You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by hbetts3 <hb...@gmail.com> on 2013/08/16 17:46:09 UTC
altering inbound headers
I have a service secured using usernameToken that is expecting a message that
looks like this :
<soapenv:Envelope xmlns:ivr="http://test/schema"
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-1">
<wsse:Username>username</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<ivr:Method1>
<parameter1>1234</parameter1>
<parameter2>1234567890123456</parameter2>
</ivr:Method1>
</soapenv:Body>
</soapenv:Envelope>
We have a 3d party that cannot generate a client message that uses WSSec.
(don't ask why)
They want to send a message that looks like this:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ivr="http://testurl.com/webserviceurl">
<soapenv:Header>
<ivr:Authentication>
<ivr:userid>username</ivr:userid>
<ivr:password>password:password>
</ivr:Authentication>
</soapenv:Header>
<soapenv:Body>
<ivr:Method1>
<ivr:parameter1>1111111</ivr:parameter1>
<ivr:parameter2>1234</ivr:parameter2r>
</ivr:Method1>
</soapenv:Body>
</soapenv:Envelope>
I am thinking that an Interceptor would get the information out of the
Authentication header I just don't know how to get the information into the
security header.
I've also looked at the transformation feature at
http://cxf.apache.org/docs/transformationfeature.html , but without some
sample before and after code I just can't seem to get my head around it.
Is there some help out there for me?
Thanks,
Hendry
--
View this message in context: http://cxf.547215.n5.nabble.com/altering-inbound-headers-tp5732579.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: altering inbound headers
Posted by Colm O hEigeartaigh <co...@apache.org>.
You could try writing an interceptor that runs before the security
processing, that extracts the Username and password from the inbound
request + removes the header, and then constructs a Security Header and
adds it to the request. I don't know if you'll run into problems by adding
headers to a received request or not as I've never tried it.
You can use the WSS4J API to construct a security header with a
UsernameToken, see for example:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/test/java/org/apache/ws/security/message/UsernameTokenTest.java?view=markup
Colm.
On Fri, Aug 16, 2013 at 4:46 PM, hbetts3 <hb...@gmail.com> wrote:
> I have a service secured using usernameToken that is expecting a message
> that
> looks like this :
> <soapenv:Envelope xmlns:ivr="http://test/schema"
> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
> <soapenv:Header>
> <wsse:Security
> xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> "
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> ">
> <wsse:UsernameToken wsu:Id="UsernameToken-1">
> <wsse:Username>username</wsse:Username>
> <wsse:Password
> Type="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText
> ">password</wsse:Password>
> </wsse:UsernameToken>
> </wsse:Security>
> </soapenv:Header>
> <soapenv:Body>
> <ivr:Method1>
> <parameter1>1234</parameter1>
> <parameter2>1234567890123456</parameter2>
> </ivr:Method1>
> </soapenv:Body>
> </soapenv:Envelope>
>
> We have a 3d party that cannot generate a client message that uses WSSec.
> (don't ask why)
>
> They want to send a message that looks like this:
>
>
> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/
> "
> xmlns:ivr="http://testurl.com/webserviceurl">
> <soapenv:Header>
> <ivr:Authentication>
> <ivr:userid>username</ivr:userid>
> <ivr:password>password:password>
> </ivr:Authentication>
> </soapenv:Header>
> <soapenv:Body>
> <ivr:Method1>
> <ivr:parameter1>1111111</ivr:parameter1>
> <ivr:parameter2>1234</ivr:parameter2r>
> </ivr:Method1>
> </soapenv:Body>
> </soapenv:Envelope>
>
> I am thinking that an Interceptor would get the information out of the
> Authentication header I just don't know how to get the information into the
> security header.
>
> I've also looked at the transformation feature at
> http://cxf.apache.org/docs/transformationfeature.html , but without some
> sample before and after code I just can't seem to get my head around it.
>
> Is there some help out there for me?
>
> Thanks,
> Hendry
>
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/altering-inbound-headers-tp5732579.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: altering inbound headers
Posted by hbetts3 <hb...@gmail.com>.
Aki,
The XSLT transformation a great and least intrusive working solution. The
only caveat to this is that you must be in CXF 2.7 (since the XSLT is not
available in 2.6). Following the guidelines at
http://cxf.apache.org/docs/xslt-feature.html and using an XSL that looks
like this:
<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ivr="http://domain.tld/schema/Value">
<xsl:output method="xml" indent="yes" omit-xml-declaration="yes"/>
<xsl:template match="@*|node()">
<xsl:copy>
<xsl:apply-templates select="@*|node()"/>
</xsl:copy>
</xsl:template>
<xsl:template match="/soapenv:Envelope/soapenv:Header/ivr:Authentication">
<wsse:Security xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
">
<wsse:UsernameToken wsu:Id="UsernameToken-1">
<wsse:Username><xsl:value-of
select="ivr:userid"/></wsse:Username>
<wsse:Password Type="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"><xsl:value-of
select="ivr:password"/></wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</xsl:template>
</xsl:stylesheet>
we are able to successfully make the transformation and process the message.
On Mon, Aug 19, 2013 at 6:54 AM, Aki Yoshida-3 [via CXF] <
ml-node+s547215n5732650h49@n5.nabble.com> wrote:
> regarding the use of the transform feature, you can almost get the
> desired output using the stax-based transform feature, which you
> referred.
> I say almost, because you can get the elements structure corrected
> generated as in your desired output but there is no way to add the
> Type attribute to the Password element as in your ws-ut message.
>
> The current stax-based transform's attribute handling only covers
> deletion and transformation but no addition.
