Hi, please see comments below On 14/02/14 12:50, Marcello Ribeiro wrote:
Hi, I have a couple of Webservice done and working properly using CXF 2.7.8 in the already known fashion:<jaxws:endpoint xmlns:tns="http://blablabla.hello.com.br/"; id="blablablawsservice" implementor="br.com.hello.BlaBlaBla" wsdlLocation="wsdl/blablablawsservice.wsdl" endpointName="tns:BlaBlaBlaPort" serviceName="tns:BlaBlaBlaServiceService" address="/BlaBlaBlaPort"> <jaxws:features> <bean class="org.apache.cxf.feature.LoggingFeature" /> </jaxws:features> </jaxws:endpoint> Now, what i need is to protect these services/urls using JAX-RS: OAuth2 and i have followed the instruction in CXF documentation: https://cxf.apache.org/docs/jax-rs-oauth2.html Based on this documentation, i have now: 1 - An Authorization Service; | <bean id="authorizationService" class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService"> <property name="dataProvider" ref="oauthProvider"/> </bean>| | | 2 - An Access Token Service; <bean id="oauthProvider" class="br.com.hello.utils.cxf.security.oauth.SocialRideDataProvider" /> <bean id="accessTokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService"> <property name="dataProvider" ref="oauthProvider" /> </bean> <bean id="accessTokenValidateService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenValidatorService"> <property name="dataProvider" ref="oauthProvider" /> </bean> <jaxrs:server id="oauthServer" address="/oauth"> <jaxrs:serviceBeans> <ref bean="accessTokenService" /> <ref bean="accessTokenValidateService" /> </jaxrs:serviceBeans> </jaxrs:server> 3 - A Request Filter <bean id="oauthFilter" class="org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter"> <property name="dataProvider" ref="oauthProvider" /> </bean>
I'm assuming you have a WS client that would like to use an OAuth2 token to access the JAXWS endpoint, right ?
Typically you'd have OAuth2 RS (your applications) and AS (Authorization/Access token) not collocated, though for simple cases it is good enough for a start;
So, unless you already use CXF OAuth2 services to actually issue the OAuth2 tokens, just remove all of the above and then simply follow the few steps I happened to blog about few days ago - will update the docs shortly:
http://sberyozkin.blogspot.ie/2014/02/use-oauth2-tokens-to-protect-cxf-soap.html
Basically, all you need to do is to add a simple custom WS interceptor, you are right. If you have a remote OAuth2 AS then for a start you can use a basic access token validator client (HTTP-based) registered with your interceptor
This interceptor will only work in CXF 2.7.11-SNAPSHOT Let me know if you have more questions Sergey
So my point is: How do i protect my JAX-WS webservices using this JAX-RS: OAuth2 Request Filter? What is the glue between them? For example: i have a url "http://localhost:8080/myProject/services/MyService?wsdl"; how do it make it under this Oauth Protection Structure?? Is that by interceptors, maybe? Thank you. Att, Marcello Ribeirop
-- Sergey Beryozkin Talend Community Coders http://coders.talend.com/ Blog: http://sberyozkin.blogspot.com
