You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@servicemix.apache.org by timm01 <ti...@mail.ru> on 2009/02/12 11:15:11 UTC
How to use ws-security credentials in cxf endpoint
Hello All.
I need to pass security credentials between endpoints (cxf webservices),
deployed on servicemix.
First service assembly contains cxfbc:consumer and cxfse:endpoint. While the
second one has another cxfse:endpoint. First endpoint calls second one using
cxfse:proxy.
In cxfbc:consumer I'm using ws-security to recieve credentials the latter is
implemented with WSS4JInInterceptor.
Does anyone have any idea of how to use security credentials at the
endpoints? If it's done via copying the data from one message to another,
what is the proper way to implement that? Otherwise is there a way to have
it done automatically?
Here is my configuration:
<cxfbc:consumer wsdl="classpath:ITSM/WSDL/SupportTicket-v1.wsdl"
targetService="service:SupportTicketService_v1_0"
targetInterface="service:SupportTicket_v1_0">
<cxfbc:inInterceptors>
<bean class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
<ref bean="wss4jIn_request"/>
<ref bean="saajIn_request"/>
</cxfbc:inInterceptors>
</cxfbc:consumer>
<cxfse:endpoint service="service:SupportTicketService_v1_0">
<cxfse:pojo>
<bean class="com.....supportticketservice_v1.SupportTicketImpl">
<property name="ticketRouter">
<cxfse:proxy service="rt:RTAdapterService_v1_0"
context="#context"
type="com.....wsdl.rtadapterservice_v1.RTAdapterV10"/>
</property>
</bean>
</cxfse:pojo>
</cxfse:endpoint>
and second enpoint in another assembly:
<cxfse:endpoint service="service:RTAdapterService_v1_0">
<cxfse:pojo>
<bean class="com.....rtadapterservice_v1.RTAdapterImpl">
<property name="rtAdapterService" ref="rtAdapterService"/>
</bean>
</cxfse:pojo>
</cxfse:endpoint>
Thanks in advance for your replies.
--
View this message in context: http://www.nabble.com/How-to-use-ws-security-credentials-in-cxf-endpoint-tp21973209p21973209.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
Re: How to use ws-security credentials in cxf endpoint
Posted by timm01 <ti...@mail.ru>.
Hello Freeman,
You said:
>> And there is another question.
>> Actually I have to propagate securitySubject through cxf proxy. I've
>> added
>> out JBIMessage interceptor to proxy as follows:
>> ( (JaxWsClientProxy)
>> Proxy.getInvocationHandler(serviceProxy)).getClient().getOutInterceptors().add(new
>> MyOutInterceptor())
>>
>> but I can't get NormalizedMessage in handleMessage() method of
>> intereceptor.
>> JBIMessage.getJbiExchange() returns null.
>> In logs I saw that component creates MessageExchange (and
>> NormalizedMessage)
>> after interceptors invocation.
>> So the question is how to add property to outgoing NormalizedMessage?
>> Where
>> can I add property to cxf Message, that will be copied to noramalized
>> message?
>>
>>
>You should also add your interceptor for your cxf se endpoint
>inInterceptors to extract the securitySubject and save to somewhere
>first and then used later on ...
But I don't want to extract the securitySubject. I have it in first SESU.
And I want to save it in outgoing message from one SE SU to another SE SU
via proxy. And as I said I can't get NormalizedMessage in outInterceptor of
proxy, because MessageExcenge is null.
How can I pass securitySubject (or any property) to second SESU via proxy?
Freeman Fang wrote:
>
> timm01 wrote:
>> Thanks for reply Freeman.
>>
>> I've tried to implement you solution, but didn't understood, where to add
>> this interceptor in configuration. cxf:bc element has inInterceptors and
>> outInterceptors, and if I'm not mistaken both of them intercepts messages
>> between webservice client and BC. InInterceptor intercepts request from
>> client to BC, and OutInterceptor intercepts response to client. Where to
>> add
>> the interceptor, that handles outgoing message from BC to SE?
>>
> You should add to inInterceptors, which will add securitySubject to
> NormalizedMessage before send it from cxf bc to cxf se
>> And there is another question.
>> Actually I have to propagate securitySubject through cxf proxy. I've
>> added
>> out JBIMessage interceptor to proxy as follows:
>> ( (JaxWsClientProxy)
>> Proxy.getInvocationHandler(serviceProxy)).getClient().getOutInterceptors().add(new
>> MyOutInterceptor())
>>
>> but I can't get NormalizedMessage in handleMessage() method of
>> intereceptor.
>> JBIMessage.getJbiExchange() returns null.
>> In logs I saw that component creates MessageExchange (and
>> NormalizedMessage)
>> after interceptors invocation.
>> So the question is how to add property to outgoing NormalizedMessage?
>> Where
>> can I add property to cxf Message, that will be copied to noramalized
>> message?
>>
>>
> You should also add your interceptor for your cxf se endpoint
> inInterceptors to extract the securitySubject and save to somewhere
> first and then used later on ...
>> Thanks in advance, sorry for bad english ))
>>
>>
>>
>> Freeman Fang wrote:
>>
>>> Hi,
>>> One solution could be write your own interceptors to save subject on cxf
>>> bc and extract it from cxf se
>>> something like
>>> public class SaveSubjectInterceptor extends AbstractPhaseInterceptor {
>>>
>>> public ClassloaderCampareInterceptor() {
>>> super(Phase.PRE_INVOKE);
>>> }
>>>
>>> public void handleMessage(Message message) throws Fault {
>>> NormalizedMessage nm =
>>> message.getContent(NormalizedMessage.class);
>>> Subject securitySubject = message.get(Subject.class);
>>> nm.setProperty("securitySubject", securitySubject);
>>> }
>>>
>>> }
>>>
>>> and add this interceptor for your cxf bc consumer endpoint
>>> configuration.
>>> Similar write your own interceptor to extract the securitySubject for
>>> your cxf se and use it later...
>>> Freeman
>>>
>>>
>>> timm01 wrote:
>>>
>>>> Thanks for your post Ashwin.
>>>> You wrote, that
>>>>
>>>>
>>>>> header security header pretty much useless for further propagation.
>>>>>
>>>>>
>>>> But in our scenario we have to authenticate request it backend system.
>>>> In
>>>> our case CXF SE SU should send request to backend web-service, and it
>>>> needs
>>>> securitySubject to render auth headers to request.
>>>>
>>>> How do you recommend to implement securitySubject propagation in our
>>>> situation?
>>>>
>>>>
>>>>
>>>> Ashwin Karpe wrote:
>>>>
>>>>
>>>>> Hi,
>>>>>
>>>>> The WS-Security credentials are not passed to the CXF-SE by the
>>>>> CXF_BC.
>>>>>
>>>>> The reason for this is that the WS-Security credentials once verified
>>>>> by
>>>>> the interceptor for authenticity and authority in the CXF-BC render
>>>>> the
>>>>> header security header pretty much useless for further propagation.
>>>>>
>>>>> In any case the CXF-SE does not have any listeners set up and is just
>>>>> a
>>>>> POJO linked by a channel to the NMR by the CXF_SE component in
>>>>> servicemix-cxf-se-xxxx-fuse-installer.zip.
>>>>>
>>>>> Also, the payload propagated between the CXF-BC and CXF-SE is a JBI
>>>>> Message with the SOAP Body sent as a JBI Part.
>>>>>
>>>>> The WS-Security example (cxf-ws-security) in the FUSE download version
>>>>> 3.x
>>>>> is a good working demo that you could check out for further details.
>>>>>
>>>>> Hope this helps.
>>>>>
>>>>> Cheers,
>>>>>
>>>>> Ashwin...
>>>>>
>>>>>
>>>>> timm01 wrote:
>>>>>
>>>>>
>>>>>> thanks for your reply Freeman.
