You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Rudy Meyer <rm...@morpheustechgroup.com> on 2012/08/21 21:11:10 UTC
How to obtain the Username Token username and password in the
endpoint.
Hello,
I am using CXF 2.6.1. I have a case where I need the username/password
passed in the security header for further processing in my service endpoint
and I am not sure how to accomplish this. I have this annotation on my
service:
@org.apache.cxf.interceptor.InInterceptors (interceptors =
{"com.base.WSSecurityInterceptor" })
In that interceptor.handleMessage() I have this code:
Map<String, Object> inProps = new HashMap<String, Object>();
inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
inProps.put(WSHandlerConstants.PW_CALLBACK_REF, new PasswordHandler());
WSS4JInInterceptor wss4jInHandler = new WSS4JInInterceptor(inProps);
ValidateUserTokenInterceptor userTokenInterceptor = new
ValidateUserTokenInterceptor(Phase.POST_PROTOCOL);
message.getInterceptorChain().add(wss4jInHandler);
message.getInterceptorChain().add(new SAAJInInterceptor());
message.getInterceptorChain().add(userTokenInterceptor);
I do not want the PasswordHandler() to set a password and I do not want the
built-in UsernameTokenValidator to validate the password. I have read
Colm's blog
http://coheigea.blogspot.com/2011/06/custom-token-validation-in-apache-cxf.html
Custom token validation in Apache CXF 2.4 but I don't understand where
these settings go and how to implement this. What I need is access to the
username and password passed in the message within my serviceimpl method.
I could use help to get through this learning curve.
Thank you.
--
View this message in context: http://cxf.547215.n5.nabble.com/How-to-obtain-the-Username-Token-username-and-password-in-the-endpoint-tp5712917.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: How to obtain the Username Token username and password in the
endpoint.
Posted by Rudy Meyer <rm...@morpheustechgroup.com>.
Hi Ted,
Thank you for sharing your code. I was able to implement what I needed by
following your example. I really appreciate the help and the fact you are
willing to share what you have done.
- Rudy
--
View this message in context: http://cxf.547215.n5.nabble.com/How-to-obtain-the-Username-Token-username-and-password-in-the-endpoint-tp5712917p5713005.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: How to obtain the Username Token username and password in the endpoint.
Posted by Ted <r6...@gmail.com>.
yes, the project is open source and is on sourceforge
http://sourceforge.net/scm/?type=git&group_id=233908
if you download the myoscar_server2 repository that's where I do it,
you'd be able to find the complete configuration as well as the entire
source code there.
The class of interest would be MyOscarUsernameTokenValidator.java, and
the configuration would be spring_ws_endpoints.xml
On 8/22/12, rpaketi <rp...@yahoo.com> wrote:
> Ted,
>
> Can you provide you code base and configuration files?
>
> I would like to validate my code and see where the problem is.
>
> Thanks,
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/How-to-obtain-the-Username-Token-username-and-password-in-the-endpoint-tp5712917p5712929.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
--
Ted.
Re: How to obtain the Username Token username and password in the
endpoint.
Posted by rpaketi <rp...@yahoo.com>.
Ted,
Can you provide you code base and configuration files?
I would like to validate my code and see where the problem is.
Thanks,
--
View this message in context: http://cxf.547215.n5.nabble.com/How-to-obtain-the-Username-Token-username-and-password-in-the-endpoint-tp5712917p5712929.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: How to obtain the Username Token username and password in the endpoint.
Posted by Ted <r6...@gmail.com>.
I do this by writing my own UsernameTokenValidator, in my
verifyPlaintextPassword(), after I verify things, I just set the
details into a ThreadLocal variable, then everything else has access
to the user/password or what ever you want.
After subclassing UsernameTokenValidator all I did was register it
with the cxf:bus, i.e. in spring :
<cxf:bus>
<cxf:properties>
<entry key="ws-security.ut.validator" value="MyUsernameTokenValidator" />
</cxf:properties>
...
On 8/22/12, Glen Mazza <gm...@talend.com> wrote:
> There's another CXF user currently working towards using a custom
> validator to get the password
> (http://cxf.547215.n5.nabble.com/Urgent-Blank-password-received-on-server-side-password-callback-tp5712743p5712749.html)--you
>
> may need to do that to disable the UsernameTokenValidator.
>
> CXF has a "context.get(Header.HEADER_LIST)" --
> http://cxf.apache.org/faq.html#FAQ-HowcanIaddsoapheaderstotherequest%2Fresponse%3F
>
> -- to be able to obtain SOAP headers from within your SEI methods but it
> does not appear commonly used (googling it doesn't turn up much),
> reading/manipulating SOAP headers via interceptors
> (http://www.jroller.com/gmazza/entry/jaxwshandlers_to_cxfinterceptors),
> JAX-WS Handlers or the JAX-WS Provider interface is probably more common.
