Ws-policy based security config is probably going to be your best bet. I just completed a ws policy based solution where I wanted to support username / password for ssl or just username for mutual ssl
Works great with 2.7.4-SNAPSHOT On Feb 27, 2013 6:19 AM, "robin_blues" <[email protected]> wrote: > I have a requirement where user can access my WS in following modes: > 1) Username/Password in http mode > 2) Username/Password in SSL mode > 3) Certificate based (Signature/Encrypt) in SSL mode > > Is it possible to support differnt kinds of such mechanisms for same > service? Can you point to some examples on how to do that? The following > configuration is resulting in an exception. > > > > <bean id="inbound-security" > class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> > <constructor-arg> > <map> > <entry key="action" value="UsernameToken Timestamp > Signature"/> > <entry key="passwordType" value="PasswordDigest"/> > <entry key="passwordCallbackRef" > value-ref="passwordCallbackHandler"/> > > > <entry key="decryptionPropFile" > value="server_ks.properties"/> > <entry key="encryptionKeyIdentifier" value="IssuerSerial"/> > <entry key="encryptionKeyTransportAlgorithm" > > value="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> > > > <entry key="signaturePropFile" > value="server_ts.properties"/> > <entry key="signatureKeyIdentifier" > value="DirectReference"/> > <entry key="signatureAlgorithm" > value="http://www.w3.org/2000/09/xmldsig#rsa-sha1 > "/> > > </map> > </constructor-arg> > </bean> > > > <bean id="outbound-security" > class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"> > <constructor-arg> > <map> > <entry key="action" value="Timestamp Signature"/> > > <entry key="encryptionPropFile" > value="server_ts.properties"/> > <entry key="encryptionKeyIdentifier" value="IssuerSerial"/> > <entry key="encryptionKeyTransportAlgorithm" > > value="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> > <entry key="encryptionParts"> > <value> > > {Element}{ > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp > ; > > {Element}{http://schemas.xmlsoap.org/soap/envelope/}Body > </value> > </entry> > > <entry key="signaturePropFile" > value="server_ks.properties"/> > <entry key="signatureKeyIdentifier" > value="DirectReference"/> > <entry key="signatureAlgorithm" > value="http://www.w3.org/2000/09/xmldsig#rsa-sha1 > "/> > <entry key="signatureParts"> > <value> > > {Element}{ > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp > ; > > {Element}{http://schemas.xmlsoap.org/soap/envelope/}Body > </value> > </entry> > > </map> > </constructor-arg> > </bean> > > > > javax.xml.ws.soap.SOAPFaultException: An error was discovered processing > the > <wsse:Security> header > at > > org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75) > at > > org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46) > at > > org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35) > at > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271) > at > > org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:114) > at > > org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69) > at > > org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34) > at > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271) > at > org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:800) > at > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1592) > at > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1490) > at > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1309) > at > > org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:50) > at > org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:229) > at > org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56) > at > org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:622) > at > > org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62) > at > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271) > at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530) > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463) > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366) > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319) > at > org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) > at > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:133) > at $Proxy36.getServerDateTime(Unknown Source) > at > > com.bunty.ws.client.TimeServiceClient.getServerDateTime(TimeServiceClient.java:50) > > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/Multiple-authentication-mechanisms-for-same-Service-tp5723726.html > Sent from the cxf-user mailing list archive at Nabble.com. >
