[jira] [Commented] (CXF-3216) Refactor http authentication to make it more flexible and simpler

[Jason Chen (JIRA)]

    [ 
https://issues.apache.org/jira/browse/CXF-3216?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13018384#comment-13018384
 ] 

Jason Chen commented on CXF-3216:
---------------------------------

Hi Christian, when you said Kerberos auth can now be configured, does that 
include the policy handler as well?
I just looked at the nightly build source code and couldn't see how the 
SymmetricBindingHandler ever gets the KerberosToken or SpnegoToken since there 
is no token subclasses and builiders for these tokens.

I quickly tried the latest snapshot for kerberos auth and got the following 
exception:
Caused by: org.apache.cxf.ws.policy.PolicyException: No signature token
        at 
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.policyNotAsserted(AbstractBindingBuilder.java:295)...

which makes sense. I can see the SpnegoAuthSupplier executed and get the token 
from our KDC and inserted into the headers. So I tried disabling the the policy 
engine with "<p:engine enabled="false"></p:engine>" config and now get this 
exception:
org.w3c.dom.DOMException: NOT_FOUND_ERR
        at 
weblogic.xml.domimpl.ParentNode.internalRemoveChild(ParentNode.java:317)
        at weblogic.xml.domimpl.ParentNode.removeChild(ParentNode.java:297)
        at weblogic.xml.domimpl.ElementBase.removeChild(ElementBase.java:24)
        at 
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:144)...

Am I missing something obvious here? Will I need to implement the policy 
builder and token myself? I am new to this and happy to contribute if this 
hasn't been implemented, so any pointers are appreciated.

> Refactor http authentication to make it more flexible and simpler
> -----------------------------------------------------------------
>
>                 Key: CXF-3216
>                 URL: https://issues.apache.org/jira/browse/CXF-3216
>             Project: CXF
>          Issue Type: Improvement
>          Components: Transports
>    Affects Versions: 2.3.1
>            Reporter: Christian Schneider
>            Assignee: Christian Schneider
>             Fix For: 2.4
>
>         Attachments: CXF-3216-1.patch, CXF-3216-2.patch
>
>
> The http authentication should be completely based on authSupplier. The 
> HttpConduit should simply delegate to it.
> We should also remove some of the other auth config options besides 
> authorizationPolicy on conduit.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira