Sergey,
I will do so, thx for help.
BR,
Jakub
On Thu, Jul 11, 2013 at 12:26 PM, Sergey Beryozkin <sberyoz...@gmail.com>wrote:
> Hi
>
> On 11/07/13 10:59, Ja kub wrote:
>
>> Hi Sergey,
>>
>> Thx for response.
>>
>> Sorry I haven't written before, but I run cxf on tomcat, as servlet, this
>> changes situation:
>> <servlet>
>> <servlet-name>cxf</servlet-**name>
>> <display-name>cxf</display-**name>
>> <description>Apache CXF Endpoint</description>
>>
>> <servlet-class>org.apache.cxf.**transport.servlet.CXFServlet</**
>> servlet-class>
>> <load-on-startup>1</load-on-**startup>
>> <async-supported>true</async-**supported>
>> </servlet>
>>
>> so above config will probably not work (it's for jetty).
>>
>> First I thought I can somehow do this authorization with spring-security,
>> and display soap fault on auth error.
>> To be able to do it in interceptor I can not use spring-security for
>> authorization. Possibly in such case, when I do authorization manually, it
>> will be enough to throw RuntimeException from authorization method, and
>> cxf
>> will generate usual soap fault (I guess it will).
>> This will go with http 200 status, I guess. Maybe it will be sufficient.
>> Your solution would be nicer, because it could go with 403 http status.
>>
>
> I wonder if we should work on creating a CXF level interceptor, similar to
> JAASLoginInterceptor (works with Basic Auth, etc), to get client certs
> utilized for creating security context and using it with CXF
> SimpleAuthorizingInterceptor
>
> In meantime - please experiment with intercepting somehow Spring Sec
> reporting 403,
>
> Sergey
>
>>
>> Thx again for response.
>>
>> BR,
>> Jakub
>>
>>
>>
>>
>> On Thu, Jul 11, 2013 at 11:37 AM, Sergey Beryozkin <sberyoz...@gmail.com
>> >wrote:
>>
>> Hi
>>>
>>> On 10/07/13 23:00, Ja kub wrote:
>>>
>>> Hallo
>>>>
>>>> Do you know if there is any out of the box solution to send soap fault
>>>> when
>>>> authentication to web service fails (auth is with client cert over ssl)?
>>>>
>>>> Now I get regular html page, but I would prefer to get soap fault.
>>>>
>>>>
>>> I think you can register a Fault out interceptor in
>>> jaxws:outFaultInterceptors, this interceptor will write a soap fault
>>> directly:
>>>
>>> public class CustomOutFaultInterceptor extends
>>> AbstractPhaseInterceptor<****Message>
>>>
>>> {
>>> public CustomOutFaultInterceptor() {
>>> this(Phase.PRE_STREAM);
>>> }
>>> public void handleMessage(Message message) throws Fault {
>>> Exception ex = message.getContent(Exception.****class);
>>> // check the exception
>>>
>>> HttpServletResponse response = (HttpServletResponse)message.***
>>> *
>>> getExchange()
>>> .getInMessage().get(****AbstractHTTPDestination.HTTP_****
>>>
>>> RESPONSE);
>>>
>>> // write to response directly
>>>
>>> }
>>>
>>> }
>>>
>>> CXF may have utilities for generating SoapFaults, I guess it is a simple
>>> DOM in case of 403
>>>
>>>
>>>
>>> Is there any integration of cxf with spring security ?
>>>> Does cxf standalone provide client cert authentication ?
>>>>
>>>>
>>>> Have look at this configuration example (I copied it from one of
>>> ws-security tests):
>>> http://svn.apache.org/repos/****asf/cxf/trunk/systests/rs-**<http://svn.apache.org/repos/**asf/cxf/trunk/systests/rs-**>
>>> security/src/test/java/org/****apache/cxf/systest/jaxrs/**
>>> security/xml/server.xml<http:/**/svn.apache.org/repos/asf/cxf/**
>>> trunk/systests/rs-security/**src/test/java/org/apache/cxf/**
>>> systest/jaxrs/security/xml/**server.xml<http://svn.apache.org/repos/asf/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/server.xml>
>>> >
>>>
>>>
>>> Note, the client certs then will also be available as Message properties,
>>> here is how you can get to them:
>>>
>>> private Certificate[] getTLSCertificates(Message message) {
>>> TLSSessionInfo tlsInfo = message.get(TLSSessionInfo.****class);
>>>
>>> return tlsInfo != null ? tlsInfo.getPeerCertificates() : null;
>>>
>>> }
>>>
>>> I can give up spring security and validate manually, and throw
>>> exception,
>>>
>>>> but probably this is not an elegant solution.
>>>>
>>>>
>>>> HTH, Sergey
>>>
>>> Regards
>>>
>>>> Jakub
>>>>
>>>>
>>>>
>>> --
>>> Sergey Beryozkin
>>>
>>> Talend Community Coders
>>> http://coders.talend.com/
>>>
>>> Blog: http://sberyozkin.blogspot.com
>>>
>>>
>>
>
> --
> Sergey Beryozkin
>
> Talend Community Coders
> http://coders.talend.com/
>
> Blog: http://sberyozkin.blogspot.com
>
