Hi, I think the simplest way is to propagate UT received by Service A to Service B call:
@Resource private WebServiceContext wsContext; Object token = wsContext.getMessageContext().get(SecurityToken.class); .... // Service B Call ((BindingProvider)proxyB).getRequestContext().put(SecurityToken.class, token); proxyB.invokeServiceBOperation(); Regards, Andrei. > -----Original Message----- > From: Anthony Fryer [mailto:[email protected]] > Sent: Mittwoch, 21. Oktober 2015 08:33 > To: [email protected] > Subject: service calling another service, passing the same security header > > Hi All, > > I have the following scenario... > > Client -> Service A -> Service B > > When Client calls Service A, it passes in a Security Header like below... > > <wsse:Security > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- > wssecurity-secext-1.0.xsd" > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- > wssecurity-utility-1.0.xsd"> > <wsse:UsernameToken wsu:Id="UsernameToken-7"> > <wsse:Username>joeblogs</wsse:Username> > <wsse:Password > Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username- > token-profile-1.0#PasswordText">XXXXXX</wsse:Password> > </wsse:UsernameToken> > </wsse:Security> > > Both Service A and Service B have the same WSS4JInInterceptor configured to > do the authentication and processing of the security header. The > ServiceBClient is also configured in the cxf config file and injected into > com.acme.ServiceA (the implementation of ServiceA). I have configured a > WSS4JOutInterceptor for the ServiceBClient, but am really stuck trying to work > out how to configure the WSS4JOutInterceptor to reuse the same > UsernameToken that was passed into the request of ServiceA. Is there some > way to tell it to use the WebServiceContext to populate the security header or > some other way to do this? My configuration is below... > > <bean id="wss4jInInterceptor" > class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> > <constructor-arg> > <map> > <entry key="action" value="UsernameToken" /> > <entry key="passwordType" value="PasswordDigest" /> > <entry> > <key> > <util:constant > static- > field="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.VALIDATOR_MAP" > /> > </key> > <map> > <entry> > <key> > <util:constant > static-field="org.apache.ws.security.WSSecurityEngine.USERNAME_TOKEN" /> > </key> > <ref bean="dsmlv2UsernameTokenValidator"/> > </entry> > </map> > </entry> > </map> > </constructor-arg> > </bean> > > <bean id="wss4jOutInterceptor" > class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"> > <constructor-arg> > <map> > <entry key="action" value="UsernameToken" /> > > </map> > </constructor-arg> > </bean> > > <jaxws:client id="serviceBClient" > wsdlLocation="classpath:/META-INF/wsdl/ServiceB.wsdl" > serviceClass="com.acme.ServiceBPortType" > address="http://localhost:8080/myapp/services/ServiceB";> > <jaxws:outInterceptors> > <ref bean="wss4jOutInterceptor" /> > </jaxws:outInterceptors> > </jaxws:client> > > <jaxws:endpoint id="ServiceA" implementor="com.acme.ServiceA" > address="/ServiceA"> > <jaxws:inInterceptors> > <ref bean="wss4jInInterceptor" /> > </jaxws:inInterceptors> > </jaxws:endpoint> > > <jaxws:endpoint id="ServiceB" implementor="com.acme.ServiceB" > address="/ServiceB"> > <jaxws:inInterceptors> > <ref bean="wss4jInInterceptor" /> > </jaxws:inInterceptors> > </jaxws:endpoint> > > > > > > -- > View this message in context: http://cxf.547215.n5.nabble.com/service-calling- > another-service-passing-the-same-security-header-tp5762028.html > Sent from the cxf-user mailing list archive at Nabble.com.