>
> HTH,
> Glen
>
> On 08/21/2012 03:11 PM, Rudy Meyer wrote:
>> Hello,
>>
>> I am using CXF 2.6.1. I have a case where I need the username/password
>> passed in the security header for further processing in my service
>> endpoint
>> and I am not sure how to accomplish this. I have this annotation on my
>> service:
>> @org.apache.cxf.interceptor.InInterceptors (interceptors =
>> {"com.base.WSSecurityInterceptor" })
>>
>> In that interceptor.handleMessage() I have this code:
>>
>> Map<String, Object> inProps = new HashMap<String, Object>();
>> inProps.put(WSHandlerConstants.ACTION,
>> WSHandlerConstants.USERNAME_TOKEN);
>> inProps.put(WSHandlerConstants.PW_CALLBACK_REF, new PasswordHandler());
>>
>> WSS4JInInterceptor wss4jInHandler = new WSS4JInInterceptor(inProps);
>> ValidateUserTokenInterceptor userTokenInterceptor = new
>> ValidateUserTokenInterceptor(Phase.POST_PROTOCOL);
>>
>> message.getInterceptorChain().add(wss4jInHandler);
>> message.getInterceptorChain().add(new SAAJInInterceptor());
>> message.getInterceptorChain().add(userTokenInterceptor);
>>
>> I do not want the PasswordHandler() to set a password and I do not want
>> the
>> built-in UsernameTokenValidator to validate the password. I have read
>> Colm's blog
>> http://coheigea.blogspot.com/2011/06/custom-token-validation-in-apache-cxf.html
>> Custom token validation in Apache CXF 2.4 but I don't understand where
>> these settings go and how to implement this. What I need is access to
>> the
>> username and password passed in the message within my serviceimpl method.
>>
>> I could use help to get through this learning curve.
>>
>> Thank you.
>>
>>
>>
>> --
>> View this message in context:
>> http://cxf.547215.n5.nabble.com/How-to-obtain-the-Username-Token-username-and-password-in-the-endpoint-tp5712917.html
>> Sent from the cxf-user mailing list archive at Nabble.com.
>
>
--
Ted.
Re: How to obtain the Username Token username and password in the
endpoint.
Posted by Glen Mazza <gm...@talend.com>.
There's another CXF user currently working towards using a custom
validator to get the password
(http://cxf.547215.n5.nabble.com/Urgent-Blank-password-received-on-server-side-password-callback-tp5712743p5712749.html)--you
may need to do that to disable the UsernameTokenValidator.
CXF has a "context.get(Header.HEADER_LIST)" --
http://cxf.apache.org/faq.html#FAQ-HowcanIaddsoapheaderstotherequest%2Fresponse%3F
-- to be able to obtain SOAP headers from within your SEI methods but it
does not appear commonly used (googling it doesn't turn up much),
reading/manipulating SOAP headers via interceptors
(http://www.jroller.com/gmazza/entry/jaxwshandlers_to_cxfinterceptors),
JAX-WS Handlers or the JAX-WS Provider interface is probably more common.
HTH,
Glen
On 08/21/2012 03:11 PM, Rudy Meyer wrote:
> Hello,
>
> I am using CXF 2.6.1. I have a case where I need the username/password
> passed in the security header for further processing in my service endpoint
> and I am not sure how to accomplish this. I have this annotation on my
> service:
> @org.apache.cxf.interceptor.InInterceptors (interceptors =
> {"com.base.WSSecurityInterceptor" })
>
> In that interceptor.handleMessage() I have this code:
>
> Map<String, Object> inProps = new HashMap<String, Object>();
> inProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
> inProps.put(WSHandlerConstants.PW_CALLBACK_REF, new PasswordHandler());
>
> WSS4JInInterceptor wss4jInHandler = new WSS4JInInterceptor(inProps);
> ValidateUserTokenInterceptor userTokenInterceptor = new
> ValidateUserTokenInterceptor(Phase.POST_PROTOCOL);
>
> message.getInterceptorChain().add(wss4jInHandler);
> message.getInterceptorChain().add(new SAAJInInterceptor());
> message.getInterceptorChain().add(userTokenInterceptor);
>
> I do not want the PasswordHandler() to set a password and I do not want the
> built-in UsernameTokenValidator to validate the password. I have read
> Colm's blog
> http://coheigea.blogspot.com/2011/06/custom-token-validation-in-apache-cxf.html
> Custom token validation in Apache CXF 2.4 but I don't understand where
> these settings go and how to implement this. What I need is access to the
> username and password passed in the message within my serviceimpl method.
>
> I could use help to get through this learning curve.
>
> Thank you.
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/How-to-obtain-the-Username-Token-username-and-password-in-the-endpoint-tp5712917.html
> Sent from the cxf-user mailing list archive at Nabble.com.