Hi Anil, Yes it is possible to add and change token processors in CXF. See this unit test for an example (testCustomProcessor):
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java?view=markup In CXF 2.4, it is preferable to use a custom Validator instead of a custom Processor. The processors in WSS4J 1.6 (which CXF 2.4 depends on) only do some basic processing of the received token, and use a Validator to validate the object. You can plug in custom Validators in configuration in CXF for UsernameTokens, BinarySecurityTokens, or SAMLTokens. You can see an example in this test: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/SamlTokenTest.java?view=markup Colm. On Fri, Jun 24, 2011 at 10:43 AM, Blue Diamond <[email protected]> wrote: > Hi all, > > I am using CXF for my web services and have enabled WS-Security. I want to > hook my our security manager to token processors like UsernameTokenProcessor > or BinaryTokenProcessor and also want to support something like > CustomTokenProcessor. Is this possible (preferably programmatically rather > than cxf.xml). > > Any help on this topic is greatly appreciated. > > Thanks & Regards, > Anil > -- Colm O hEigeartaigh http://coheigea.blogspot.com/ Talend - http://www.talend.com
