I am also working on for the same project, and given first stab to it:-
a) Define a SpnegoContextToken, this can extend SecureConversationToken.
b) Define builder and Interceptor provider to build SpnegoToken from the
xml.
c) Register both the builder and Interceptor in your client code:-
AssertionBuilderRegistry reg = bus
.getExtension(AssertionBuilderRegistry.class);
PolicyInterceptorProviderRegistry pipr = bus
.getExtension(PolicyInterceptorProviderRegistry.class);
reg.register(new SpnegoContextTokenBuilder());
pipr.register(new SpnegoContextTokenInterceptorProvider(
new SpnegoContextTokenInterceptor()));
d) Write logic to generate SpnegoToken in SpnegoContextTokenInterceptor(),
this is not difficult, you can also look at SpengoAuthSupplier class in cxf
2.4 to acheive this. Only tricky thing is configuration that is generating
login.conf file kbr5.ini file, let me know if some body needs more info
around it.
e) This Token need to be added as binary security token and also used to
sign and encypt message, so provide that logic in the handle message method.
You can consult this unit test to see how to do that:-
http://svn.apache.org/repos/asf//webservices/wss4j/tags/1_6_0-alpha/src/test/java/org/apache/ws/security/message/token/BSTKerberosTest.java
f) Make sure the constructor SpnegoContextTokenInterceptor() has this line
super(Phase.POST_PROTOCOL);.
e) I am still having some security issues while getting incoming message
from .Net web service, will update once i am able to resolve that.
--
View this message in context:
http://cxf.547215.n5.nabble.com/SpnegoContextToken-Security-Token-support-for-CXF-tp569273p4504120.html
Sent from the cxf-user mailing list archive at Nabble.com.