>>>>>>
>>>>>> In cxf-ws-security example cxf bc extract the credentials and
>>>>>> authentificates it in JAAS, but it isn't pass it to cxf se.
>>>>>> Am I right?
>>>>>> After having added LoggingInInterceptor in cxf se, I have figured out
>>>>>> that incoming message doesn't have security header.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Freeman Fang wrote:
>>>>>>
>>>>>>
>>>>>>> Hi,
>>>>>>> You needn't copy the credential data from one message to another
>>>>>>> IMO,
>>>>>>> cxf bc extract the credentials data by ws-security and then delegate
>>>>>>> the
>>>>>>> AA to JAAS service inside Servicemix.
>>>>>>> You may need take a look at cxf-ws-security example shipped with
>>>>>>> FUSE
>>>>>>> ESB (which is based on Apache ServiceMix).
>>>>>>> You can download the FUSE ESB from [1]
>>>>>>> [1]http://fusesource.com/
>>>>>>> Freeman
>>>>>>> timm01 wrote:
>>>>>>>
>>>>>>>
>>>>>>>> Hello All.
>>>>>>>>
>>>>>>>> I need to pass security credentials between endpoints (cxf
>>>>>>>> webservices),
>>>>>>>> deployed on servicemix.
>>>>>>>>
>>>>>>>> First service assembly contains cxfbc:consumer and cxfse:endpoint.
>>>>>>>> While the
>>>>>>>> second one has another cxfse:endpoint. First endpoint calls second
>>>>>>>> one
>>>>>>>> using
>>>>>>>> cxfse:proxy.
>>>>>>>>
>>>>>>>> In cxfbc:consumer I'm using ws-security to recieve credentials the
>>>>>>>> latter is
>>>>>>>> implemented with WSS4JInInterceptor.
>>>>>>>>
>>>>>>>> Does anyone have any idea of how to use security credentials at the
>>>>>>>> endpoints? If it's done via copying the data from one message to
>>>>>>>> another,
>>>>>>>> what is the proper way to implement that? Otherwise is there a way
>>>>>>>> to
>>>>>>>> have
>>>>>>>> it done automatically?
>>>>>>>>
>>>>>>>> Here is my configuration:
>>>>>>>> <cxfbc:consumer
>>>>>>>> wsdl="classpath:ITSM/WSDL/SupportTicket-v1.wsdl"
>>>>>>>>
>>>>>>>> targetService="service:SupportTicketService_v1_0"
>>>>>>>> targetInterface="service:SupportTicket_v1_0">
>>>>>>>> <cxfbc:inInterceptors>
>>>>>>>> <bean
>>>>>>>> class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
>>>>>>>> <ref bean="wss4jIn_request"/>
>>>>>>>> <ref bean="saajIn_request"/>
>>>>>>>> </cxfbc:inInterceptors>
>>>>>>>> </cxfbc:consumer>
>>>>>>>>
>>>>>>>> <cxfse:endpoint service="service:SupportTicketService_v1_0">
>>>>>>>> <cxfse:pojo>
>>>>>>>> <bean
>>>>>>>> class="com.....supportticketservice_v1.SupportTicketImpl">
>>>>>>>> <property name="ticketRouter">
>>>>>>>> <cxfse:proxy service="rt:RTAdapterService_v1_0"
>>>>>>>> context="#context"
>>>>>>>>
>>>>>>>> type="com.....wsdl.rtadapterservice_v1.RTAdapterV10"/>
>>>>>>>> </property>
>>>>>>>> </bean>
>>>>>>>> </cxfse:pojo>
>>>>>>>> </cxfse:endpoint>
>>>>>>>>
>>>>>>>> and second enpoint in another assembly:
>>>>>>>>
>>>>>>>> <cxfse:endpoint service="service:RTAdapterService_v1_0">
>>>>>>>> <cxfse:pojo>
>>>>>>>> <bean
>>>>>>>> class="com.....rtadapterservice_v1.RTAdapterImpl">
>>>>>>>> <property name="rtAdapterService"
>>>>>>>> ref="rtAdapterService"/>
>>>>>>>> </bean>
>>>>>>>> </cxfse:pojo>
>>>>>>>> </cxfse:endpoint>
>>>>>>>>
>>>>>>>>
>>>>>>>> Thanks in advance for your replies.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>> --
>>> Freeman Fang
>>> ------------------------
>>> Open Source SOA: http://fusesource.com
>>>
>>>
>>>
>>>
>>
>>
>
>
> --
> Freeman Fang
> ------------------------
> Open Source SOA: http://fusesource.com
>
>
>
--
View this message in context: http://www.nabble.com/How-to-use-ws-security-credentials-in-cxf-endpoint-tp21973209p23555248.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
Re: How to use ws-security credentials in cxf endpoint
Posted by Freeman Fang <fr...@gmail.com>.
timm01 wrote:
> Thanks for reply Freeman.
>
> I've tried to implement you solution, but didn't understood, where to add
> this interceptor in configuration. cxf:bc element has inInterceptors and
> outInterceptors, and if I'm not mistaken both of them intercepts messages
> between webservice client and BC. InInterceptor intercepts request from
> client to BC, and OutInterceptor intercepts response to client. Where to add
> the interceptor, that handles outgoing message from BC to SE?
>
You should add to inInterceptors, which will add securitySubject to
NormalizedMessage before send it from cxf bc to cxf se
> And there is another question.
> Actually I have to propagate securitySubject through cxf proxy. I've added
> out JBIMessage interceptor to proxy as follows:
> ( (JaxWsClientProxy)
> Proxy.getInvocationHandler(serviceProxy)).getClient().getOutInterceptors().add(new
> MyOutInterceptor())
>
> but I can't get NormalizedMessage in handleMessage() method of intereceptor.
> JBIMessage.getJbiExchange() returns null.
> In logs I saw that component creates MessageExchange (and NormalizedMessage)
> after interceptors invocation.
> So the question is how to add property to outgoing NormalizedMessage? Where
> can I add property to cxf Message, that will be copied to noramalized
> message?
>
>
You should also add your interceptor for your cxf se endpoint
inInterceptors to extract the securitySubject and save to somewhere
first and then used later on ...
> Thanks in advance, sorry for bad english ))
>
>
>
> Freeman Fang wrote:
>
>> Hi,
>> One solution could be write your own interceptors to save subject on cxf
>> bc and extract it from cxf se
>> something like
>> public class SaveSubjectInterceptor extends AbstractPhaseInterceptor {
>>
>> public ClassloaderCampareInterceptor() {
>> super(Phase.PRE_INVOKE);
>> }
>>
>> public void handleMessage(Message message) throws Fault {
>> NormalizedMessage nm =
>> message.getContent(NormalizedMessage.class);
>> Subject securitySubject = message.get(Subject.class);
>> nm.setProperty("securitySubject", securitySubject);
>> }
>>
>> }
>>
>> and add this interceptor for your cxf bc consumer endpoint configuration.
>> Similar write your own interceptor to extract the securitySubject for
>> your cxf se and use it later...
>> Freeman
>>
>>
>> timm01 wrote:
>>
>>> Thanks for your post Ashwin.
>>> You wrote, that
>>>
>>>
>>>> header security header pretty much useless for further propagation.
>>>>
>>>>
>>> But in our scenario we have to authenticate request it backend system. In
>>> our case CXF SE SU should send request to backend web-service, and it
>>> needs
>>> securitySubject to render auth headers to request.
>>>
>>> How do you recommend to implement securitySubject propagation in our
>>> situation?
>>>
>>>
>>>
>>> Ashwin Karpe wrote:
>>>
>>>
>>>> Hi,
>>>>
>>>> The WS-Security credentials are not passed to the CXF-SE by the CXF_BC.
>>>>
>>>> The reason for this is that the WS-Security credentials once verified by
>>>> the interceptor for authenticity and authority in the CXF-BC render the
>>>> header security header pretty much useless for further propagation.
