Hi,
> -----Original Message-----
> From: Martin Steffen Correa [mailto:[email protected]]
> Sent: Mittwoch, 16. Januar 2013 22:00
> To: [email protected]
> Subject: Re: WS-Security: How to insert two Security elements in SOAP
> header?
>
> Hi Glen,
>
> Thanks for your help,
> I read your posts 52 and 53,
> but i dont want to manually create the Security element (and
> UsernameToken element), because this is already implemented in actions
> (e.g.
> org.apache.ws.security.action.UsernameTokenAction).
> Therefore, I inspected the cxf code and, I find that is not allowed to define
> two interceptors with the same id in the same phase.
> In the class org.apache.cxf.phase.PhaseInterceptorChain (
> http://svn.apache.org/viewvc/cxf/tags/cxf-
> 2.7.2/api/src/main/java/org/apache/cxf/phase/PhaseInterceptorChain.java?
> revision=1429139&view=markup)
> in the insertInterceptor method, see:
> if (!force && cmpId.equals(id)) {
> // interceptor is already in chain
> return;
> }
>
> This means that I can not have two WSS4JOutInterceptor in the chain.
> Due to the above,
> I implemented the class: MyWSSecurityInterceptor (
> https://github.com/martins1930/samples/blob/master/gradle/WSCxf/WSCli
> ent/src/main/java/org/apache/cxf/ws/security/wss4j/uy/MyWSSecurityInte
> rceptor.java)
> This class is a copy of org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor
> ,
> except that MyWSSecurityInterceptor always returns a different ID
> (overwrote the method getId()).
> With this change, you can include multiple MyWSSecurityInterceptor in the
> chain, as you can see in my Spring conf:
> https://github.com/martins1930/samples/blob/master/gradle/WSCxf/WSCli
> ent/src/main/resources/client-bean.xml
> .
>
> I think that would be nice,
> that cxf team modify WSS4JOutInterceptor class to return a different ID each
> time.
> In this way support multiple WSS4JOutInterceptor in a chain.
I do not think that it is good idea to update WSS4JOutInterceptor in a way to
add multiple instances into chain, because it breaks a lot of existing code
that rely on fact that WSS4JOutInterceptor can be added only once.
However you can subclass WSS4JOutInterceptor, override getId() method and add
other constructor:
public CustomWSS4JOutInterceptor(boolean uniqueId) {
super();
id = getClass().getName();
if (uniqueId) {
id += System.identityHashCode(this);
}
}
It allows to add multiple interceptor instances into chain.
Andrei.
>
> MartÃn.
>
>
>
>
> On 15 January 2013 21:00, Glen Mazza <[email protected]> wrote:
>
> > If you're doing UsernameToken you might be able to manually create the
> > headers (it's possible they won't be too complex): Links #52 and #53 here:
> >
> http://www.jroller.com/gmazza/**entry/blog_article_index<http://www.jr
> oller.com/gmazza/entry/blog_article_index>, in particular the links at the
> bottom of #53, provide additional options.
> >
> > Glen
> >
> >
> > On 01/15/2013 04:19 PM, Martin Steffen Correa wrote:
> >
> >> Hello,
> >>
> >> I'm new to CXF and I want to create a SOAP message with two Security
> >> elements as follow:
> >>
> >> <soap:Header>
> >> <wsse:Security soap:actor="actor1" >
> >> ...
> >> </wsse:Security>
> >> <wsse:Security soap:actor="actor2" >
> >> ...
> >> </wsse:Security>
> >> </soap:Header>
> >>
> >> How I can generate a message with two Security elements in SOAP
> header?
> >>
> >> I configure my client with Spring:
> >> <jaxws:client id="helloClient">
> >> <jaxws:outInterceptors>
> >> <ref bean="ut_actor1" />
> >> <ref bean="ut_actor2" />
> >> </jaxws:outInterceptors>
> >> </jaxws:client>
> >>
> >> Both ut_actor1 and ut_actor2 are
> >> org.apache.cxf.ws.security.**wss4j.WSS4JOutInterceptor interceptors,
> >> but only one interceptor is executed, it seems that is not possible
> >> to define two interceptors of the same type.
> >>
> >> Thanks,
> >> Martin Steffen.
> >>
> >>
> >
> > --
> > Glen Mazza
> > Talend Community Coders - coders.talend.com
> > blog: www.jroller.com/gmazza
> >
> >
