[
https://issues.apache.org/jira/browse/CXF-5922?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Freeman Fang resolved CXF-5922.
-------------------------------
Resolution: Fixed
Fix Version/s: 3.1.0
3.0.2
2.7.13
commit fix
http://git-wip-us.apache.org/repos/asf/cxf/commit/8ebe5261 for master
http://git-wip-us.apache.org/repos/asf/cxf/commit/b3d5313c for 3.0.x-fixes
branch
http://git-wip-us.apache.org/repos/asf/cxf/commit/e7dae9b2 for 2.7.x-fixes
branch
now can enable the get wsdl authentication by add an interceptor like
{code}
<bean id="wsdlGetAuthenticationInterceptor"
class="org.apache.cxf.transport.http.auth.WSDLGetAuthenticatorInterceptor">
<!-- realm context name-->
<property name="contextName" value="karaf"/>
</bean>
<jaxws:endpoint id="helloWorld"
implementor="..."
address="/HelloWorld">
<jaxws:inInterceptors>
<ref component-id="wsdlGetAuthenticationInterceptor"/>
</jaxws:inInterceptors>
</jaxws:endpoint>
{code}
> Secure CXF WSDL with standard HTTP Authentication
> -------------------------------------------------
>
> Key: CXF-5922
> URL: https://issues.apache.org/jira/browse/CXF-5922
> Project: CXF
> Issue Type: Improvement
> Components: JAX-WS Runtime
> Affects Versions: 2.7.8
> Reporter: Joe Luo
> Assignee: Freeman Fang
> Fix For: 2.7.13, 3.0.2, 3.1.0
>
>
> I am running a camel route in an OSGi container, with CXF as a consumer
> endpoint, using the Provider<T> route mechanism. The route is secured with
> SSL and HTTP Basic Authentication using JAASLoginInterceptor and
> SimpleAuthorizingInterceptor interceptors.
> Now I want to secure WSDL on the camel-cxf consumer endpoint with HTTP Basic
> Authentication, similarly going through JAAS.
> However, since WSDLGetInterceptor is placed in Phase.READ, it is not possible
> to use JAASLoginInterceptor and SimpleAuthorizingInterceptorbecause due to
> the fact that the two interceptors are placed in Phase.UNMARSHAL and
> Phase.PRE_INVOKE respectively and they are far behind Phase.READ.
> There are two possible solutions I can thinking of:
> # move the WSDLGetInterceptor and RawMessageWSDLGetInterceptor from the
> Phase.READ to Phase.PRE-INVOKE or later so they can take advantage of
> JAASLoginInterceptor and SimpleAuthorizingInterceptor just as other SOAP
> calls;
> # introduce one (or two) special interceptor to do what the
> JAASLoginInterceptor and the SimpleAuthorizingInterceptor normally do just
> for WSDL GET invocation.
> The first option might introduce too much change but the second option sounds
> a better choice. We should introduce one or two interceptors for WSDL GET
> invocation to integrate with standard HTTP Authentication just like other
> SOAP calls so users do not have to write custom interceptors themselves.
> Instead they can simply enable it through configuration only.
> It should also satisfy requirement for using the same
> authentication/authorization method through JAAS just like other SOAP calls.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
