[
https://issues.apache.org/jira/browse/CXF-5922?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Joe Luo updated CXF-5922:
-------------------------
Description:
I am running a camel route in an OSGi container, with CXF as a consumer
endpoint, using the Provider<T> route mechanism. The route is secured with SSL
and HTTP Basic Authentication using JAASLoginInterceptor and
SimpleAuthorizingInterceptor interceptors.
Now I want to secure WSDL on the camel-cxf consumer endpoint with HTTP Basic
Authentication, similarly going through JAAS.
However, since WSDLGetInterceptor is placed in Phase.READ, it is not possible
to use JAASLoginInterceptor and SimpleAuthorizingInterceptorbecause due to the
fact that the two interceptors are placed in Phase.UNMARSHAL and
Phase.PRE_INVOKE respectively and they are far behind Phase.READ.
There are two possible solutions I can thinking of:
# move the WSDLGetInterceptor and RawMessageWSDLGetInterceptor from the
Phase.READ to Phase.PRE-INVOKE or later so they can take advantage of
JAASLoginInterceptor and SimpleAuthorizingInterceptor just as other SOAP calls;
# introduce one (or two) special interceptor to do what the
JAASLoginInterceptor and the SimpleAuthorizingInterceptor normally do just for
WSDL GET invocation.
The first option might introduce too much change but the second option sounds a
better choice. We should introduce one or two interceptors for WSDL GET
invocation to integrate with standard HTTP Authentication just like other SOAP
calls so users do not have to write custom interceptors themselves. Instead
they can simply enable it through configuration only.
It should also satisfy requirement for using the same
authentication/authorization method through JAAS just like other SOAP calls.
was:
I am running a camel route in JBoss Fuse, with CXF as a consumer endpoint,
using the Provider<T> route mechanism. The route is secured with SSL and HTTP
Basic Authentication using JAASLoginInterceptor and
SimpleAuthorizingInterceptor interceptors.
Now I want to secure WSDL on the camel-cxf consumer endpoint with HTTP Basic
Authentication, similarly going through JAAS.
However, since WSDLGetInterceptor is placed in Phase.READ, it is not possible
to use JAASLoginInterceptor and SimpleAuthorizingInterceptorbecause due to the
fact that the two interceptors are placed in Phase.UNMARSHAL and
Phase.PRE_INVOKE respectively and they are far behind Phase.READ.
There are two possible solutions I can thinking of:
# move the WSDLGetInterceptor and RawMessageWSDLGetInterceptor from the
Phase.READ to Phase.PRE-INVOKE or later so they can take advantage of
JAASLoginInterceptor and SimpleAuthorizingInterceptor just as other SOAP calls;
# introduce one (or two) special interceptor to do what the
JAASLoginInterceptor and the SimpleAuthorizingInterceptor normally do just for
WSDL GET invocation.
The first option might introduce too much change but the second option sounds a
better choice. We should introduce one or two interceptors for WSDL GET
invocation to integrate with standard HTTP Authentication just like other SOAP
calls so users do not have to write custom interceptors themselves. Instead
they can simply enable it through configuration only.
It should also satisfy requirement for using the same
authentication/authorization method through JAAS just like other SOAP calls.
> Secure CXF WSDL with standard HTTP Authentication
> -------------------------------------------------
>
> Key: CXF-5922
> URL: https://issues.apache.org/jira/browse/CXF-5922
> Project: CXF
> Issue Type: Improvement
> Components: JAX-WS Runtime
> Affects Versions: 2.7.8
> Reporter: Joe Luo
>
> I am running a camel route in an OSGi container, with CXF as a consumer
> endpoint, using the Provider<T> route mechanism. The route is secured with
> SSL and HTTP Basic Authentication using JAASLoginInterceptor and
> SimpleAuthorizingInterceptor interceptors.
> Now I want to secure WSDL on the camel-cxf consumer endpoint with HTTP Basic
> Authentication, similarly going through JAAS.
> However, since WSDLGetInterceptor is placed in Phase.READ, it is not possible
> to use JAASLoginInterceptor and SimpleAuthorizingInterceptorbecause due to
> the fact that the two interceptors are placed in Phase.UNMARSHAL and
> Phase.PRE_INVOKE respectively and they are far behind Phase.READ.
> There are two possible solutions I can thinking of:
> # move the WSDLGetInterceptor and RawMessageWSDLGetInterceptor from the
> Phase.READ to Phase.PRE-INVOKE or later so they can take advantage of
> JAASLoginInterceptor and SimpleAuthorizingInterceptor just as other SOAP
> calls;
> # introduce one (or two) special interceptor to do what the
> JAASLoginInterceptor and the SimpleAuthorizingInterceptor normally do just
> for WSDL GET invocation.
> The first option might introduce too much change but the second option sounds
> a better choice. We should introduce one or two interceptors for WSDL GET
> invocation to integrate with standard HTTP Authentication just like other
> SOAP calls so users do not have to write custom interceptors themselves.
> Instead they can simply enable it through configuration only.
> It should also satisfy requirement for using the same
> authentication/authorization method through JAAS just like other SOAP calls.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