>>>>
>>>> In any case the CXF-SE does not have any listeners set up and is just a
>>>> POJO linked by a channel to the NMR by the CXF_SE component in
>>>> servicemix-cxf-se-xxxx-fuse-installer.zip.
>>>>
>>>> Also, the payload propagated between the CXF-BC and CXF-SE is a JBI
>>>> Message with the SOAP Body sent as a JBI Part.
>>>>
>>>> The WS-Security example (cxf-ws-security) in the FUSE download version
>>>> 3.x
>>>> is a good working demo that you could check out for further details.
>>>>
>>>> Hope this helps.
>>>>
>>>> Cheers,
>>>>
>>>> Ashwin...
>>>>
>>>>
>>>> timm01 wrote:
>>>>
>>>>
>>>>> thanks for your reply Freeman.
>>>>>
>>>>> In cxf-ws-security example cxf bc extract the credentials and
>>>>> authentificates it in JAAS, but it isn't pass it to cxf se.
>>>>> Am I right?
>>>>> After having added LoggingInInterceptor in cxf se, I have figured out
>>>>> that incoming message doesn't have security header.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Freeman Fang wrote:
>>>>>
>>>>>
>>>>>> Hi,
>>>>>> You needn't copy the credential data from one message to another IMO,
>>>>>> cxf bc extract the credentials data by ws-security and then delegate
>>>>>> the
>>>>>> AA to JAAS service inside Servicemix.
>>>>>> You may need take a look at cxf-ws-security example shipped with FUSE
>>>>>> ESB (which is based on Apache ServiceMix).
>>>>>> You can download the FUSE ESB from [1]
>>>>>> [1]http://fusesource.com/
>>>>>> Freeman
>>>>>> timm01 wrote:
>>>>>>
>>>>>>
>>>>>>> Hello All.
>>>>>>>
>>>>>>> I need to pass security credentials between endpoints (cxf
>>>>>>> webservices),
>>>>>>> deployed on servicemix.
>>>>>>>
>>>>>>> First service assembly contains cxfbc:consumer and cxfse:endpoint.
>>>>>>> While the
>>>>>>> second one has another cxfse:endpoint. First endpoint calls second
>>>>>>> one
>>>>>>> using
>>>>>>> cxfse:proxy.
>>>>>>>
>>>>>>> In cxfbc:consumer I'm using ws-security to recieve credentials the
>>>>>>> latter is
>>>>>>> implemented with WSS4JInInterceptor.
>>>>>>>
>>>>>>> Does anyone have any idea of how to use security credentials at the
>>>>>>> endpoints? If it's done via copying the data from one message to
>>>>>>> another,
>>>>>>> what is the proper way to implement that? Otherwise is there a way to
>>>>>>> have
>>>>>>> it done automatically?
>>>>>>>
>>>>>>> Here is my configuration:
>>>>>>> <cxfbc:consumer wsdl="classpath:ITSM/WSDL/SupportTicket-v1.wsdl"
>>>>>>> targetService="service:SupportTicketService_v1_0"
>>>>>>> targetInterface="service:SupportTicket_v1_0">
>>>>>>> <cxfbc:inInterceptors>
>>>>>>> <bean
>>>>>>> class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
>>>>>>> <ref bean="wss4jIn_request"/>
>>>>>>> <ref bean="saajIn_request"/>
>>>>>>> </cxfbc:inInterceptors>
>>>>>>> </cxfbc:consumer>
>>>>>>>
>>>>>>> <cxfse:endpoint service="service:SupportTicketService_v1_0">
>>>>>>> <cxfse:pojo>
>>>>>>> <bean
>>>>>>> class="com.....supportticketservice_v1.SupportTicketImpl">
>>>>>>> <property name="ticketRouter">
>>>>>>> <cxfse:proxy service="rt:RTAdapterService_v1_0"
>>>>>>> context="#context"
>>>>>>>
>>>>>>> type="com.....wsdl.rtadapterservice_v1.RTAdapterV10"/>
>>>>>>> </property>
>>>>>>> </bean>
>>>>>>> </cxfse:pojo>
>>>>>>> </cxfse:endpoint>
>>>>>>>
>>>>>>> and second enpoint in another assembly:
>>>>>>>
>>>>>>> <cxfse:endpoint service="service:RTAdapterService_v1_0">
>>>>>>> <cxfse:pojo>
>>>>>>> <bean class="com.....rtadapterservice_v1.RTAdapterImpl">
>>>>>>> <property name="rtAdapterService"
>>>>>>> ref="rtAdapterService"/>
>>>>>>> </bean>
>>>>>>> </cxfse:pojo>
>>>>>>> </cxfse:endpoint>
>>>>>>>
>>>>>>>
>>>>>>> Thanks in advance for your replies.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>> --
>> Freeman Fang
>> ------------------------
>> Open Source SOA: http://fusesource.com
>>
>>
>>
>>
>
>
--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com
Re: How to use ws-security credentials in cxf endpoint
Posted by timm01 <ti...@mail.ru>.
Thanks for reply Freeman.
I've tried to implement you solution, but didn't understood, where to add
this interceptor in configuration. cxf:bc element has inInterceptors and
outInterceptors, and if I'm not mistaken both of them intercepts messages
between webservice client and BC. InInterceptor intercepts request from
client to BC, and OutInterceptor intercepts response to client. Where to add
the interceptor, that handles outgoing message from BC to SE?
And there is another question.
Actually I have to propagate securitySubject through cxf proxy. I've added
out JBIMessage interceptor to proxy as follows:
( (JaxWsClientProxy)
Proxy.getInvocationHandler(serviceProxy)).getClient().getOutInterceptors().add(new
MyOutInterceptor())
but I can't get NormalizedMessage in handleMessage() method of intereceptor.
JBIMessage.getJbiExchange() returns null.
In logs I saw that component creates MessageExchange (and NormalizedMessage)
after interceptors invocation.
So the question is how to add property to outgoing NormalizedMessage? Where
can I add property to cxf Message, that will be copied to noramalized
message?
Thanks in advance, sorry for bad english ))
Freeman Fang wrote:
>
> Hi,
> One solution could be write your own interceptors to save subject on cxf
> bc and extract it from cxf se
> something like
> public class SaveSubjectInterceptor extends AbstractPhaseInterceptor {
>
> public ClassloaderCampareInterceptor() {
> super(Phase.PRE_INVOKE);
> }
>
> public void handleMessage(Message message) throws Fault {
> NormalizedMessage nm =
> message.getContent(NormalizedMessage.class);
> Subject securitySubject = message.get(Subject.class);
> nm.setProperty("securitySubject", securitySubject);
> }
>
> }
>
> and add this interceptor for your cxf bc consumer endpoint configuration.
> Similar write your own interceptor to extract the securitySubject for
> your cxf se and use it later...
> Freeman
>
>
> timm01 wrote:
>> Thanks for your post Ashwin.
>> You wrote, that
>>
>>> header security header pretty much useless for further propagation.
>>>
>> But in our scenario we have to authenticate request it backend system. In
>> our case CXF SE SU should send request to backend web-service, and it
>> needs
>> securitySubject to render auth headers to request.
>>
>> How do you recommend to implement securitySubject propagation in our
>> situation?
>>
>>
>>
>> Ashwin Karpe wrote:
>>
>>> Hi,
>>>
>>> The WS-Security credentials are not passed to the CXF-SE by the CXF_BC.
>>>
>>> The reason for this is that the WS-Security credentials once verified by
>>> the interceptor for authenticity and authority in the CXF-BC render the
>>> header security header pretty much useless for further propagation.
>>>
>>> In any case the CXF-SE does not have any listeners set up and is just a
>>> POJO linked by a channel to the NMR by the CXF_SE component in
>>> servicemix-cxf-se-xxxx-fuse-installer.zip.
>>>
>>> Also, the payload propagated between the CXF-BC and CXF-SE is a JBI
>>> Message with the SOAP Body sent as a JBI Part.
