Re: [Dev] WSS4JStaxInInterceptor SecurityEvent
The StartBodyInterceptor might help: https://github.com/apache/cxf/blob/master/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/interceptor/StartBodyInterceptor.java On Wed, Aug 9, 2017 at 4:18 PM, Isuranga Perera wrote: > I'm using CXF security policy enforcement without CXF transport. I convert > the policy file to a Neethi object and used PolicyInInterceptor to get > required interceptors to process the security header. I managed to verify > security successfully with stream security enabled. > > But now I can't extract the soap body to pass to the service. I need to > know about interceptors which can continue the process from here. > > On Wed, Aug 9, 2017 at 8:32 PM, Colm O hEigeartaigh > wrote: > >> What exactly are you trying to do with the streaming security >> interceptors? >> >> Colm. >> >> On Tue, Aug 8, 2017 at 4:53 PM, Isuranga Perera < >> isurangamper...@gmail.com> wrote: >> >>> Hi Colm >>> >>> Thanks for the immediate response. I managed to add stream security >>> interceptors and process security headers. But I found out that they change >>> message.getContent(StreamReader.class). So can you suggest a way to >>> extract SOAPBody from the content? >>> >>> Best Regards >>> >>> On Tue, Aug 8, 2017 at 7:52 PM, Colm O hEigeartaigh >> > wrote: >>> It's not something that you should need to configure. It's used by the streaming WS-Security code inside WSS4J to retrieve security "events" from either inbound or outbound processing. For example, on an inbound request you might decrypt a key which you might then need to use to secure the message reply. Colm. On Tue, Aug 8, 2017 at 10:51 AM, Isuranga Perera < isurangamper...@gmail.com> wrote: > Hi > > I'm using CXF security processing with stream security. There I was able > to find > > List requestSecurityEvents = > (List) soapMessage.getExchange().get( SecurityEvent.class.getName() > + ".out"); > > > Appreciate if you can explain how to set this SecurityEvent extension > manually and the purpose of it. > > Best Regards > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com >>> >>> >> >> >> -- >> Colm O hEigeartaigh >> >> Talend Community Coder >> http://coders.talend.com >> > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
Re: [Dev] WSS4JStaxInInterceptor SecurityEvent
I'm using CXF security policy enforcement without CXF transport. I convert the policy file to a Neethi object and used PolicyInInterceptor to get required interceptors to process the security header. I managed to verify security successfully with stream security enabled. But now I can't extract the soap body to pass to the service. I need to know about interceptors which can continue the process from here. On Wed, Aug 9, 2017 at 8:32 PM, Colm O hEigeartaigh wrote: > What exactly are you trying to do with the streaming security interceptors? > > Colm. > > On Tue, Aug 8, 2017 at 4:53 PM, Isuranga Perera > wrote: > >> Hi Colm >> >> Thanks for the immediate response. I managed to add stream security >> interceptors and process security headers. But I found out that they change >> message.getContent(StreamReader.class). So can you suggest a way to >> extract SOAPBody from the content? >> >> Best Regards >> >> On Tue, Aug 8, 2017 at 7:52 PM, Colm O hEigeartaigh >> wrote: >> >>> It's not something that you should need to configure. It's used by the >>> streaming WS-Security code inside WSS4J to retrieve security "events" >>> from >>> either inbound or outbound processing. For example, on an inbound request >>> you might decrypt a key which you might then need to use to secure the >>> message reply. >>> >>> Colm. >>> >>> On Tue, Aug 8, 2017 at 10:51 AM, Isuranga Perera < >>> isurangamper...@gmail.com> >>> wrote: >>> >>> > Hi >>> > >>> > I'm using CXF security processing with stream security. There I was >>> able >>> > to find >>> > >>> > List requestSecurityEvents = >>> > (List) soapMessage.getExchange().get( >>> SecurityEvent.class.getName() >>> > + ".out"); >>> > >>> > >>> > Appreciate if you can explain how to set this SecurityEvent extension >>> > manually and the purpose of it. >>> > >>> > Best Regards >>> > >>> >>> >>> >>> -- >>> Colm O hEigeartaigh >>> >>> Talend Community Coder >>> http://coders.talend.com >>> >> >> > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com >
