Hi Oliver,
There is no active development around CXF support at the moment (see
[1] why).
But what you want is a custom authentication provider [2]. The easiest
way to build one is to copy the standard authentication provider code
[3] and modify it. We (SAP) have implemented SAML support for our
infrastructure. So that's doable. WS-Trust STS might be trickier, but
certainly possible.
Apart from that, you might want to consider using a different binding.
The Web Services binding is pretty slow compared to the other two
bindings.
- Florian
[1]
http://mail-archives.apache.org/mod_mbox/chemistry-dev/201206.mbox/%3C4FDF8B71.9020108%40apache.org%3E
[2]
http://chemistry.apache.org/java/developing/client/dev-client-bindings.html#OpenCMISClientBindings-CustomAuthenticationProvider
[3]
https://svn.apache.org/repos/asf/chemistry/opencmis/trunk/chemistry-opencmis-client/chemistry-opencmis-client-bindings/src/main/java/org/apache/chemistry/opencmis/client/bindings/spi/StandardAuthenticationProvider.java
Hi there
I'm looking into the usage of opencmis to interact with a CMS system.
This worked fine with basic security. Currently, username/password is
supported with HTTP Basic Authentication or WS-Security
UsernameToken.
In our case, the CMIS client is deployed in a web application which
must sent requests on behalf of the web application user. So far, we
used SAML and the WS-Trust STS which is supported by Apache CXF.
I've spotted the following class CXFPortProvider but it is not
active. Is there any other work ongoing in supporting CXF and any
other WS-Security tokens?
Thanks
Oli
