but I'd be happy to be corrected on this.
The ultimate arbiter would be in:
http://svn.apache.org/repos/asf/webservices/wss4j/trunk/src/org/apache/ws/security/processor/SAMLTokenProcessor.java
but this class appears to be nothing more than a DOM -> OpenSAML
parser. You're better off (IMO) implementing this functionality in an
interceptor, and using JAX-B generated types. The SAML schema
compiles OOTB in CXF, BTW.
There is some client-side (well, sending-side) processing, wherein a
SAML Assertion can be generated using the holder-of-key confirmation
method:
http://svn.apache.org/repos/asf/webservices/wss4j/trunk/src/org/apache/ws/security/action/SAMLTokenSignedAction.java
but this may have limited applicability to your scenario.
-Fred
On Feb 12, 2008, at 8:12 AM, Benjamin Coiffe wrote:
> Hi there,
>
>
>
> Does anybody have a sample demoing the use of SAML Hok, WSS4J and CXF?
>
> Any help appreciated!
>
> I have a code snippet at the end of this email but it keeps throwing
> the
> same exception:
>
>
>
> 12-Feb-2008 13:04:40
> org.apache.cxf.endpoint.dynamic.DynamicClientFactory outputDebug
>
> INFO: Created classes: com.chemspider.ArrayOfString,
> com.chemspider.GetCompoundDetails,
> com.chemspider.GetCompoundDetailsResponse,
> com.chemspider.GetDatabases,
> com.chemspider.GetDatabasesResponse, com.chemspider.ObjectFactory,
> com.chemspider.SearchByFormula, com.chemspider.SearchByFormula2,
> com.chemspider.SearchByFormula2Response,
> com.chemspider.SearchByFormulaResponse, com.chemspider.SearchByMass,
> com.chemspider.SearchByMass2, com.chemspider.SearchByMass2Response,
> com.chemspider.SearchByMassResponse
>
> log4j:WARN No appenders could be found for logger
> (org.apache.xml.security.Init).
>
> log4j:WARN Please initialize the log4j system properly.
>
> java.lang.ClassCastException:
> com.sun.org.apache.xerces.internal.dom.DocumentImpl
>
> at
> com
> .sun.xml.messaging.saaj.soap.impl.ElementImpl.getOwnerDocument(Elemen
> tImpl.java:104)
>
> at
> com
> .sun.org.apache.xerces.internal.dom.ParentNode.internalInsertBefore(P
> arentNode.java:388)
>
> at
> com
> .sun.org.apache.xerces.internal.dom.ParentNode.insertBefore(ParentNod
> e.java:321)
>
> at
> com
> .sun.org.apache.xerces.internal.dom.NodeImpl.appendChild(NodeImpl.jav
> a:275)
>
> at org.opensaml.SAMLSubject.toDOM(Unknown Source)
>
> at org.opensaml.SAMLSubjectStatement.toDOM(Unknown Source)
>
> at org.opensaml.SAMLAuthenticationStatement.toDOM(Unknown Source)
>
> at org.opensaml.SAMLAssertion.toDOM(Unknown Source)
>
> at org.opensaml.SAMLObject.toDOM(Unknown Source)
>
> at org.opensaml.SAMLSignedObject.toDOM(Unknown Source)
>
> at org.opensaml.SAMLObject.toDOM(Unknown Source)
>
> at org.opensaml.SAMLSignedObject.sign(Unknown Source)
>
> at org.opensaml.SAMLSignedObject.sign(Unknown Source)
>
> at
> org
> .apache.ws.security.saml.SAMLIssuerImpl.newAssertion(SAMLIssuerImpl.j
> ava:193)
>
> at
> org
> .apache.ws.security.action.SAMLTokenSignedAction.execute(SAMLTokenSig
> nedAction.java:55)
>
> at
> org
> .apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:1
> 92)
>
> at
> org
> .apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.handleMessage(WSS4J
> OutInterceptor.java:169)
>
> at
> org
> .apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.handleMessage(WSS4J
> OutInterceptor.java:43)
>
> at
> org
> .apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC
> hain.java:208)
>
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:276)
>
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:222)
>
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:180)
>
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:200)
>
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:186)
>
> at Test.testSAMLSignedHoK(Test.java:103)
>
> at Test.main(Test.java:129)
>
>
>
> public static void testSAMLSignedHoK(){
>
> CXFBusFactory busFactory = new CXFBusFactory();
>
> DynamicClientFactory f =
> DynamicClientFactory.newInstance(busFactory.createBus());
>
> Client client =
> f.createClient("http://www.chemspider.com/massspecapi.asmx?WSDL");
>
> client.getOutInterceptors().add(new
> org.apache.cxf.interceptor.LoggingOutInterceptor());
>
> client.getInInterceptors().add(new
> org.apache.cxf.interceptor.LoggingInInterceptor());
>
> Map<String, Object> configuration = new
> HashMap<String,Object>();
>
>
>
>
>
>
> configuration
> .put(WSHandlerConstants.SAML_PROP_FILE,"saml2.properties");
>
>
> configuration
> .put(WSHandlerConstants.ACTION,WSHandlerConstants.SAML_TOKE
> N_SIGNED );
>
>
>
>
>
> configuration.put(WSHandlerConstants.SIG_PROP_REF_ID,
> "C:/eclipse3.2.1/workspace/Kensington.SILVER/plugins/
> webservicestudio/te
> st/security/certs/clientKS.jks");
>
> configuration.put(WSHandlerConstants.PW_CALLBACK_REF, new
> CallbackHandler(){
>
>
>
> public void handle(Callback[] callbacks) throws
> IOException,
>
> UnsupportedCallbackException {
>
> WSPasswordCallback pc = (WSPasswordCallback)
> callbacks[0];
>
> pc.setPassword("change_on_install");
>
>
>
> }});
>
> //configuration.put(WSHandlerConstants.SIG_KEY_ID,
> "DirectReference");
>
> Properties properties = new Properties();
>
>
> properties
> .put("org.apache.ws.security.crypto.provider","org.apache.ws.s
> ecurity.components.crypto.Merlin");
>
>
> properties
> .put("org.apache.ws.security.crypto.merlin.keystore.type","JKS
> ");
>
>
> properties
> .put("org.apache.ws.security.crypto.merlin.keystore.password",
> "password");
>
>
> properties.put("org.apache.ws.security.crypto.merlin.file","C:/
> eclipse3.
> 2.1/workspace/Kensington.SILVER/plugins/webservicestudio/test/
> security/c
> erts/clientKS.jks");
>
>
> configuration.put("C:/eclipse3.2.1/workspace/Kensington.SILVER/
> plugins/w
> ebservicestudio/test/security/certs/clientKS.jks", properties);
>
> configuration.put(WSHandlerConstants.USER, "admin");
>
>
>
> client.getOutInterceptors().add(new
> WSS4JOutInterceptor(configuration));
>
> client.getOutInterceptors().add(new SAAJOutInterceptor());
>
> try {
>
> Object o = client.invoke("GetDatabases", new
> Object[0]);
>
> System.out.println(o);
>
> } catch (Exception e) {
>
> e.printStackTrace();
>
> }
>
> }
>
>
>
>
>
> Benjamin Coiffe
>
>
>