Re: [Dev] WSS4JStaxInInterceptor SecurityEvent
What exactly are you trying to do with the streaming security interceptors? Colm. On Tue, Aug 8, 2017 at 4:53 PM, Isuranga Perera wrote: > Hi Colm > > Thanks for the immediate response. I managed to add stream security > interceptors and process security headers. But I found out that they change > message.getContent(StreamReader.class). So can you suggest a way to > extract SOAPBody from the content? > > Best Regards > > On Tue, Aug 8, 2017 at 7:52 PM, Colm O hEigeartaigh > wrote: > >> It's not something that you should need to configure. It's used by the >> streaming WS-Security code inside WSS4J to retrieve security "events" from >> either inbound or outbound processing. For example, on an inbound request >> you might decrypt a key which you might then need to use to secure the >> message reply. >> >> Colm. >> >> On Tue, Aug 8, 2017 at 10:51 AM, Isuranga Perera < >> isurangamper...@gmail.com> >> wrote: >> >> > Hi >> > >> > I'm using CXF security processing with stream security. There I was able >> > to find >> > >> > List requestSecurityEvents = >> > (List) soapMessage.getExchange().get( >> SecurityEvent.class.getName() >> > + ".out"); >> > >> > >> > Appreciate if you can explain how to set this SecurityEvent extension >> > manually and the purpose of it. >> > >> > Best Regards >> > >> >> >> >> -- >> Colm O hEigeartaigh >> >> Talend Community Coder >> http://coders.talend.com >> > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
Re: [Dev] WSS4JStaxInInterceptor SecurityEvent
Hi Colm Thanks for the immediate response. I managed to add stream security interceptors and process security headers. But I found out that they change message.getContent(StreamReader.class). So can you suggest a way to extract SOAPBody from the content? Best Regards On Tue, Aug 8, 2017 at 7:52 PM, Colm O hEigeartaigh wrote: > It's not something that you should need to configure. It's used by the > streaming WS-Security code inside WSS4J to retrieve security "events" from > either inbound or outbound processing. For example, on an inbound request > you might decrypt a key which you might then need to use to secure the > message reply. > > Colm. > > On Tue, Aug 8, 2017 at 10:51 AM, Isuranga Perera < > isurangamper...@gmail.com> > wrote: > > > Hi > > > > I'm using CXF security processing with stream security. There I was able > > to find > > > > List requestSecurityEvents = > > (List) soapMessage.getExchange().get( > SecurityEvent.class.getName() > > + ".out"); > > > > > > Appreciate if you can explain how to set this SecurityEvent extension > > manually and the purpose of it. > > > > Best Regards > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com >
Re: [Dev] WSS4JStaxInInterceptor SecurityEvent
It's not something that you should need to configure. It's used by the streaming WS-Security code inside WSS4J to retrieve security "events" from either inbound or outbound processing. For example, on an inbound request you might decrypt a key which you might then need to use to secure the message reply. Colm. On Tue, Aug 8, 2017 at 10:51 AM, Isuranga Perera wrote: > Hi > > I'm using CXF security processing with stream security. There I was able > to find > > List requestSecurityEvents = > (List) > soapMessage.getExchange().get(SecurityEvent.class.getName() > + ".out"); > > > Appreciate if you can explain how to set this SecurityEvent extension > manually and the purpose of it. > > Best Regards > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
[Dev] WSS4JStaxInInterceptor SecurityEvent
Hi I'm using CXF security processing with stream security. There I was able to find List requestSecurityEvents = (List) soapMessage.getExchange().get(SecurityEvent.class.getName() + ".out"); Appreciate if you can explain how to set this SecurityEvent extension manually and the purpose of it. Best Regards
