Hi Andrei, Thank you very much for your guidance. I will check them.
I got the requirement as: 1) client will be authenticated by some identity provider (which can be on the top of CXF STS) and get SAML2 token. This will be done during the client logins using a Web interface. 2) the SAML2 token, as long as it is still valid, will be used by the client later when the client calls web services. On the example I found client automatically calls STS before calling web services. What I think is to add SAML2 token manually into the cache *on client side* (I hope the client does not call STS again as the token is already in cache). cheers, patch Andrei Shakirin wrote > Hi, > > You can reuse CXF STSClient to get security token from STS > (org.apache.cxf.ws.security.trust.STSClient). > Look in IssuedTokenInterceptorProvider code to understand how to call > STSClient > (org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider.getTokenFromSTS()) > You can also see how CXF cache for security token is implemented: > IssuedTokenInterceptorProvider.handleMessage(): retrieveCachedToken(); > getTokenStore(message).add(tok). > > Injection security token is more tricky. You can refer > AbstractBindingBuilder.handleSupportingTokens(), > AbstractBindingBuilder.addSupportingTokens(), > AsymmetricBindingHandler.doSignBeforeEncrypt() and doEncryptBeforeSign(); > SymmetricBindingHandler and TransportBindingHandler. > > Just out of curiosity: which requirements impede of using standard CXF > caching mechanism for security tokens? > > Regards, > Andrei. > > >> -----Original Message----- >> From: patch_78 [mailto: > patch_78@ > ] >> Sent: Sonntag, 14. April 2013 18:23 >> To: > [email protected] >> Subject: Re: How to call STS directly and cache security token >> >> Hi Andrei, >> >> Thank you for your reply. >> >> My requirement is actually Client explicitly gets security token from >> STS, >> injects the security token into SOAP header, and organizes its own >> caching. >> Is it possible for CXF framework? Do you have any suggestions or examples >> ? >> >> Thanks! >> patch >> >> >> >> -- >> View this message in context: >> http://cxf.547215.n5.nabble.com/How-to-call- >> STS-directly-and-cache-security-token-tp5726259p5726266.html >> Sent from the cxf-user mailing list archive at Nabble.com. Andrei Shakirin wrote > Hi, > > You can reuse CXF STSClient to get security token from STS > (org.apache.cxf.ws.security.trust.STSClient). > Look in IssuedTokenInterceptorProvider code to understand how to call > STSClient > (org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider.getTokenFromSTS()) > You can also see how CXF cache for security token is implemented: > IssuedTokenInterceptorProvider.handleMessage(): retrieveCachedToken(); > getTokenStore(message).add(tok). > > Injection security token is more tricky. You can refer > AbstractBindingBuilder.handleSupportingTokens(), > AbstractBindingBuilder.addSupportingTokens(), > AsymmetricBindingHandler.doSignBeforeEncrypt() and doEncryptBeforeSign(); > SymmetricBindingHandler and TransportBindingHandler. > > Just out of curiosity: which requirements impede of using standard CXF > caching mechanism for security tokens? > > Regards, > Andrei. > > >> -----Original Message----- >> From: patch_78 [mailto: > patch_78@ > ] >> Sent: Sonntag, 14. April 2013 18:23 >> To: > [email protected] >> Subject: Re: How to call STS directly and cache security token >> >> Hi Andrei, >> >> Thank you for your reply. >> >> My requirement is actually Client explicitly gets security token from >> STS, >> injects the security token into SOAP header, and organizes its own >> caching. >> Is it possible for CXF framework? Do you have any suggestions or examples >> ? >> >> Thanks! >> patch >> >> >> >> -- >> View this message in context: >> http://cxf.547215.n5.nabble.com/How-to-call- >> STS-directly-and-cache-security-token-tp5726259p5726266.html >> Sent from the cxf-user mailing list archive at Nabble.com. -- View this message in context: http://cxf.547215.n5.nabble.com/How-to-call-STS-directly-and-cache-security-token-tp5726259p5726299.html Sent from the cxf-user mailing list archive at Nabble.com.
