Multiple authentication mechanisms for same Service

Tue, 26 Feb 2013 11:19:32 -0800 

I have a requirement where user can access my WS in following modes:
1) Username/Password in http mode
2) Username/Password in SSL mode
3) Certificate based (Signature/Encrypt) in SSL mode

Is it possible to support differnt kinds of such mechanisms for same
service? Can you point to some examples on how to do that? The following
configuration is resulting in an exception.


    
    <bean id="inbound-security"
class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
        <constructor-arg>
            <map>
                <entry key="action" value="UsernameToken Timestamp
Signature"/>
                <entry key="passwordType" value="PasswordDigest"/>
                <entry key="passwordCallbackRef"
value-ref="passwordCallbackHandler"/>

                
                <entry key="decryptionPropFile"
value="server_ks.properties"/>
                <entry key="encryptionKeyIdentifier" value="IssuerSerial"/>
                <entry key="encryptionKeyTransportAlgorithm"
                      
value="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>

                
                <entry key="signaturePropFile"
value="server_ts.properties"/>
                <entry key="signatureKeyIdentifier"
value="DirectReference"/>
                <entry key="signatureAlgorithm"
                       value="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>

            </map>
        </constructor-arg>
    </bean>

    
    <bean id="outbound-security"
class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
        <constructor-arg>
            <map>
                <entry key="action" value="Timestamp Signature"/>

                <entry key="encryptionPropFile"
value="server_ts.properties"/>
                <entry key="encryptionKeyIdentifier" value="IssuerSerial"/>
                <entry key="encryptionKeyTransportAlgorithm"
                      
value="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
                <entry key="encryptionParts">
                    <value>
                       
{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;
                       
{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body
                    </value>
                </entry>

                <entry key="signaturePropFile"
value="server_ks.properties"/>
                <entry key="signatureKeyIdentifier"
value="DirectReference"/>
                <entry key="signatureAlgorithm"
                       value="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                <entry key="signatureParts">
                    <value>
                       
{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;
                       
{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body
                    </value>
                </entry>

            </map>
        </constructor-arg>
    </bean>



javax.xml.ws.soap.SOAPFaultException: An error was discovered processing the
<wsse:Security> header
        at
org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75)
        at
org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46)
        at
org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35)
        at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
        at
org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:114)
        at
org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)
        at
org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
        at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
        at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:800)
        at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1592)
        at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1490)
        at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1309)
        at
org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:50)
        at
org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:229)
        at
org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
        at
org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:622)
        at
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
        at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
        at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
        at
org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
        at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:133)
        at $Proxy36.getServerDateTime(Unknown Source)
        at
com.bunty.ws.client.TimeServiceClient.getServerDateTime(TimeServiceClient.java:50)




--
View this message in context: 
http://cxf.547215.n5.nabble.com/Multiple-authentication-mechanisms-for-same-Service-tp5723726.html
Sent from the cxf-user mailing list archive at Nabble.com.

Reply via email to