>>>
>>> The WS-Security example (cxf-ws-security) in the FUSE download version
>>> 3.x
>>> is a good working demo that you could check out for further details.
>>>
>>> Hope this helps.
>>>
>>> Cheers,
>>>
>>> Ashwin...
>>>
>>>
>>> timm01 wrote:
>>>
>>>> thanks for your reply Freeman.
>>>>
>>>> In cxf-ws-security example cxf bc extract the credentials and
>>>> authentificates it in JAAS, but it isn't pass it to cxf se.
>>>> Am I right?
>>>> After having added LoggingInInterceptor in cxf se, I have figured out
>>>> that incoming message doesn't have security header.
>>>>
>>>>
>>>>
>>>>
>>>> Freeman Fang wrote:
>>>>
>>>>> Hi,
>>>>> You needn't copy the credential data from one message to another IMO,
>>>>> cxf bc extract the credentials data by ws-security and then delegate
>>>>> the
>>>>> AA to JAAS service inside Servicemix.
>>>>> You may need take a look at cxf-ws-security example shipped with FUSE
>>>>> ESB (which is based on Apache ServiceMix).
>>>>> You can download the FUSE ESB from [1]
>>>>> [1]http://fusesource.com/
>>>>> Freeman
>>>>> timm01 wrote:
>>>>>
>>>>>> Hello All.
>>>>>>
>>>>>> I need to pass security credentials between endpoints (cxf
>>>>>> webservices),
>>>>>> deployed on servicemix.
>>>>>>
>>>>>> First service assembly contains cxfbc:consumer and cxfse:endpoint.
>>>>>> While the
>>>>>> second one has another cxfse:endpoint. First endpoint calls second
>>>>>> one
>>>>>> using
>>>>>> cxfse:proxy.
>>>>>>
>>>>>> In cxfbc:consumer I'm using ws-security to recieve credentials the
>>>>>> latter is
>>>>>> implemented with WSS4JInInterceptor.
>>>>>>
>>>>>> Does anyone have any idea of how to use security credentials at the
>>>>>> endpoints? If it's done via copying the data from one message to
>>>>>> another,
>>>>>> what is the proper way to implement that? Otherwise is there a way to
>>>>>> have
>>>>>> it done automatically?
>>>>>>
>>>>>> Here is my configuration:
>>>>>> <cxfbc:consumer wsdl="classpath:ITSM/WSDL/SupportTicket-v1.wsdl"
>>>>>> targetService="service:SupportTicketService_v1_0"
>>>>>> targetInterface="service:SupportTicket_v1_0">
>>>>>> <cxfbc:inInterceptors>
>>>>>> <bean
>>>>>> class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
>>>>>> <ref bean="wss4jIn_request"/>
>>>>>> <ref bean="saajIn_request"/>
>>>>>> </cxfbc:inInterceptors>
>>>>>> </cxfbc:consumer>
>>>>>>
>>>>>> <cxfse:endpoint service="service:SupportTicketService_v1_0">
>>>>>> <cxfse:pojo>
>>>>>> <bean
>>>>>> class="com.....supportticketservice_v1.SupportTicketImpl">
>>>>>> <property name="ticketRouter">
>>>>>> <cxfse:proxy service="rt:RTAdapterService_v1_0"
>>>>>> context="#context"
>>>>>>
>>>>>> type="com.....wsdl.rtadapterservice_v1.RTAdapterV10"/>
>>>>>> </property>
>>>>>> </bean>
>>>>>> </cxfse:pojo>
>>>>>> </cxfse:endpoint>
>>>>>>
>>>>>> and second enpoint in another assembly:
>>>>>>
>>>>>> <cxfse:endpoint service="service:RTAdapterService_v1_0">
>>>>>> <cxfse:pojo>
>>>>>> <bean class="com.....rtadapterservice_v1.RTAdapterImpl">
>>>>>> <property name="rtAdapterService"
>>>>>> ref="rtAdapterService"/>
>>>>>> </bean>
>>>>>> </cxfse:pojo>
>>>>>> </cxfse:endpoint>
>>>>>>
>>>>>>
>>>>>> Thanks in advance for your replies.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>>
>
>
> --
> Freeman Fang
> ------------------------
> Open Source SOA: http://fusesource.com
>
>
>
--
View this message in context: http://www.nabble.com/How-to-use-ws-security-credentials-in-cxf-endpoint-tp21973209p23538503.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
Re: How to use ws-security credentials in cxf endpoint
Posted by Freeman Fang <fr...@gmail.com>.
Hi,
One solution could be write your own interceptors to save subject on cxf
bc and extract it from cxf se
something like
public class SaveSubjectInterceptor extends AbstractPhaseInterceptor {
public ClassloaderCampareInterceptor() {
super(Phase.PRE_INVOKE);
}
public void handleMessage(Message message) throws Fault {
NormalizedMessage nm = message.getContent(NormalizedMessage.class);
Subject securitySubject = message.get(Subject.class);
nm.setProperty("securitySubject", securitySubject);
}
}
and add this interceptor for your cxf bc consumer endpoint configuration.
Similar write your own interceptor to extract the securitySubject for
your cxf se and use it later...
Freeman
timm01 wrote:
> Thanks for your post Ashwin.
> You wrote, that
>
>> header security header pretty much useless for further propagation.
>>
> But in our scenario we have to authenticate request it backend system. In
> our case CXF SE SU should send request to backend web-service, and it needs
> securitySubject to render auth headers to request.
>
> How do you recommend to implement securitySubject propagation in our
> situation?
>
>
>
> Ashwin Karpe wrote:
>
>> Hi,
>>
>> The WS-Security credentials are not passed to the CXF-SE by the CXF_BC.
>>
>> The reason for this is that the WS-Security credentials once verified by
>> the interceptor for authenticity and authority in the CXF-BC render the
>> header security header pretty much useless for further propagation.
>>
>> In any case the CXF-SE does not have any listeners set up and is just a
>> POJO linked by a channel to the NMR by the CXF_SE component in
>> servicemix-cxf-se-xxxx-fuse-installer.zip.
>>
>> Also, the payload propagated between the CXF-BC and CXF-SE is a JBI
>> Message with the SOAP Body sent as a JBI Part.
>>
>> The WS-Security example (cxf-ws-security) in the FUSE download version 3.x
>> is a good working demo that you could check out for further details.
>>
>> Hope this helps.
>>
>> Cheers,
>>
>> Ashwin...
>>
>>
>> timm01 wrote:
>>
>>> thanks for your reply Freeman.
>>>
>>> In cxf-ws-security example cxf bc extract the credentials and
>>> authentificates it in JAAS, but it isn't pass it to cxf se.
>>> Am I right?
>>> After having added LoggingInInterceptor in cxf se, I have figured out
>>> that incoming message doesn't have security header.
>>>
>>>
>>>
>>>
>>> Freeman Fang wrote:
>>>
>>>> Hi,
>>>> You needn't copy the credential data from one message to another IMO,
>>>> cxf bc extract the credentials data by ws-security and then delegate the
>>>> AA to JAAS service inside Servicemix.
>>>> You may need take a look at cxf-ws-security example shipped with FUSE
>>>> ESB (which is based on Apache ServiceMix).
>>>> You can download the FUSE ESB from [1]
>>>> [1]http://fusesource.com/
>>>> Freeman
>>>> timm01 wrote:
>>>>
>>>>> Hello All.
>>>>>
>>>>> I need to pass security credentials between endpoints (cxf
>>>>> webservices),
>>>>> deployed on servicemix.
>>>>>
>>>>> First service assembly contains cxfbc:consumer and cxfse:endpoint.
>>>>> While the
>>>>> second one has another cxfse:endpoint. First endpoint calls second one
>>>>> using
>>>>> cxfse:proxy.
>>>>>
>>>>> In cxfbc:consumer I'm using ws-security to recieve credentials the
>>>>> latter is
>>>>> implemented with WSS4JInInterceptor.
