Hi Florian Thanks for the feedback. CXF supports MTOM and streaming out-of-the-box without any implementation specific dependencies. I think it should by quite easy to integrate CXF as a web services stack in chemistry. The security part is then enforced by WS-SecurityPolicies without a lot of API usage.
I'll give it a try. Would you look into this if I raise a JIRA and apply a patch including unit testing? Are there non resolvable issues do improve performance for the Web Services Binding? Thanks Oli ------ Oliver Wulff Blog: http://owulff.blogspot.com ________________________________________ From: Florian Müller [[email protected]] Sent: 21 March 2013 12:38 To: [email protected] Cc: Oliver Wulff Subject: Re: CXF support as web services stack in opencmis Hi Oliver, There is no active development around CXF support at the moment (see [1] why). But what you want is a custom authentication provider [2]. The easiest way to build one is to copy the standard authentication provider code [3] and modify it. We (SAP) have implemented SAML support for our infrastructure. So that's doable. WS-Trust STS might be trickier, but certainly possible. Apart from that, you might want to consider using a different binding. The Web Services binding is pretty slow compared to the other two bindings. - Florian [1] http://mail-archives.apache.org/mod_mbox/chemistry-dev/201206.mbox/%3C4FDF8B71.9020108%40apache.org%3E [2] http://chemistry.apache.org/java/developing/client/dev-client-bindings.html#OpenCMISClientBindings-CustomAuthenticationProvider [3] https://svn.apache.org/repos/asf/chemistry/opencmis/trunk/chemistry-opencmis-client/chemistry-opencmis-client-bindings/src/main/java/org/apache/chemistry/opencmis/client/bindings/spi/StandardAuthenticationProvider.java > Hi there > > > > I'm looking into the usage of opencmis to interact with a CMS system. > This worked fine with basic security. Currently, username/password is > supported with HTTP Basic Authentication or WS-Security > UsernameToken. > In our case, the CMIS client is deployed in a web application which > must sent requests on behalf of the web application user. So far, we > used SAML and the WS-Trust STS which is supported by Apache CXF. > > > > I've spotted the following class CXFPortProvider but it is not > active. Is there any other work ongoing in supporting CXF and any > other WS-Security tokens? > > > > Thanks > > Oli
