ws-security under tomcat

Sun, 15 Jul 2007 22:58:01 -0700 

Hi,
I'm working on a project using cxf inside tomcat, and i want to put some ws-security into it. 

for a start, here's my current server code:


here is my interface: https://dev.archer.edu.au/projects/kepler/ 
browser/BackendServer/trunk/src/au/edu/jcu/kepler/server/ 
WorkflowService.java



and my impl: https://dev.archer.edu.au/projects/kepler/browser/ 
BackendServer/trunk/src/au/edu/jcu/kepler/server/ 
WorkflowServiceImpl.java



and my web.xml and cxf-servlet.xml are here: https:// 
dev.archer.edu.au/projects/kepler/browser/BackendServer/trunk/etc/WEB- 
INF
(note, i tried to get get spring working, hence the beans.xml file,  
but i constantly got schema errors, so gave up)



this all compiles and deploys fine. But if anyone has any suggestions  
for things that should be changed to be more "cxf" like or just  
cleaner please let me know. I don't want to run into problems due to  
a dodgy setup later on down the line :)



i built a test client at: https://dev.archer.edu.au/projects/kepler/ 
browser/BackendServer/trunk/test-src (my unit tests are under test/  
and wsdl2java generated code is under au/) which also works fine.




Now, i want to put in some user authentication in, so a user has to  
be authenticated before it can use any of the other functions. (if  
this doesn't make sense let me know, i'm a complete newbie to ws- 
security), simple static username/password auth with do for now.



I've looked over the document http://cwiki.apache.org/CXF20DOC/ws- 
security.html but still can't figure out how to make any of it work.



I assume since i am using xml to build the endpoints then i use  
something similar to the "Spring XML Configuration" example. but i  
get stuck on the constructor-arg/map bit. is there any documentation  
on what has to go in that map (i.e. what the possible key/value pair  
combinations are)?



once that's done, do i need to write a new login type function or  
anything on the server?



and what do i need to change on the test client to make it connect  
once i have the server up and running?



If anyone has any simple examples of running cxf ws-security code  
that they don't mind sharing with me that would be very helpful and  
much appreciated.


Thanks heaps in advance!

--Tristan






















					Reply via email to