>
> If you want to use transformation, what you can consider is to use the
> xslt-based transformation of cxf. I think this will work for your
> case.
> Please refer to this document
> http://cxf.apache.org/docs/xslt-feature.html
>
> regards, aki
>
> 2013/8/16 hbetts3 <[hidden email]<http://user/SendEmail.jtp?type=node&node=5732650&i=0>>:
>
>
> > I have a service secured using usernameToken that is expecting a message
> that
> > looks like this :
> > <soapenv:Envelope xmlns:ivr="http://test/schema"
> > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
> > <soapenv:Header>
> > <wsse:Security
> > xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>
> > xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
>
> > <wsse:UsernameToken wsu:Id="UsernameToken-1">
> > <wsse:Username>username</wsse:Username>
> > <wsse:Password
> > Type="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
>
> > </wsse:UsernameToken>
> > </wsse:Security>
> > </soapenv:Header>
> > <soapenv:Body>
> > <ivr:Method1>
> > <parameter1>1234</parameter1>
> > <parameter2>1234567890123456</parameter2>
> > </ivr:Method1>
> > </soapenv:Body>
> > </soapenv:Envelope>
> >
> > We have a 3d party that cannot generate a client message that uses
> WSSec.
> > (don't ask why)
> >
> > They want to send a message that looks like this:
> >
> >
> > <soapenv:Envelope xmlns:soapenv="
> http://schemas.xmlsoap.org/soap/envelope/"
> > xmlns:ivr="http://testurl.com/webserviceurl">
> > <soapenv:Header>
> > <ivr:Authentication>
> > <ivr:userid>username</ivr:userid>
> > <ivr:password>password:password>
> > </ivr:Authentication>
> > </soapenv:Header>
> > <soapenv:Body>
> > <ivr:Method1>
> > <ivr:parameter1>1111111</ivr:parameter1>
> > <ivr:parameter2>1234</ivr:parameter2r>
> > </ivr:Method1>
> > </soapenv:Body>
> > </soapenv:Envelope>
> >
> > I am thinking that an Interceptor would get the information out of the
> > Authentication header I just don't know how to get the information into
> the
> > security header.
> >
> > I've also looked at the transformation feature at
> > http://cxf.apache.org/docs/transformationfeature.html , but without
> some
> > sample before and after code I just can't seem to get my head around it.
> >
> > Is there some help out there for me?
> >
> > Thanks,
> > Hendry
> >
> >
> >
> >
> > --
> > View this message in context:
> http://cxf.547215.n5.nabble.com/altering-inbound-headers-tp5732579.html
> > Sent from the cxf-user mailing list archive at Nabble.com.
>
>
> ------------------------------
> If you reply to this email, your message will be added to the discussion
> below:
>
> http://cxf.547215.n5.nabble.com/altering-inbound-headers-tp5732579p5732650.html
> To unsubscribe from altering inbound headers, click here<http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=5732579&code=aGJldHRzM0BnbWFpbC5jb218NTczMjU3OXwtMTEzMzcwMjcyMA==>
> .
> NAML<http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>
--
View this message in context: http://cxf.547215.n5.nabble.com/altering-inbound-headers-tp5732579p5732771.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: altering inbound headers
Posted by Aki Yoshida <el...@gmail.com>.
regarding the use of the transform feature, you can almost get the
desired output using the stax-based transform feature, which you
referred.
I say almost, because you can get the elements structure corrected
generated as in your desired output but there is no way to add the
Type attribute to the Password element as in your ws-ut message.
The current stax-based transform's attribute handling only covers
deletion and transformation but no addition.
If you want to use transformation, what you can consider is to use the
xslt-based transformation of cxf. I think this will work for your
case.
Please refer to this document
http://cxf.apache.org/docs/xslt-feature.html
regards, aki
2013/8/16 hbetts3 <hb...@gmail.com>:
> I have a service secured using usernameToken that is expecting a message that
> looks like this :
> <soapenv:Envelope xmlns:ivr="http://test/schema"
> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
> <soapenv:Header>
> <wsse:Security
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
> <wsse:UsernameToken wsu:Id="UsernameToken-1">
> <wsse:Username>username</wsse:Username>
> <wsse:Password
> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
> </wsse:UsernameToken>
> </wsse:Security>
> </soapenv:Header>
> <soapenv:Body>
> <ivr:Method1>
> <parameter1>1234</parameter1>
> <parameter2>1234567890123456</parameter2>
> </ivr:Method1>
> </soapenv:Body>
> </soapenv:Envelope>
>
> We have a 3d party that cannot generate a client message that uses WSSec.
> (don't ask why)
>
> They want to send a message that looks like this:
>
>
> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:ivr="http://testurl.com/webserviceurl">
> <soapenv:Header>
> <ivr:Authentication>
> <ivr:userid>username</ivr:userid>
> <ivr:password>password:password>
> </ivr:Authentication>
> </soapenv:Header>
> <soapenv:Body>
> <ivr:Method1>
> <ivr:parameter1>1111111</ivr:parameter1>
> <ivr:parameter2>1234</ivr:parameter2r>
> </ivr:Method1>
> </soapenv:Body>
> </soapenv:Envelope>
>
> I am thinking that an Interceptor would get the information out of the
> Authentication header I just don't know how to get the information into the
> security header.
>
> I've also looked at the transformation feature at
> http://cxf.apache.org/docs/transformationfeature.html , but without some
> sample before and after code I just can't seem to get my head around it.
>
> Is there some help out there for me?
>
> Thanks,
> Hendry
>
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/altering-inbound-headers-tp5732579.html
> Sent from the cxf-user mailing list archive at Nabble.com.