>>>>>
>>>>> Does anyone have any idea of how to use security credentials at the
>>>>> endpoints? If it's done via copying the data from one message to
>>>>> another,
>>>>> what is the proper way to implement that? Otherwise is there a way to
>>>>> have
>>>>> it done automatically?
>>>>>
>>>>> Here is my configuration:
>>>>> <cxfbc:consumer wsdl="classpath:ITSM/WSDL/SupportTicket-v1.wsdl"
>>>>> targetService="service:SupportTicketService_v1_0"
>>>>> targetInterface="service:SupportTicket_v1_0">
>>>>> <cxfbc:inInterceptors>
>>>>> <bean
>>>>> class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
>>>>> <ref bean="wss4jIn_request"/>
>>>>> <ref bean="saajIn_request"/>
>>>>> </cxfbc:inInterceptors>
>>>>> </cxfbc:consumer>
>>>>>
>>>>> <cxfse:endpoint service="service:SupportTicketService_v1_0">
>>>>> <cxfse:pojo>
>>>>> <bean
>>>>> class="com.....supportticketservice_v1.SupportTicketImpl">
>>>>> <property name="ticketRouter">
>>>>> <cxfse:proxy service="rt:RTAdapterService_v1_0"
>>>>> context="#context"
>>>>>
>>>>> type="com.....wsdl.rtadapterservice_v1.RTAdapterV10"/>
>>>>> </property>
>>>>> </bean>
>>>>> </cxfse:pojo>
>>>>> </cxfse:endpoint>
>>>>>
>>>>> and second enpoint in another assembly:
>>>>>
>>>>> <cxfse:endpoint service="service:RTAdapterService_v1_0">
>>>>> <cxfse:pojo>
>>>>> <bean class="com.....rtadapterservice_v1.RTAdapterImpl">
>>>>> <property name="rtAdapterService"
>>>>> ref="rtAdapterService"/>
>>>>> </bean>
>>>>> </cxfse:pojo>
>>>>> </cxfse:endpoint>
>>>>>
>>>>>
>>>>> Thanks in advance for your replies.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>
>
>
--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com
Re: How to use ws-security credentials in cxf endpoint
Posted by Ashwin Karpe <as...@progress.com>.
Hi,
I agree with what Freeman has said in the earlier response.
There is however another way to do this as well. This requires the CXF-BC to
consume the message as Raw (i.e. soap flag should be set to false). This
will get you the entire SOAP message headers and all instead of the headers
being stripped and preserved.
You may then work with a clone/copy of the message and use the original SOAP
security header to be sent as is without manipulation.
Hope this helps.
Cheers,
Ashwin...
timm01 wrote:
>
> Thanks for your post Ashwin.
> You wrote, that
>> header security header pretty much useless for further propagation.
> But in our scenario we have to authenticate request it backend system. In
> our case CXF SE SU should send request to backend web-service, and it
> needs securitySubject to render auth headers to request.
>
> How do you recommend to implement securitySubject propagation in our
> situation?
>
>
>
> Ashwin Karpe wrote:
>>
>> Hi,
>>
>> The WS-Security credentials are not passed to the CXF-SE by the CXF_BC.
>>
>> The reason for this is that the WS-Security credentials once verified by
>> the interceptor for authenticity and authority in the CXF-BC render the
>> header security header pretty much useless for further propagation.
>>
>> In any case the CXF-SE does not have any listeners set up and is just a
>> POJO linked by a channel to the NMR by the CXF_SE component in
>> servicemix-cxf-se-xxxx-fuse-installer.zip.
>>
>> Also, the payload propagated between the CXF-BC and CXF-SE is a JBI
>> Message with the SOAP Body sent as a JBI Part.
>>
>> The WS-Security example (cxf-ws-security) in the FUSE download version
>> 3.x is a good working demo that you could check out for further details.
>>
>> Hope this helps.
>>
>> Cheers,
>>
>> Ashwin...
>>
>>
>> timm01 wrote:
>>>
>>> thanks for your reply Freeman.
>>>
>>> In cxf-ws-security example cxf bc extract the credentials and
>>> authentificates it in JAAS, but it isn't pass it to cxf se.
>>> Am I right?
>>> After having added LoggingInInterceptor in cxf se, I have figured out
>>> that incoming message doesn't have security header.
>>>
>>>
>>>
>>>
>>> Freeman Fang wrote:
>>>>
>>>> Hi,
>>>> You needn't copy the credential data from one message to another IMO,
>>>> cxf bc extract the credentials data by ws-security and then delegate
>>>> the
>>>> AA to JAAS service inside Servicemix.
>>>> You may need take a look at cxf-ws-security example shipped with FUSE
>>>> ESB (which is based on Apache ServiceMix).
>>>> You can download the FUSE ESB from [1]
>>>> [1]http://fusesource.com/
>>>> Freeman
>>>> timm01 wrote:
>>>>> Hello All.
>>>>>
>>>>> I need to pass security credentials between endpoints (cxf
>>>>> webservices),
>>>>> deployed on servicemix.
>>>>>
>>>>> First service assembly contains cxfbc:consumer and cxfse:endpoint.
>>>>> While the
>>>>> second one has another cxfse:endpoint. First endpoint calls second one
>>>>> using
>>>>> cxfse:proxy.
>>>>>
>>>>> In cxfbc:consumer I'm using ws-security to recieve credentials the
>>>>> latter is
>>>>> implemented with WSS4JInInterceptor.
>>>>>
>>>>> Does anyone have any idea of how to use security credentials at the
>>>>> endpoints? If it's done via copying the data from one message to
>>>>> another,
>>>>> what is the proper way to implement that? Otherwise is there a way to
>>>>> have
>>>>> it done automatically?
>>>>>
>>>>> Here is my configuration:
>>>>> <cxfbc:consumer wsdl="classpath:ITSM/WSDL/SupportTicket-v1.wsdl"
>>>>> targetService="service:SupportTicketService_v1_0"
>>>>> targetInterface="service:SupportTicket_v1_0">
>>>>> <cxfbc:inInterceptors>
>>>>> <bean
>>>>> class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
>>>>> <ref bean="wss4jIn_request"/>
>>>>> <ref bean="saajIn_request"/>
>>>>> </cxfbc:inInterceptors>
>>>>> </cxfbc:consumer>
>>>>>
>>>>> <cxfse:endpoint service="service:SupportTicketService_v1_0">
>>>>> <cxfse:pojo>
>>>>> <bean
>>>>> class="com.....supportticketservice_v1.SupportTicketImpl">
>>>>> <property name="ticketRouter">
>>>>> <cxfse:proxy service="rt:RTAdapterService_v1_0"
>>>>> context="#context"
>>>>>
>>>>> type="com.....wsdl.rtadapterservice_v1.RTAdapterV10"/>
>>>>> </property>
>>>>> </bean>
>>>>> </cxfse:pojo>
>>>>> </cxfse:endpoint>
>>>>>
>>>>> and second enpoint in another assembly:
>>>>>
>>>>> <cxfse:endpoint service="service:RTAdapterService_v1_0">
>>>>> <cxfse:pojo>
>>>>> <bean class="com.....rtadapterservice_v1.RTAdapterImpl">
>>>>> <property name="rtAdapterService"
>>>>> ref="rtAdapterService"/>
>>>>> </bean>
>>>>> </cxfse:pojo>
>>>>> </cxfse:endpoint>
>>>>>
>>>>>
>>>>> Thanks in advance for your replies.
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
-----
---
Ashwin Karpe, Principal Consultant, PS - Opensource Center of Competence
Progress Software Corporation
14 Oak Park Drive
Bedford, MA 01730
---
+1-972-304-9084 (Office)
+1-972-971-1700 (Mobile)
----
Blog: http://opensourceknowledge.blogspot.com/
--
View this message in context: http://www.nabble.com/How-to-use-ws-security-credentials-in-cxf-endpoint-tp21973209p23525272.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
Re: How to use ws-security credentials in cxf endpoint
Posted by timm01 <ti...@mail.ru>.
