bharath thippireddy wrote:
1)How do we configure the interceptors at a bus level in cxf-servlet.xml along
with the endpoint declarations.
Configuring the CXF Bus can be found at [1]
2)Once the ws-security(user name token profile/encryption) is enabled on each
endpoint using the declarative method in cxf-servlet.xml we see the following
exception if the client sends a request without user token soap header.Since we
will be having other methods to authenticate how can we make these headers
optional. Is commenting the ws-security interceptor declaration in the
cxf-servlet.xml the only way?
If I am able to understand this point, you want to allow some client
request which doesn't have user name tokens. If this is the requirement
you can make use of WS-Policy to specify an optional behavior of
WS-SecurityPolicy.
or if in case you want to process the authentication yourself you can
write the custom authentication mechanism in CallbackHandler
or if in case you are sending your own custom user name token in the
header then you can write your own Interceptor to handle the DOM
presented by SAAJ.
Jun 16, 2009 1:43:28 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
handleMessage
WARNING: Request does not contain required Security header
Jun 16, 2009 1:43:28 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
handleMessage
WARNING:
org.apache.ws.security.WSSecurityException: An error was discovered processing the
<wsse:Security> header
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:200)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:77)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:236)
at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:89)
at
org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:99)
at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:337)
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:182)
at
org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServlet.java:163)
at
org.apache.cxf.transport.servlet.AbstractCXFServlet.doPost(AbstractCXFServlet.java:141)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
3)Does cxf support having custom tokens under the username token header ?.I do
see the methods available on the client and server callback classes but I do
not see the custom element getting added to the UT header.
Document doc = docBuilder.newDocument();
Element customToken=doc.createElement("customToken");
dbId.setTextContent("1");
pc.setCustomToken(customToken);
I never came across custom tokens under username token in UsernameToken
specification (both 1.0 and 1.1) by OASIS. Upto my best information
there's nothing like that. Will be a surprise to me too :)
With Regards,
Mayank
[1]. http://cwiki.apache.org/CXF20DOC/bus-configuration.html
thanks and regards,
Bharath
