On Jun 4, 2008, at 4:14 PM, Wes wrote:
Inside WSSecurityInterceptor (which extends AbstractSoapInterceptor)
I'm
explicitly creating a HashMap with the properties to create a
WSS4JInterceptor. That interceptor and my SAAJInINterceptor are
added to the
chain in my handleMessage routine. There are userful operations on the
WSS4JInterceptor, but at this point in code the callback doesn't
appear to
have been called yet. So calling the operations on the interceptor
return
null. I tried calling doIntercept off the interceptorChain but I get
the
same results.
To be honest, I'm a bit unclear on how the phases work and the
interactions
of the classes at this point. So it's very possible I'm doing
something
wrong. I think I need the message context inside the CallbackHandler's
handle routine. I just don't know how to get ahold of it or if
that's even
the correct approach.
I was hoping the "RequestData" object that was passed into the
getPasswordCB method was available to the handler somehow, but it
isn't. :-(
My suggestion would be to subclass the WSS4JInInterceptor and override
the getPasswordCB method to create your handler. The
RequestData.getMsgContext() call returns the CXF SoapMessage object
from which you can get/set all the properties you want. Just pass
that into your Handler class and you should be all set.
Dan
W
On Wed, Jun 4, 2008 at 3:40 PM, Boxiong Ding <[EMAIL PROTECTED]>
wrote:
Did you try extending WSS4JInInterceptor instead? It has a method
called
handleMessage() which takes a SoapMessage. I think you can do some
manipulation there.
Boxiong
----- Original Message ----
From: Wes <[EMAIL PROTECTED]>
To: [email protected]
Sent: Wednesday, June 4, 2008 12:20:37 PM
Subject: WSS4J, CXF, & Custom Attributes to a Service
Hello,
I hope you guys (and gals) can help. I've been fighting this for
days.
I have a CXF service that implements Username Token profile
security via
the
WSS4J api. Everything works as expected. I'm using SoapUI to test the
service. I can set an explicit username and password. Pass that data
through a class (WSSecurityInterceptor) that extends
AbstractSoapInterceptor
where I can place a CallBack class that implements CallbackHandler
and
validate the username/password I sent in from SOAPUI.
In my callback class, I will be integrating the authentication to
an Access
Manager API provided by our portal implementation. I can do this also
without a problem. The problem comes in when.... once I
authenticate the
user I have access to all the data from our backend ldap that I
will need
in
my service. I've been trying to figure out a way to decorate the
incoming
SOAP request with this specific data and, once inside my service,
retrieve
the data without double-tapping ldap.
I've tried adding SOAP Headers, but there isn't a context inside
the handle
method of the CallbackHandler. There has got to be a way to do this
that
I'm
just flat out missing. What is the correct way to decorate the SOAP
request
with additional data (provided during the actual authentication
routine)
inside the implemented CallbackHandler class?
Any hints would be greatly appreciated.
Wes
---
Daniel Kulp
[EMAIL PROTECTED]
http://www.dankulp.com/blog
