I have created a web service server (code first method) by using the
@WebService(endpointInterface = "edu.uci.oit.dwh.webservices.DWHServer",
serviceName = "DWHServer") annotation. I am trying to add a security level
on top of this. After reading through some posts, I have added the
following annotation
@InInterceptors(interceptors={"edu.uci.oit.dwh.webservices.WSSecurityInterceptor"})
However I have some questions and hope someone here with better knowledge
could help me out.
1. How does this interceptor work? Does that mean all the messages coming
in to my webservice server now will go through the interceptor class I
specify from the ininterceptor annotation?
2. Below is the interceptor implementation I copied from one of the earlier
posts. All the interceptors are added to the message.getInterceptorChain().
Does that the same as adding the interceptors to the endpoint? If not,
what's the difference?
3. Could anyone help me understand how to use WSS4JInInterceptor class? In
the example below, it's constructed with a hashmap. Will the
WSS4JInInterceptor instance then automatically validate the username and
password?
4. I have currently comment out the SAAJInInterceptor and
userTokenInterceptor. What's the point for having SAAJInInterceptor here?
5. I know userTokenInterceptor is the custom interceptor, but in my
implementation of it, I don't have a way to add the logic from the message
in it's handleMessage() method. Could someone tell me what's the normal use
case for the custom interceptor and how is it usually implemented like?
public class WSSecurityInterceptor extends AbstractPhaseInterceptor {
public WSSecurityInterceptor() {
super(Phase.PRE_PROTOCOL);
}
public WSSecurityInterceptor(String s) {
super(Phase.PRE_PROTOCOL);
}
public void handleMessage(Message message) throws Fault {
Map props = new HashMap();
props.put(WSHandlerConstants.ACTION,
WSHandlerConstants.USERNAME_TOKEN);
props.put(WSHandlerConstants.PW_CALLBACK_CLASS,
ServerPasswordHandler.class.getName());
WSS4JInInterceptor wss4jInInterceptor = new
WSS4JInInterceptor(props);
System.out.println("props:" + props);
ValidateUserTokenInterceptor userTokenInterceptor = new
ValidateUserTokenInterceptor(Phase.POST_PROTOCOL);
message.getInterceptorChain().add(wss4jInInterceptor);
//message.getInterceptorChain().add(new SAAJInInterceptor());
//message.getInterceptorChain().add(userTokenInterceptor);
}
}
Sorry I know I am kind of not asking specific questions but because I am not
too clear on the whole picture. I really appreciate any one who could help
me out. Thanks in advance.
~Adam
--
View this message in context:
http://cxf.547215.n5.nabble.com/Interceptors-for-WS-security-tp5722285.html
Sent from the cxf-user mailing list archive at Nabble.com.
