On Monday 22 September 2008 6:32:28 pm krishmn wrote: > --------------------------------------------------------------------------- >----- > > Hi, > > We are trying to integrate CXF with Spring security for webservices and > using UserNameToken Profile for WS-Security. > > Right now I'm writing the WSCallbackHandler to handle the "UserNameToken" > profile and authenticate against the spring secuirty by injecting > "authenticationManager". > > Is there a "WS-SecurityIntercetor" similar to "WSS4JInInterceptor" which I > can use to inject the authentication mechanisam and as well as different > security profiles so that it would be done automatically for me?
Not at this point, no. If you would be willing to contribute something, that would be great. That said, if you are authenticating against the spring security stuff, you should be able to use the security annotations on your service and that can handle the authorization stuff. Dan > > > <bean id="serverPasswordCallback" > class="com.company.security.auth.ServerPasswordCallback"> > <property name="authenticationManager" ref="authenticationManager"/> > </bean> > > <bean id="wss4jInConfiguration" > class="org.apache.cxf.ws.security.wss4j.WSS4JInInt erceptor"> > <property name="properties"> > <map> > <entry key="action" value="UsernameToken"/> > <entry key="passwordType" value="PasswordText" /> > <entry> > <key> > <value>passwordCallbackRef</value> > </key> > <ref bean="serverPasswordCallback"/> > </entry> > </map> > </property> > </bean> > > <jaxws:endpoint id="helloWorldEndpoint" implementor="#helloWorld" > address="/HelloWorld" > > <jaxws:inInterceptors> > <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInte rceptor" /> > <ref bean="wss4jInConfiguration"/> > </jaxws:inInterceptors> > </jaxws:endpoint> > > > Thanks > Krishmn -- Daniel Kulp [EMAIL PROTECTED] http://www.dankulp.com/blog
