Hi Christian, I would recommend writing your own Validator (or extending the existing one in WSS4J) for UsernameTokens. WSS4J sends tokens to a Validator instance for validation:
http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/validate/Validator.java?view=markup Here is the default UsernameTokenValidator: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/validate/UsernameTokenValidator.java?view=markup So I would recommend adding in some functionality to a subclass of the UsernameTokenValidator to perform your requirements. You can configure your Validator in CXF via the "ws-security.ut.validator" tag: http://cxf.apache.org/docs/ws-securitypolicy.html Colm. On Fri, Sep 13, 2013 at 12:03 AM, Christian Müller < [email protected]> wrote: > We are using the Apache Camel CXF component (Camel 2.10.x and CXF 2.6.x) to > expose web services to our customers. We are securing these services by > using HTTPS and WS-Security (user name and password token). Everything > works good so far. > > After an external audit, we got the new requirement to monitor the > authentication failed attempts per user and block the user, if the > authentication failed counter reached a (configurable) limit. > > 1) Do we have such a functionality in a "special" WSS4JInInterceptor? > 2) If not, which solution would you recommend? > a) Extending the WSS4JInInterceptor - isn't as easy as it may should to > fulfill my needs. > b) Writing our own interceptors. An in-interceptor to check whether > user is already blocked and to store the user name in a thread local. An > out-interceptor to increase the failed counter (if the authentication > failed) our to reset the failed counter (if the authentication was > successful). > c) Somehow different? > > [1] http://cxf.apache.org/docs/ws-security.html > > Thanks in advance, > Christian > ----------------- > > Software Integration Specialist > > Apache Camel committer: https://camel.apache.org/team > V.P. Apache Camel: https://www.apache.org/foundation/ > Apache Member: https://www.apache.org/foundation/members.html > > https://www.linkedin.com/pub/christian-mueller/11/551/642 > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