Thanks for your post Ashwin.
You wrote, that
> header security header pretty much useless for further propagation.
But in our scenario we have to authenticate request it backend system. In
our case CXF SE SU should send request to backend web-service, and it needs
securitySubject to render auth headers to request.
How do you recommend to implement securitySubject propagation in our
situation?
Ashwin Karpe wrote:
>
> Hi,
>
> The WS-Security credentials are not passed to the CXF-SE by the CXF_BC.
>
> The reason for this is that the WS-Security credentials once verified by
> the interceptor for authenticity and authority in the CXF-BC render the
> header security header pretty much useless for further propagation.
>
> In any case the CXF-SE does not have any listeners set up and is just a
> POJO linked by a channel to the NMR by the CXF_SE component in
> servicemix-cxf-se-xxxx-fuse-installer.zip.
>
> Also, the payload propagated between the CXF-BC and CXF-SE is a JBI
> Message with the SOAP Body sent as a JBI Part.
>
> The WS-Security example (cxf-ws-security) in the FUSE download version 3.x
> is a good working demo that you could check out for further details.
>
> Hope this helps.
>
> Cheers,
>
> Ashwin...
>
>
> timm01 wrote:
>>
>> thanks for your reply Freeman.
>>
>> In cxf-ws-security example cxf bc extract the credentials and
>> authentificates it in JAAS, but it isn't pass it to cxf se.
>> Am I right?
>> After having added LoggingInInterceptor in cxf se, I have figured out
>> that incoming message doesn't have security header.
>>
>>
>>
>>
>> Freeman Fang wrote:
>>>
>>> Hi,
>>> You needn't copy the credential data from one message to another IMO,
>>> cxf bc extract the credentials data by ws-security and then delegate the
>>> AA to JAAS service inside Servicemix.
>>> You may need take a look at cxf-ws-security example shipped with FUSE
>>> ESB (which is based on Apache ServiceMix).
>>> You can download the FUSE ESB from [1]
>>> [1]http://fusesource.com/
>>> Freeman
>>> timm01 wrote:
>>>> Hello All.
>>>>
>>>> I need to pass security credentials between endpoints (cxf
>>>> webservices),
>>>> deployed on servicemix.
>>>>
>>>> First service assembly contains cxfbc:consumer and cxfse:endpoint.
>>>> While the
>>>> second one has another cxfse:endpoint. First endpoint calls second one
>>>> using
>>>> cxfse:proxy.
>>>>
>>>> In cxfbc:consumer I'm using ws-security to recieve credentials the
>>>> latter is
>>>> implemented with WSS4JInInterceptor.
>>>>
>>>> Does anyone have any idea of how to use security credentials at the
>>>> endpoints? If it's done via copying the data from one message to
>>>> another,
>>>> what is the proper way to implement that? Otherwise is there a way to
>>>> have
>>>> it done automatically?
>>>>
>>>> Here is my configuration:
>>>> <cxfbc:consumer wsdl="classpath:ITSM/WSDL/SupportTicket-v1.wsdl"
>>>> targetService="service:SupportTicketService_v1_0"
>>>> targetInterface="service:SupportTicket_v1_0">
>>>> <cxfbc:inInterceptors>
>>>> <bean
>>>> class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
>>>> <ref bean="wss4jIn_request"/>
>>>> <ref bean="saajIn_request"/>
>>>> </cxfbc:inInterceptors>
>>>> </cxfbc:consumer>
>>>>
>>>> <cxfse:endpoint service="service:SupportTicketService_v1_0">
>>>> <cxfse:pojo>
>>>> <bean
>>>> class="com.....supportticketservice_v1.SupportTicketImpl">
>>>> <property name="ticketRouter">
>>>> <cxfse:proxy service="rt:RTAdapterService_v1_0"
>>>> context="#context"
>>>>
>>>> type="com.....wsdl.rtadapterservice_v1.RTAdapterV10"/>
>>>> </property>
>>>> </bean>
>>>> </cxfse:pojo>
>>>> </cxfse:endpoint>
>>>>
>>>> and second enpoint in another assembly:
>>>>
>>>> <cxfse:endpoint service="service:RTAdapterService_v1_0">
>>>> <cxfse:pojo>
>>>> <bean class="com.....rtadapterservice_v1.RTAdapterImpl">
>>>> <property name="rtAdapterService"
>>>> ref="rtAdapterService"/>
>>>> </bean>
>>>> </cxfse:pojo>
>>>> </cxfse:endpoint>
>>>>
>>>>
>>>> Thanks in advance for your replies.
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>
>>
>
>
--
View this message in context: http://www.nabble.com/How-to-use-ws-security-credentials-in-cxf-endpoint-tp21973209p23519945.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
Re: How to use ws-security credentials in cxf endpoint
Posted by Ashwin Karpe <as...@progress.com>.
Hi,
The WS-Security credentials are not passed to the CXF-SE by the CXF_BC.
The reason for this is that the WS-Security credentials once verified by the
interceptor for authenticity and authority in the CXF-BC render the header
security header pretty much useless for further propagation.
In any case the CXF-SE does not have any listeners set up and is just a POJO
linked by a channel to the NMR by the CXF_SE component in
servicemix-cxf-se-xxxx-fuse-installer.zip.
Also, the payload propagated between the CXF-BC and CXF-SE is a JBI Message
with the SOAP Body sent as a JBI Part.
The WS-Security example (cxf-ws-security) in the FUSE download version 3.x
is a good working demo that you could check out for further details.
Hope this helps.
Cheers,
Ashwin...
timm01 wrote:
>
> thanks for your reply Freeman.
>
> In cxf-ws-security example cxf bc extract the credentials and
> authentificates it in JAAS, but it isn't pass it to cxf se.
> Am I right?
> After having added LoggingInInterceptor in cxf se, I have figured out that
> incoming message doesn't have security header.
>
>
>
>
> Freeman Fang wrote:
>>
>> Hi,
>> You needn't copy the credential data from one message to another IMO,
>> cxf bc extract the credentials data by ws-security and then delegate the
>> AA to JAAS service inside Servicemix.
>> You may need take a look at cxf-ws-security example shipped with FUSE
>> ESB (which is based on Apache ServiceMix).
>> You can download the FUSE ESB from [1]
>> [1]http://fusesource.com/
>> Freeman
>> timm01 wrote:
>>> Hello All.
>>>
>>> I need to pass security credentials between endpoints (cxf webservices),
>>> deployed on servicemix.
>>>
>>> First service assembly contains cxfbc:consumer and cxfse:endpoint. While
>>> the
>>> second one has another cxfse:endpoint. First endpoint calls second one
>>> using
>>> cxfse:proxy.
>>>
>>> In cxfbc:consumer I'm using ws-security to recieve credentials the
>>> latter is
>>> implemented with WSS4JInInterceptor.
>>>
>>> Does anyone have any idea of how to use security credentials at the
>>> endpoints? If it's done via copying the data from one message to
>>> another,
>>> what is the proper way to implement that? Otherwise is there a way to
>>> have
>>> it done automatically?
