Re: CXF with WS-Security using JAAS

2014-11-07 Thread Colm O hEigeartaigh 
The assumption with JAAS login modules is that the password is to be
compared as is. For the digest case you could simply store the passwords
in a digest form in the properties file.

Colm.

On Mon, Nov 3, 2014 at 10:52 AM, garethahealy garethahe...@gmail.com
wrote:

 I've also added the code my to github account @
 https://github.com/garethahealy/jboss-fuse-examples - ws-security-*



 --
 View this message in context:
 http://camel.465427.n5.nabble.com/CXF-with-WS-Security-using-JAAS-tp5758345p5758447.html
 Sent from the Camel - Users mailing list archive at Nabble.com.




-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Re: CXF with WS-Security using JAAS

2014-11-03 Thread garethahealy 
I've also added the code my to github account @
https://github.com/garethahealy/jboss-fuse-examples - ws-security-*



--
View this message in context: 
http://camel.465427.n5.nabble.com/CXF-with-WS-Security-using-JAAS-tp5758345p5758447.html
Sent from the Camel - Users mailing list archive at Nabble.com.

CXF with WS-Security using JAAS

2014-10-30 Thread garethahealy 
I am trying to secure a CXF endpoint with JAAS. But am hitting an issue/not
fully understanding how to get the PasswordDigest working. I have the
solution working when the password type is PasswordText.So I've created a
new realm, which points to a file as per below:
lt;jaas:config name=quot;webservicesquot; rank=quot;-1quot;gt;   
lt;jaas:module
className=quot;org.apache.karaf.jaas.modules.properties.PropertiesLoginModulequot;
flags=quot;requiredquot;gt; users =
$[karaf.base]/etc/com.garethahealy.webservices.cfg 
encryption.enabled
= true  encryption.name = jasyptencryption.prefix = ENC(   
encryption.suffix = )  detailed.login.exception = true
debug = truelt;/jaas:modulegt;lt;/jaas:configgt;
The contents of the file on first run is 'user.gareth=healy', which is then
re-written after the first call, to be ENC(hashed value), which seems
correct.Below is the WSS4J / JAAS / CXF setup:
lt;bean id=quot;authenticationInterceptorquot;
class=quot;org.apache.cxf.interceptor.security.JAASLoginInterceptorquot;gt;
lt;property name=quot;contextNamequot; value=quot;webservicesquot;/gt; 
lt;property name=quot;reportFaultquot;
value=quot;truequot;/gt;lt;/beangt;lt;bean
id=quot;wss4jInInterceptorquot;
class=quot;org.apache.cxf.ws.security.wss4j.WSS4JInInterceptorquot;gt;
lt;argumentgt;lt;mapgt; lt;entry 
key=quot;actionquot;
value=quot;UsernameToken Timestampquot; /gt; lt;entry
key=quot;passwordTypequot; value=quot;PasswordDigestquot; /gt; lt;!--
PasswordText / PasswordDigest --gt;lt;/mapgt;
lt;/argumentgt;lt;/beangt;   lt;cxf:cxfEndpoint
id=quot;helloWorldCxfquot;
address=quot;${cxf.helloworld.transport}://0.0.0.0:${cxf.helloworld.port}/cxf/helloWorldServicequot;

serviceClass=quot;com.garethahealy.helloworld.HelloWorldEndpointquot;gt;   
lt;cxf:inInterceptorsgt;  lt;ref
component-id=quot;wss4jInInterceptorquot; /gt;   lt;ref
component-id=quot;authenticationInterceptorquot; /gt;
lt;/cxf:inInterceptorsgt; lt;cxf:propertiesgt;  lt;entry
key=quot;schema-validation-enabledquot;
value=quot;${schema.validation.enabled}quot; /gt;lt;entry
key=quot;loggingFeatureEnabledquot;
value=quot;${logging.isCxfDebug}quot; /gt;   lt;entry
key=quot;ws-security.validate.tokenquot; value=quot;falsequot;/gt;
lt;/cxf:propertiesgt;lt;/cxf:cxfEndpointgt;
Below is the request when sending PasswordDigest:
Address: http://0.0.0.0:9001/cxf/helloWorldServiceEncoding:
UTF-8Http-Method: POSTContent-Type: text/xml;charset=UTF-8Headers:
{accept-encoding=[gzip,deflate], connection=[keep-alive],
Content-Length=[1242], content-type=[text/xml;charset=UTF-8],
Host=[0.0.0.0:9001],
SOAPAction=[http://helloworld.garethahealy.com/SayHello;],
User-Agent=[Apache-HttpClient/4.1.1 (java 1.5)]}Payload:lt;soapenv:Envelope
xmlns:hel=quot;http://helloworld.garethahealy.comquot;
xmlns:soapenv=quot;http://schemas.xmlsoap.org/soap/envelope/quot;gt;lt;soapenv:Headergt;
   
lt;wsse:Security
xmlns:wsse=quot;http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdquot;
xmlns:wsu=quot;http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdquot;
soapenv:mustUnderstand=quot;1quot;gt;lt;wsu:Timestamp
wsu:Id=quot;TS-85795D5F327115C93A141467959615289quot;gt;   
lt;wsu:Createdgt;2014-10-30T14:33:16Zlt;/wsu:Createdgt;   
lt;wsu:Expiresgt;2014-10-30T14:33:17Zlt;/wsu:Expiresgt;   
lt;/wsu:Timestampgt;lt;wsse:UsernameToken
wsu:Id=quot;UsernameToken-85795D5F327115C93A141467959615188quot;gt;   
lt;wsse:Usernamegt;user.garethlt;/wsse:Usernamegt;   
lt;wsse:Password
Type=quot;http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigestquot;gt;y2rUhVaSPSYGGJxx5vz/gAe8Kxo=lt;/wsse:Passwordgt;
   
lt;wsse:Nonce
EncodingType=quot;http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binaryquot;gt;AsgNPh2VykCuQ0CN4EvRPw==lt;/wsse:Noncegt;
   
lt;wsu:Createdgt;2014-10-30T14:33:16.151Zlt;/wsu:Createdgt;   
lt;/wsse:UsernameTokengt;lt;/wsse:Securitygt;lt;/soapenv:Headergt;lt;soapenv:Bodygt;
   
lt;hel:helloWorldRequestgt;lt;hellogt;garethlt;/hellogt;   
lt;/hel:helloWorldRequestgt;lt;/soapenv:Bodygt;lt;/soapenv:Envelopegt;
Which fails on the password match with: Unauthorized : Password for
user.gareth does not match.Any pointers to what i am doing wrong would be
helpful. This is running on JBoss Fuse 6.1 - redhat379 and i am sending the
request from SoapUI 5



--
View this message in context: 
http://camel.465427.n5.nabble.com/CXF-with-WS-Security-using-JAAS-tp5758345.html
Sent from the Camel - Users mailing list archive at Nabble.com.