I have two endpoints, one derived from jaxws:endpoint and other via Provider
interface. Both have different service ports, names but share same binding.
Both are wired with WS-Security policy.
<service name="Service1">
<port name="ServicePort" binding="tns:ReportServiceBinding">
<soap:address location="http://localhost/reportService/"; />
</port>
</service>
<service name="Service2">
<port name="ServiceRouterPort" binding="tns:ReportServiceBinding">
<soap:address
location="http://L151ATS033040:9081/ewbservice/soap/praService"; />
</port>
</service>
Service 1 is jaxws:endpoint with jaxws:inInterceptor
<jaxws:endpoint id="service1" endpointName="s:ServicePort"
serviceName="s:MyService" implementor="#ServiceEndpoint"
xmlns:s="http://services.mycomp.com/services";
address="/Service1">
<jaxws:inInterceptors>
<ref bean="logInbound" />
<ref bean="ValidationInterceptor" />
</jaxws:inInterceptors>
<jaxws:properties>
<entry key="mtom-enabled" value="true" />
<entry key="ws-security.ut.validator">
<ref bean="SecurityInterceptor" />
</entry>
</jaxws:properties>
</jaxws:endpoint>
Service 2, is a provider endpoint, where after authentication I route
request via camel to an external webservice
<cxf-camel:cxfEndpoint id="Service2" address="/praService"
endpointName="s:ServiceRouterPort" serviceName="s:Service2"
xmlns:s="http://services.mycomp.com/services";
serviceClass="#otherServiceEndpoint">
<cxf-camel:properties>
<entry key="ws-security.ut.validator">
<ref bean="SecurityInterceptor" />
</entry>
</cxf-camel:properties>
</cxf-camel:cxfEndpoint>
While testing with security policies enabled,
Service 2 works as expected.
Service 1 works as expected when Service 2 is not wired to security policy
Service 1, and 2 works as expected when both wired to security policy AND
ValidationInterceptor on Service 1 is disabled. Note: LoggingInInterceptor
is still active and is called even before PolicyInterceptor.
ValidationInterceptor extends HolderInInterceptor in my implemenation.
I use WSDL first, but tried to inject policies via annotation and as well
WSDL. I can see the policies on ?WSDL in both cases.
Looking at CXF code, both PolicyInInterceptor and HolderInInterceptor
extends AbstractPhaseInterceptor, so how do you make sure the security
policies are executed first before any of your application level interceptor
extensions. If the behavior posted here, is is as per design, how do I make
sure my ValidationInterceptor is invoked before the thread enters my
service?
--
View this message in context:
http://cxf.547215.n5.nabble.com/Multiple-endpoints-and-security-policy-tp5519904p5519904.html
Sent from the cxf-user mailing list archive at Nabble.com.