>>>
>>> Here is my configuration:
>>> <cxfbc:consumer wsdl="classpath:ITSM/WSDL/SupportTicket-v1.wsdl"
>>> targetService="service:SupportTicketService_v1_0"
>>> targetInterface="service:SupportTicket_v1_0">
>>> <cxfbc:inInterceptors>
>>> <bean
>>> class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
>>> <ref bean="wss4jIn_request"/>
>>> <ref bean="saajIn_request"/>
>>> </cxfbc:inInterceptors>
>>> </cxfbc:consumer>
>>>
>>> <cxfse:endpoint service="service:SupportTicketService_v1_0">
>>> <cxfse:pojo>
>>> <bean
>>> class="com.....supportticketservice_v1.SupportTicketImpl">
>>> <property name="ticketRouter">
>>> <cxfse:proxy service="rt:RTAdapterService_v1_0"
>>> context="#context"
>>>
>>> type="com.....wsdl.rtadapterservice_v1.RTAdapterV10"/>
>>> </property>
>>> </bean>
>>> </cxfse:pojo>
>>> </cxfse:endpoint>
>>>
>>> and second enpoint in another assembly:
>>>
>>> <cxfse:endpoint service="service:RTAdapterService_v1_0">
>>> <cxfse:pojo>
>>> <bean class="com.....rtadapterservice_v1.RTAdapterImpl">
>>> <property name="rtAdapterService"
>>> ref="rtAdapterService"/>
>>> </bean>
>>> </cxfse:pojo>
>>> </cxfse:endpoint>
>>>
>>>
>>> Thanks in advance for your replies.
>>>
>>>
>>>
>>
>>
>>
>
>
-----
---
Ashwin Karpe, Principal Consultant, PS - Opensource Center of Competence
Progress Software Corporation
14 Oak Park Drive
Bedford, MA 01730
---
+1-972-304-9084 (Office)
+1-972-971-1700 (Mobile)
----
Blog: http://opensourceknowledge.blogspot.com/
--
View this message in context: http://www.nabble.com/How-to-use-ws-security-credentials-in-cxf-endpoint-tp21973209p21986701.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
Re: How to use ws-security credentials in cxf endpoint
Posted by timm01 <ti...@mail.ru>.
Thank you for your answer, Freeman.
Could you provide some example on this issue, please? I'm a newbie in
ServiceMix and therefore, I would very appreciate if you were able to give
some kind of a direction on how to get this problem resolved.
Thank you once again.
Freeman Fang wrote:
>
> timm01 wrote:
>> thanks for your reply Freeman.
>>
>> In cxf-ws-security example cxf bc extract the credentials and
>> authentificates it in JAAS, but it isn't pass it to cxf se.
>> Am I right?
>> After having added LoggingInInterceptor in cxf se, I have figured out
>> that
>> incoming message doesn't have security header.
>>
>>
>>
>>
> you can specify which service in servicemix could be access based on the
> credetial extracted by cxf bc, something like
> <sm:broker>
> <sm:securedBroker>
> <sm:authorizationMap>
> <sm:authorizationMap>
> <sm:authorizationEntries>
> <sm:authorizationEntry
> service="prefix:yourservicecouldbeaccessbyadmin" roles="admin" />
> </sm:authorizationEntries>
> </sm:authorizationMap>
> </sm:authorizationMap>
> </sm:securedBroker>
> </sm:broker>
> so it's no need the JBI message inside servicemix have security header.
> Also, the ws-security header are based on soap payload, but generally
> the message inside Servicemix aren't soap payload.
> If you really want to keep the username/password for your message
> exchange inside servicemix, you can put username/password as message
> exchagne properties and handle it yourself.
> Freeman
>> Freeman Fang wrote:
>>
>>> Hi,
>>> You needn't copy the credential data from one message to another IMO,
>>> cxf bc extract the credentials data by ws-security and then delegate the
>>> AA to JAAS service inside Servicemix.
>>> You may need take a look at cxf-ws-security example shipped with FUSE
>>> ESB (which is based on Apache ServiceMix).
>>> You can download the FUSE ESB from [1]
>>> [1]http://fusesource.com/
>>> Freeman
>>> timm01 wrote:
>>>
>>>> Hello All.
>>>>
>>>> I need to pass security credentials between endpoints (cxf
>>>> webservices),
>>>> deployed on servicemix.
>>>>
>>>> First service assembly contains cxfbc:consumer and cxfse:endpoint.
>>>> While
>>>> the
>>>> second one has another cxfse:endpoint. First endpoint calls second one
>>>> using
>>>> cxfse:proxy.
>>>>
>>>> In cxfbc:consumer I'm using ws-security to recieve credentials the
>>>> latter
>>>> is
>>>> implemented with WSS4JInInterceptor.
>>>>
>>>> Does anyone have any idea of how to use security credentials at the
>>>> endpoints? If it's done via copying the data from one message to
>>>> another,
>>>> what is the proper way to implement that? Otherwise is there a way to
>>>> have
>>>> it done automatically?
>>>>
>>>> Here is my configuration:
>>>> <cxfbc:consumer wsdl="classpath:ITSM/WSDL/SupportTicket-v1.wsdl"
>>>> targetService="service:SupportTicketService_v1_0"
>>>> targetInterface="service:SupportTicket_v1_0">
>>>> <cxfbc:inInterceptors>
>>>> <bean
>>>> class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
>>>> <ref bean="wss4jIn_request"/>
>>>> <ref bean="saajIn_request"/>
>>>> </cxfbc:inInterceptors>
>>>> </cxfbc:consumer>
>>>>
>>>> <cxfse:endpoint service="service:SupportTicketService_v1_0">
>>>> <cxfse:pojo>
>>>> <bean
>>>> class="com.....supportticketservice_v1.SupportTicketImpl">
>>>> <property name="ticketRouter">
>>>> <cxfse:proxy service="rt:RTAdapterService_v1_0"
>>>> context="#context"
>>>>
>>>> type="com.....wsdl.rtadapterservice_v1.RTAdapterV10"/>
>>>> </property>
>>>> </bean>
>>>> </cxfse:pojo>
>>>> </cxfse:endpoint>
>>>>
>>>> and second enpoint in another assembly:
>>>>
>>>> <cxfse:endpoint service="service:RTAdapterService_v1_0">
>>>> <cxfse:pojo>
>>>> <bean class="com.....rtadapterservice_v1.RTAdapterImpl">
>>>> <property name="rtAdapterService"
>>>> ref="rtAdapterService"/>
>>>> </bean>
>>>> </cxfse:pojo>
>>>> </cxfse:endpoint>
>>>>
>>>>
>>>> Thanks in advance for your replies.
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
>
--
View this message in context: http://www.nabble.com/How-to-use-ws-security-credentials-in-cxf-endpoint-tp21973209p21976204.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
Re: How to use ws-security credentials in cxf endpoint
Posted by Freeman Fang <fr...@gmail.com>.
timm01 wrote:
> thanks for your reply Freeman.
>
> In cxf-ws-security example cxf bc extract the credentials and
> authentificates it in JAAS, but it isn't pass it to cxf se.
> Am I right?
> After having added LoggingInInterceptor in cxf se, I have figured out that
> incoming message doesn't have security header.
>
>
>
>
you can specify which service in servicemix could be access based on the
credetial extracted by cxf bc, something like
<sm:broker>
<sm:securedBroker>
<sm:authorizationMap>
<sm:authorizationMap>
<sm:authorizationEntries>
<sm:authorizationEntry
service="prefix:yourservicecouldbeaccessbyadmin" roles="admin" />
</sm:authorizationEntries>
</sm:authorizationMap>
</sm:authorizationMap>
</sm:securedBroker>
</sm:broker>
so it's no need the JBI message inside servicemix have security header.
Also, the ws-security header are based on soap payload, but generally
the message inside Servicemix aren't soap payload.
If you really want to keep the username/password for your message
exchange inside servicemix, you can put username/password as message
exchagne properties and handle it yourself.
Freeman
> Freeman Fang wrote:
>
>> Hi,
>> You needn't copy the credential data from one message to another IMO,
>> cxf bc extract the credentials data by ws-security and then delegate the
>> AA to JAAS service inside Servicemix.
>> You may need take a look at cxf-ws-security example shipped with FUSE
>> ESB (which is based on Apache ServiceMix).
>> You can download the FUSE ESB from [1]
>> [1]http://fusesource.com/
>> Freeman
>> timm01 wrote:
>>
>>> Hello All.
>>>
>>> I need to pass security credentials between endpoints (cxf webservices),
>>> deployed on servicemix.
