In plain CXF you can specify the endpoint address which can include an IP Adress but there are no placeholders. What do you try to achieve with a specific IP?
Christian Am Fr., 2. Nov. 2018 um 09:56 Uhr schrieb Niehues, Christian < [email protected]>: > Hi Christian, > > > meanwhile I was also able to access a simple CXF endpoint from remote that > has been defined in blueprint, including authorization and authentication. > My only remaining problem with that solution is that I don't know how to > define something like a placeholder for the address value to get a IP > specific address. A placeholder definition value like {{hostIP}} doesn't > seems to be replaced. > > > Is there maybe another way to achieve this? > > > Thanks > > Christian > > > -- > Christian Niehues > Tel.: +49 (0)221 820 07 27 > > ---------------------------------------------------------------- > ITS Digital Solutions GmbH > Dillenburger Str. 77 > D-51105 Köln > Tel.: +49 (0)221 820 07 0 > Fax : +49 (0)221 820 07 22 <%2B49%20%280%29221%20820%2007%2022> > Mail: [email protected] <[email protected]> > Web : http://www.its-digital.de <http://www.its-telco.de/> > ---------------------------------------------------------------- > Sitz der Gesellschaft: Dortmund > Amtsgericht Dortmund, HRB 28563 > Geschäftsführer: Gunnar Haack, Ludger Schulte, Heinrich Toben, Raimund > Schipp, Ralf Petersilka > ---------------------------------------------------------------- > > Diese E-Mail enthält vertrauliche Informationen. Wenn Sie nicht der > richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, > informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. > Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist > nicht gestattet. > > This e-mail may contain confidential information. If you are not the > intended recipient (or have received this e-mail in error) please notify > the sender immediately and destroy this e-mail. Any unauthorised copying, > disclosure or distribution of the material in this e-mail is strictly > forbidden. > > ------------------------------ > *Von:* Christian Schneider <[email protected]> > *Gesendet:* Montag, 29. Oktober 2018 16:57:14 > *An:* [email protected] > *Betreff:* Re: Aries RSA: securing exported services with ExportPolicy > > Hi Christian, > > the JAASAuthenticationFeature only does authentication. > When deployed in karaf the default realm should be fine. > > For authorisation see e.g the SimpleAuthorizingInterceptor. > http://cxf.apache.org/docs/securing-cxf-services.html > > Christian > > Am Mo., 29. Okt. 2018 um 09:42 Uhr schrieb Niehues, Christian < > [email protected]>: > >> I was not able to add an interceptor by setting a service property (I >> used "org.apache.cxf.ws.in.interceptors"). >> >> >> But I followed your advice and tried to use a CXF feature. I noticed that >> there is a ready-to-use JAASAuthenticationFeature so I registered it as >> a service intend. If I understand it right I can select the realm to use by >> setting the contextname of the feature but it is also possible to choose a >> specific group or user? >> >> >> Thanks >> >> Christian >> >> >> ------------------------------ >> *Von:* Christian Schneider <[email protected]> >> *Gesendet:* Freitag, 26. Oktober 2018 12:44:05 >> *An:* [email protected] >> *Betreff:* Re: Aries RSA: securing exported services with ExportPolicy >> >> Any webservice exported using blueprint is accessible from remote. You >> will only not see it as a rsa remote service. >> >> What I meant is. Can you export your service using rsa but without an >> Export policy if you add the interceptor as a service property? I am not >> sure if this kind of interceptors work with the current cxf dosgi versions. >> >> In general the recommended practice for securing services is using a CXF >> feature and refer to it as an intent. For example the new CXF logging >> feature registers itself as an intent. >> >> https://github.com/apache/cxf/blob/master/rt/features/logging/src/main/java/org/apache/cxf/ext/logging/osgi/Activator.java#L89-L90 >> >> The rest example readme shows how to add such an intent to your service: >> >> https://github.com/apache/cxf-dosgi/blob/59e432afabb2a8f6a812b2a8f12cda68f4bfa775/samples/rest/README.md#add-logging-intent >> (Basically you simply add a service property "service.exported.intents" >> with your intent name as value). >> >> This way you could create a feature that adds the security interceptors >> and export it with intent name "mysecurity" and then add the service >> property above to all services that should be secured. >> >> The ExportPolicy is only needed if you want to add this property >> transparently to your services without touching them. >> >> Christian >> >> Am Fr., 26. Okt. 2018 um 12:27 Uhr schrieb Niehues, Christian < >> [email protected]>: >> >>> It works if I define the service as CXF endpoint in blueprint. But if I >>> set it there it is not published as RSA endpoint and so it seems it's not >>> accessible from remote. >>> >>> >>> Christian >>> >>> >>> ------------------------------ >>> *Von:* Christian Schneider <[email protected]> >>> *Gesendet:* Donnerstag, 25. Oktober 2018 17:24:40 >>> *An:* [email protected] >>> *Betreff:* Re: Aries RSA: securing exported services with ExportPolicy >>> >>> Does it work if you set the interceptor directly on the service? >>> >>> Christian >>> >>> Am Do., 25. Okt. 2018 um 08:57 Uhr schrieb Niehues, Christian < >>> [email protected]>: >>> >>>> Hi, >>>> >>>> >>>> I try to export a service in my karaf to be able to process SOAP >>>> messages sent from remote client but I am facing problems to secure it. The >>>> documentation for Aries RSA about the TopologyManager notes that >>>> ExportPolicy implementations can be used to add authentication but I am >>>> missing further details. >>>> >>>> >>>> I tried to achieve it by adding an interceptor in my ExportPolicy but >>>> that seems not to help: >>>> >>>> >>>> props.put("service.exported.configs", "org.apache.cxf.ws"); >>>> props.put("org.apache.cxf.ws.address", "http://192.168.1.100:9000/sync >>>> "); >>>> props.put("org.apache.cxf.ws.in.interceptors", >>>> "com.acme.MyInterceptor"); >>>> >>>> com.acme.Myinterceptor extends >>>> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor >>>> >>>> I also tried to provide the Interceptor classname as List<String> or >>>> String[] but that didn't work either, the interceptor never get's invoked >>>> when sending messages. >>>> >>>> So what I am doing wrong or is there any other/better way to secure a >>>> service provided by Aries RSA? >>>> >>>> Thanks, >>>> >>>> Christian >>>> >>>> >>> >>> -- >>> -- >>> Christian Schneider >>> http://www.liquid-reality.de >>> >>> Computer Scientist >>> http://www.adobe.com >>> >>> >> >> -- >> -- >> Christian Schneider >> http://www.liquid-reality.de >> >> Computer Scientist >> http://www.adobe.com >> >> > > -- > -- > Christian Schneider > http://www.liquid-reality.de > > Computer Scientist > http://www.adobe.com > > -- -- Christian Schneider http://www.liquid-reality.de Computer Scientist http://www.adobe.com
