>What about older version of cxf?

Basically migration on older CXF is alternative, but as far as I can see WSS4J 
has WSSecurityEngine. getWssConfig() method since version 1.5.4. 
So it is necessary to migrate at least to CXF 2.1 that uses WSS4J 1.5.2.
CXF 2.2 already uses WSS4J 1.5.6 that definitely will have the same problem.
Not sure is CXF 2.1 is appropriate solution ...

Regards,
Andrei.

-----Original Message-----
From: [email protected] [mailto:[email protected]] 
Sent: Mittwoch, 17. Oktober 2012 12:39
To: [email protected]
Cc: nizarrazin
Subject: RE: CXF- WSS4J

What about older version of cxf?
On Oct 17, 2012 9:11 PM, "Andrei Shakirin" <[email protected]> wrote:

> Do you need HTTP-basic or UsernameToken authentication via SOAP Header?
>
> 1. For HTTP basic authentication you don't need any special 
> configuration on the service side, just get your username/password:
>         @Resource
>         WebServiceContext webServiceContext;
>
>         AuthorizationPolicy policy  = (AuthorizationPolicy) 
> webServiceContext.getMessageContext().get(AuthorizationPolicy.class.getName());
>         String username = policy.getUserName();
>         String password = policy.getPassword();
>
> 2. For UsernameToken authentication via SOAP Header I see the 
> following
> possibilities:
> a) Do not use CXF WSS4J stuff at all and obtain required values from 
> SOAP Header manually:
>         @Resource
>         WebServiceContext webServiceContext;
>
>         List<Header> list =
>  
> (List<Header>)webServiceContext.getMessageContext().get("org.apache.cxf.headers.Header.list");
>         for (Header key : list) {
>                      // Get UsernameToken header values here
>             System.out.println(key.getName() + " - " + key.getObject());
>                }
>
> b) You can try to configure UsernameTokenInterceptor instead 
> WSS4InInterceptor. It bypasses the full WSS4J handling and processes 
> the header directly.
> UsernameTokenInterceptor is also dependent on WSS4J, but MAY BE it 
> works also with older versions.
>
> Regards,
> Andrei.
>
> -----Original Message-----
> From: shadowlaw [mailto:[email protected]]
> Sent: Mittwoch, 17. Oktober 2012 10:03
> To: [email protected]
> Subject: Re: CXF- WSS4J
>
> I will ask in the Jonas forum, but the version we are using is pretty 
> old so I'm not sure if there is such a option. Is there another way to 
> to use the basic authentification without WSS4J in cxf or I have to 
> use spring security or other framework?
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/CXF-WSS4J-tp5716752p5716800.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>

Reply via email to