>>>
>>> First service assembly contains cxfbc:consumer and cxfse:endpoint. While
>>> the
>>> second one has another cxfse:endpoint. First endpoint calls second one
>>> using
>>> cxfse:proxy.
>>>
>>> In cxfbc:consumer I'm using ws-security to recieve credentials the latter
>>> is
>>> implemented with WSS4JInInterceptor.
>>>
>>> Does anyone have any idea of how to use security credentials at the
>>> endpoints? If it's done via copying the data from one message to another,
>>> what is the proper way to implement that? Otherwise is there a way to
>>> have
>>> it done automatically?
>>>
>>> Here is my configuration:
>>> <cxfbc:consumer wsdl="classpath:ITSM/WSDL/SupportTicket-v1.wsdl"
>>> targetService="service:SupportTicketService_v1_0"
>>> targetInterface="service:SupportTicket_v1_0">
>>> <cxfbc:inInterceptors>
>>> <bean
>>> class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
>>> <ref bean="wss4jIn_request"/>
>>> <ref bean="saajIn_request"/>
>>> </cxfbc:inInterceptors>
>>> </cxfbc:consumer>
>>>
>>> <cxfse:endpoint service="service:SupportTicketService_v1_0">
>>> <cxfse:pojo>
>>> <bean
>>> class="com.....supportticketservice_v1.SupportTicketImpl">
>>> <property name="ticketRouter">
>>> <cxfse:proxy service="rt:RTAdapterService_v1_0"
>>> context="#context"
>>>
>>> type="com.....wsdl.rtadapterservice_v1.RTAdapterV10"/>
>>> </property>
>>> </bean>
>>> </cxfse:pojo>
>>> </cxfse:endpoint>
>>>
>>> and second enpoint in another assembly:
>>>
>>> <cxfse:endpoint service="service:RTAdapterService_v1_0">
>>> <cxfse:pojo>
>>> <bean class="com.....rtadapterservice_v1.RTAdapterImpl">
>>> <property name="rtAdapterService"
>>> ref="rtAdapterService"/>
>>> </bean>
>>> </cxfse:pojo>
>>> </cxfse:endpoint>
>>>
>>>
>>> Thanks in advance for your replies.
>>>
>>>
>>>
>>>
>>
>>
>
>
Re: How to use ws-security credentials in cxf endpoint
Posted by timm01 <ti...@mail.ru>.
thanks for your reply Freeman.
In cxf-ws-security example cxf bc extract the credentials and
authentificates it in JAAS, but it isn't pass it to cxf se.
Am I right?
After having added LoggingInInterceptor in cxf se, I have figured out that
incoming message doesn't have security header.
Freeman Fang wrote:
>
> Hi,
> You needn't copy the credential data from one message to another IMO,
> cxf bc extract the credentials data by ws-security and then delegate the
> AA to JAAS service inside Servicemix.
> You may need take a look at cxf-ws-security example shipped with FUSE
> ESB (which is based on Apache ServiceMix).
> You can download the FUSE ESB from [1]
> [1]http://fusesource.com/
> Freeman
> timm01 wrote:
>> Hello All.
>>
>> I need to pass security credentials between endpoints (cxf webservices),
>> deployed on servicemix.
>>
>> First service assembly contains cxfbc:consumer and cxfse:endpoint. While
>> the
>> second one has another cxfse:endpoint. First endpoint calls second one
>> using
>> cxfse:proxy.
>>
>> In cxfbc:consumer I'm using ws-security to recieve credentials the latter
>> is
>> implemented with WSS4JInInterceptor.
>>
>> Does anyone have any idea of how to use security credentials at the
>> endpoints? If it's done via copying the data from one message to another,
>> what is the proper way to implement that? Otherwise is there a way to
>> have
>> it done automatically?
>>
>> Here is my configuration:
>> <cxfbc:consumer wsdl="classpath:ITSM/WSDL/SupportTicket-v1.wsdl"
>> targetService="service:SupportTicketService_v1_0"
>> targetInterface="service:SupportTicket_v1_0">
>> <cxfbc:inInterceptors>
>> <bean
>> class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
>> <ref bean="wss4jIn_request"/>
>> <ref bean="saajIn_request"/>
>> </cxfbc:inInterceptors>
>> </cxfbc:consumer>
>>
>> <cxfse:endpoint service="service:SupportTicketService_v1_0">
>> <cxfse:pojo>
>> <bean
>> class="com.....supportticketservice_v1.SupportTicketImpl">
>> <property name="ticketRouter">
>> <cxfse:proxy service="rt:RTAdapterService_v1_0"
>> context="#context"
>>
>> type="com.....wsdl.rtadapterservice_v1.RTAdapterV10"/>
>> </property>
>> </bean>
>> </cxfse:pojo>
>> </cxfse:endpoint>
>>
>> and second enpoint in another assembly:
>>
>> <cxfse:endpoint service="service:RTAdapterService_v1_0">
>> <cxfse:pojo>
>> <bean class="com.....rtadapterservice_v1.RTAdapterImpl">
>> <property name="rtAdapterService"
>> ref="rtAdapterService"/>
>> </bean>
>> </cxfse:pojo>
>> </cxfse:endpoint>
>>
>>
>> Thanks in advance for your replies.
>>
>>
>>
>
>
>
--
View this message in context: http://www.nabble.com/How-to-use-ws-security-credentials-in-cxf-endpoint-tp21973209p21974535.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
Re: How to use ws-security credentials in cxf endpoint
Posted by Freeman Fang <fr...@gmail.com>.
Hi,
You needn't copy the credential data from one message to another IMO,
cxf bc extract the credentials data by ws-security and then delegate the
AA to JAAS service inside Servicemix.
You may need take a look at cxf-ws-security example shipped with FUSE
ESB (which is based on Apache ServiceMix).
You can download the FUSE ESB from [1]
[1]http://fusesource.com/
Freeman
timm01 wrote:
> Hello All.
>
> I need to pass security credentials between endpoints (cxf webservices),
> deployed on servicemix.
>
> First service assembly contains cxfbc:consumer and cxfse:endpoint. While the
> second one has another cxfse:endpoint. First endpoint calls second one using
> cxfse:proxy.
>
> In cxfbc:consumer I'm using ws-security to recieve credentials the latter is
> implemented with WSS4JInInterceptor.
>
> Does anyone have any idea of how to use security credentials at the
> endpoints? If it's done via copying the data from one message to another,
> what is the proper way to implement that? Otherwise is there a way to have
> it done automatically?
>
> Here is my configuration:
> <cxfbc:consumer wsdl="classpath:ITSM/WSDL/SupportTicket-v1.wsdl"
> targetService="service:SupportTicketService_v1_0"
> targetInterface="service:SupportTicket_v1_0">
> <cxfbc:inInterceptors>
> <bean class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
> <ref bean="wss4jIn_request"/>
> <ref bean="saajIn_request"/>
> </cxfbc:inInterceptors>
> </cxfbc:consumer>
>
> <cxfse:endpoint service="service:SupportTicketService_v1_0">
> <cxfse:pojo>
> <bean class="com.....supportticketservice_v1.SupportTicketImpl">
> <property name="ticketRouter">
> <cxfse:proxy service="rt:RTAdapterService_v1_0"
> context="#context"
>
> type="com.....wsdl.rtadapterservice_v1.RTAdapterV10"/>
> </property>
> </bean>
> </cxfse:pojo>
> </cxfse:endpoint>
>
> and second enpoint in another assembly:
>
> <cxfse:endpoint service="service:RTAdapterService_v1_0">
> <cxfse:pojo>
> <bean class="com.....rtadapterservice_v1.RTAdapterImpl">
> <property name="rtAdapterService" ref="rtAdapterService"/>
> </bean>
> </cxfse:pojo>
> </cxfse:endpoint>
>
>
> Thanks in advance for your replies.
>
>
>