Hi, That was also to keep things more consistent with previous releases where the log on was performed automatically. Again, it's fully configurable and we can add a chapter in the documentation on how to override our validator with a NoOpValidator from CXF.
Jean-Louis 2011/7/8 Romain Manni-Bucau <[email protected]> > Hi, > > thanks to Jean-Louis OpenEJB is now using cxf 2.4.1, normally HEAD compiles > and it works in Tomcat too but if you have some issues please shout. > > About the update i modified openejb-http to implement servlet > request/response and now we can delegate really more to cxf (less > copy/paste). > > There is one issue about wss4j, since cxf 2.4.x brings wss4j 1.6 (instead > of > 1.5 before), and since this version fixes some security issues we have now > to log on the user in a different way on the server side. In this version, > cxf uses validators to delegate validations and callbackhandlers are only > used to bring back information (a password for example ;)). So the > ServerPasswordHandler which was logged in the user had been refactored into > a validator. > > With Jean-Louis we decided it was better to add this validator by default > in > the wss4j chain but it is configurable in openejb-jar.xml (cf > webservice-ws-security example for details). > > Like for cxf the property is a map the properties format is a bit > complicated but it is probably the simplest syntax we can use in a property > style: > > wss4j.in.validator.{ > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken= > org.apache.openejb.server.cxf.OpenEJBLoginValidator > > [syntax: wss4j.in.validator.{<namespace>}<local> = <validator>] > > (well, now you see why it is added by default ;)). > > > - Romain > > 2011/7/6 Romain Manni-Bucau <[email protected]> > > > Hi, > > > > having a look to this i have still some questions: > > > > 1) how does it work with jetty: > > -> today if i start a standalone openejb it will deploy my > > webservices, same thing in tomee...i remember David said it was thanks to > > jetty but i don't get how it is configured (in particular in the pom) > > 2) i would like to remove http://nopath, how can i get the <IP>:<PORT> > to > > use? > > > > > > - Romain > > > > > > 2011/7/1 Romain Manni-Bucau <[email protected]> > > > >> yep, > >> > >> svn is copied on github i think but it is a readonly repo. > >> > >> I pushed it on svn if so would like to help otherwise i use hg-svn or > >> git-svn bridges. > >> > >> - Romain > >> > >> > >> 2011/7/1 Jacek Laskowski <[email protected]> > >> > >>> On Thu, Jun 30, 2011 at 10:35 PM, Romain Manni-Bucau > >>> <[email protected]> wrote: > >>> > i created a branch for this mogration: > >>> > > >>> > https://svn.apache.org/repos/asf/openejb/branches/openejb-4.0.x-cxf-2.4.x/ > >>> > >>> Hi, > >>> > >>> Just an idea crossed my mind when this branching cropped up - does > >>> anyone use git for openejb development? Could I use git alongside your > >>> use of svn? > >>> > >>> Jacek > >>> > >>> -- > >>> Jacek Laskowski > >>> Java EE, functional languages and IBM WebSphere - > http://blog.japila.pl > >>> Warszawa JUG conference = Confitura (formerly Javarsovia) :: > >>> http://confitura.pl > >>> > >> > >> > > >
