Hi Oliver,
Thanks for the information.
I copied the IssuedTokenOutInterceptor code in IssuedTokenInterceptorProvider.
In the client I first got the Security token from the STS and then provided all
the information the out interceptor needs in the context(like AssertionInfoMap,
SecurityToken etc).
Now how can get the WSS4JOutInterceptor use this Assertion instead of trying to
create one with CallbackHandler?
My code below:
.....
Client client = ClientProxy.getClient(port);
Endpoint endPoint = client.getEndpoint();
STSClient stsClient =
(STSClient)bus.getExtension(BusApplicationContext.class).getBean("stsclient");
stsClient.setFeatures(features);
stsClient.setTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";);
stsClient.setKeyType("http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey";);
stsClient.setAddressingNamespace("http://www.w3.org/2005/08/addressing";);
SecurityToken tok = stsClient.requestSecurityToken("<url>");
((BindingProvider)port).getRequestContext().put(SecurityConstants.TOKEN, tok);
IssuedToken assertion = (IssuedToken)new
IssuedTokenBuilder(null).build(tok.getToken(), null);
List<Assertion> assertionCol = new ArrayList<Assertion>();
assertionCol.add(assertion);
AssertionInfoMap assertionInfoMap = new AssertionInfoMap(assertionCol);
((BindingProvider)port).getRequestContext().put(AssertionInfoMap.class.getName(),
assertionInfoMap);
Map<String,Object> outProps = new HashMap<String,Object>();
outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_SIGNED);
outProps.put(WSHandlerConstants.SAML_PROP_FILE, "saml.properties");
outProps.put(WSHandlerConstants.USER, "wsclient");
outProps.put(WSHandlerConstants.SIGNATURE_USER, "wsclient");
outProps.put(WSHandlerConstants.SIG_PROP_FILE, "wss40_client.properties");
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
ClientPasswordCallback.class.getName());
WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
endPoint.getOutInterceptors().add(wssOut);
endPoint.getOutInterceptors().add(new IssuedTokenOutInterceptor());
......
-Vinay
-----Original Message-----
From: Oliver Wulff [mailto:[email protected]]
Sent: Saturday, August 13, 2011 8:31 AM
To: [email protected]
Subject: RE: ws-security.sts.client
Hi Vinay
There is also a configuration way to enforce the issuance of a security token
from the STS and attach it to the outgoing request automatically. All you need
is the STSClient bean in the jaxws:client bean configuration as well as the
WS-SecurityPolicy in the WSDL or referenced externally (see policy options
here: http://cxf.apache.org/docs/how-it-works.html)
Talend has enriched the CXF distribution with additional examples. You can
download the examples for CXF (Talend Service Factory) here:
http://www.talend.com/download.php#SF
Have a look to the following examples (check the readme)
jaxws-ws-trust: Illustrates teh usage of WS-SecurityPolicy with an STS (your
case)
jaxws-ws-secpol : Illustrates the usage of WS-SecurityPolicy without an STS
You find there also a link for a manual which describes how to configure CXF
for WS-Trust.
If you still prefer to enforce it in your code, have a look to the CXF class
IssuedTokenInterceptorProvider which implements the communication with the STS:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java?view=markup
HTH
Thanks
Oli
-----Original Message-----
From: Penmatsa, Vinay [mailto:[email protected]]
Sent: Freitag, 12. August 2011 22:41
To: [email protected]
Subject: ws-security.sts.client
Hello,
I am able to get security token from STS, but now I want to use in the service
call. The problem is for STSClient I'm using spring configuration partially.
I have generated the web service client. How can I combine these two?
I tried to do:
((BindingProvider)port).getRequestContext().put("ws-security.sts.client",
stsClient);
But this seems to have no effect.
-Vinay
