RE: Code only STSClient

Sun, 17 Mar 2013 07:50:52 -0700 

Hi,

> For example, is there a way for me to register the bus with CXF in spring so 
> that I can retrieve it in my code through some CXF API?

There are some options to do it:
a) use @Resource annotation for Bus field or setter in your spring bean
    @Resource(name = "cxf")
    public void setBus(Bus b) {
    }
b) explicitly inject cxf bus in your bean:
        <bean id="test" class="org.apache..cxf.test">
                <property name="bus" ref="cxf" />
        </bean>
c) use BusFactory.getDefaultBus() and BusFactory.getThreadDefaultBus() static 
methods.

May I ask you to explain your use case more detailed?
Normally there is no need to create your own STSClient, because CXF runtime 
contains embedded one.
So it is enough to 
a) properly configure the client in spring or programmatically:    
<jaxws:client id="doubleit"
       wsdlLocation="classpath:/DoubleIt.wsdl"
       serviceClass="org.example.contract.doubleit.DoubleItPortType"
       xmlns:ns1="http://www.example.org/contract/DoubleIt";
       serviceName="ns1:DoubleItService"
       endpointName="ns1:DoubleItPort">
       <jaxws:properties>
           <entry key="ws-security.sts.client">
               <bean class="org.apache.cxf.ws.security.trust.STSClient">
                   <argument ref="cxf"/>
                   <property name="wsdlLocation" 
value="DoubleItSTSService.wsdl"/>
                   <property name="serviceName" 
value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}DoubleItSTSService"/>
                   <property name="endpointName" 
value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}DoubleItSTSPort"/>
                   <property name="properties">
                       <map>
                           <entry key="ws-security.callback-handler" 
value="client.ClientCallbackHandler"/>
                           <entry key="ws-security.sts.token.username" 
value="myclientkey"/>
                           <entry key="ws-security.sts.token.properties" 
value="clientKeystore.properties"/> 
                           <entry key="ws-security.sts.token.usecert" 
value="false"/> 
                       </map>
                   </property>
               </bean>            
           </entry> 
       </jaxws:properties>
   </jaxws:client>

b) Use appropriate STS WS security policy, where you can enforce SSL via 
transport binding, for example:
    <wsp:Policy wsu:Id="Transport_policy">
      <wsp:ExactlyOne>
         <wsp:All>
            <wsap10:UsingAddressing/>
            <sp:TransportBinding
               
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
               <wsp:Policy>
                  <sp:TransportToken>
                     <wsp:Policy>
                        <sp:HttpsToken>
                            <wsp:Policy/>
                        </sp:HttpsToken>
                     </wsp:Policy>
                  </sp:TransportToken>
                  <sp:AlgorithmSuite>
                     <wsp:Policy>
                        <sp:Basic128 />
                     </wsp:Policy>
                  </sp:AlgorithmSuite>
                  <sp:Layout>
                     <wsp:Policy>
                        <sp:Lax />
                     </wsp:Policy>
                  </sp:Layout>
                  <sp:IncludeTimestamp />
               </wsp:Policy>
            </sp:TransportBinding>
            <sp:SignedSupportingTokens
               
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
               <wsp:Policy>
                  <sp:UsernameToken
                     
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
                     <wsp:Policy>
                        <sp:WssUsernameToken10 />
                     </wsp:Policy>
                  </sp:UsernameToken>
               </wsp:Policy>
            </sp:SignedSupportingTokens>
            <sp:Wss11
               
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
               <wsp:Policy>
                  <sp:MustSupportRefKeyIdentifier />
                  <sp:MustSupportRefIssuerSerial />
                  <sp:MustSupportRefThumbprint />
                  <sp:MustSupportRefEncryptedKey />
               </wsp:Policy>
            </sp:Wss11>
            <sp:Trust13
               
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
               <wsp:Policy>
                  <sp:MustSupportIssuedTokens />
                  <sp:RequireClientEntropy />
                  <sp:RequireServerEntropy />
               </wsp:Policy>
            </sp:Trust13>
         </wsp:All>
      </wsp:ExactlyOne>
    </wsp:Policy>

CXF will automatically activate appropriate interceptors, communicate with STS, 
inject security token in SOAP message, etc.
You can find more details in Glen's blog: 
http://www.jroller.com/gmazza/entry/cxf_sts_tutorial .

This is recommended way to work with STS in CXF. Why it doesn't fit for your 
use case?

Regards,
Andrei.

> -----Original Message-----
> From: geecxf [mailto:[email protected]]
> Sent: Freitag, 15. März 2013 23:55
> To: [email protected]
> Subject: Re: Code only STSClient
> 
> Thanks for the response. The short answer is that I didn't really set it to 
> false.
> I just copied it like that from the CXF system tests. I'll look at the links 
> you
> suggested. Perhaps the solution is as simple as setting that flag to true. 
> Have
> a great weekend.
> 
> 
> 
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Code-only-
> STSClient-tp5724575p5724663.html
> Sent from the cxf-user mailing list archive at Nabble.com.

Reply via email to