WS-SecureConversation would seem the "standard way" of doing this, but
last I checked we weren't able to implement it with CXF for some reason:
https://issues.apache.org/jira/browse/CXF-4457.
Glen
On 04/15/2013 07:37 AM, patch_78 wrote:
Hi Andrei,
Thank you very much for your guidance. I will check them.
I got the requirement as:
1) client will be authenticated by some identity provider (which can be on
the top of CXF STS) and get SAML2 token. This will be done during the
client logins using a Web interface.
2) the SAML2 token, as long as it is still valid, will be used by the client
later when the client calls web services.
On the example I found client automatically calls STS before calling web
services. What I think is to add SAML2 token manually into the cache *on
client side* (I hope the client does not call STS again as the token is
already in cache).
cheers,
patch
Andrei Shakirin wrote
Hi,
You can reuse CXF STSClient to get security token from STS
(org.apache.cxf.ws.security.trust.STSClient).
Look in IssuedTokenInterceptorProvider code to understand how to call
STSClient
(org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider.getTokenFromSTS())
You can also see how CXF cache for security token is implemented:
IssuedTokenInterceptorProvider.handleMessage(): retrieveCachedToken();
getTokenStore(message).add(tok).
Injection security token is more tricky. You can refer
AbstractBindingBuilder.handleSupportingTokens(),
AbstractBindingBuilder.addSupportingTokens(),
AsymmetricBindingHandler.doSignBeforeEncrypt() and doEncryptBeforeSign();
SymmetricBindingHandler and TransportBindingHandler.
Just out of curiosity: which requirements impede of using standard CXF
caching mechanism for security tokens?
Regards,
Andrei.
-----Original Message-----
From: patch_78 [mailto:
patch_78@
]
Sent: Sonntag, 14. April 2013 18:23
To:
[email protected]
Subject: Re: How to call STS directly and cache security token
Hi Andrei,
Thank you for your reply.
My requirement is actually Client explicitly gets security token from
STS,
injects the security token into SOAP header, and organizes its own
caching.
Is it possible for CXF framework? Do you have any suggestions or examples
?
Thanks!
patch
--
View this message in context:
http://cxf.547215.n5.nabble.com/How-to-call-
STS-directly-and-cache-security-token-tp5726259p5726266.html
Sent from the cxf-user mailing list archive at Nabble.com.
Andrei Shakirin wrote
Hi,
You can reuse CXF STSClient to get security token from STS
(org.apache.cxf.ws.security.trust.STSClient).
Look in IssuedTokenInterceptorProvider code to understand how to call
STSClient
(org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider.getTokenFromSTS())
You can also see how CXF cache for security token is implemented:
IssuedTokenInterceptorProvider.handleMessage(): retrieveCachedToken();
getTokenStore(message).add(tok).
Injection security token is more tricky. You can refer
AbstractBindingBuilder.handleSupportingTokens(),
AbstractBindingBuilder.addSupportingTokens(),
AsymmetricBindingHandler.doSignBeforeEncrypt() and doEncryptBeforeSign();
SymmetricBindingHandler and TransportBindingHandler.
Just out of curiosity: which requirements impede of using standard CXF
caching mechanism for security tokens?
Regards,
Andrei.
-----Original Message-----
From: patch_78 [mailto:
patch_78@
]
Sent: Sonntag, 14. April 2013 18:23
To:
[email protected]
Subject: Re: How to call STS directly and cache security token
Hi Andrei,
Thank you for your reply.
My requirement is actually Client explicitly gets security token from
STS,
injects the security token into SOAP header, and organizes its own
caching.
Is it possible for CXF framework? Do you have any suggestions or examples
?
Thanks!
patch
--
View this message in context:
http://cxf.547215.n5.nabble.com/How-to-call-
STS-directly-and-cache-security-token-tp5726259p5726266.html
Sent from the cxf-user mailing list archive at Nabble.com.
--
View this message in context:
http://cxf.547215.n5.nabble.com/How-to-call-STS-directly-and-cache-security-token-tp5726259p5726299.html
Sent from the cxf-user mailing list archive at Nabble.com.
