Good news, thanks for making it work.
Christian - should we consider putting the ability to register
interceptors without going the intents path back to DOSGI 2.x ?
How what Martin did can be done in DOSGI 2.x ?
(FYI, in DOSGI 1.8 the below approach works for JAXWS/JAXRS)
Sergey
On 27/09/16 20:31, Martin Nielsen wrote:
I made it work! I am sorry for wasting your time. The problem seems to have
been that the interceptor was not exported properly from my bundle.
But i will be careful when updating to DOSGi 2, if and when that happens.
But for now i have a neat little solution with 2way SSL and Shiro
authentication though the client certificate.
I am a happy camper:)
On Tue, Sep 27, 2016 at 5:05 PM, Sergey Beryozkin <[email protected]>
wrote:
Hi
There are two issues here.
First - why DOSGI JAX-RS code is not reacting to the in interceptor class
name, can you put a breakpoint here please:
https://github.com/apache/cxf-dosgi/blob/cxf-dosgi-ri-1.8.0/
cxf-dsw/src/main/java/org/apache/cxf/dosgi/dsw/handlers/Clas
sUtils.java#L97
It might be that some different way of registering them is needed.
Second: Christian removed this code in DOSGI 2.0 so the question is how
they can be registered in 2.0.
Cheers, Sergey
On 27/09/16 14:45, Martin Nielsen wrote:
Hello everyone.
I am working with CXF DOSGi for the first time. The task at the moment is
to build a declarative services component which registeres an endpoint and
an interceptor. The endpoint will run on an 2way SSL enabled connection,
and the interceptor should read the incomming client certificate. SO far I
managed to get an endpoint working through a declarative services
endpoint,
and i got one way SSL working (Maybe 2way as well, we will get to that).
Now i am trying to add an interceptor, which should read the incomming
client certificate.
And that is where i fail. The interceptor does not seem to be working. It
does not log anything, neither in the constructor or in the handleMessage
method.
Can someone please take a look and tell my where my mistake is? The
interceptor should be called before the end endpoint methods are invoked,
whenever the REST service is called. But right now i can call the endpoint
methods just fine though SSL, but the interceptor is never called, which
makes it hard for me to know if 2way SSL is currently working or not.
I don't expect 1 and 2way SSL to have anything at all to do with this, but
i am mentioning it because i'm ignorant (Just in case) :)
Versions:
CXF 3.1.6
CXF-DOSGI 1.8.0
My interceptor:
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.Phase;
import org.apache.cxf.security.transport.TLSSessionInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class CertificateInterceptor extends AbstractPhaseInterceptor {
private static final Logger LOGGER =
LoggerFactory.getLogger(CertificateInterceptor.class);
public CertificateInterceptor() {
super(Phase.RECEIVE);
LOGGER.debug("Starting certificate interceptor");
}
public void handleMessage(Message message) throws Fault {
LOGGER.debug("Handling message: "+message.getId());
TLSSessionInfo tlsSessionInfo = (TLSSessionInfo) message
.get(TLSSessionInfo.class);
if (tlsSessionInfo != null) {
Certificate[] peerCerts = tlsSessionInfo.getPeerCertificates();
LOGGER.info("Discovered TLSSession: "+tlsSessionInfo);
if (peerCerts != null) {
for (int i = 0; i < peerCerts.length; i++) {
X509Certificate x509certificate = (X509Certificate) peerCerts[i];
LOGGER.info("Retrieved certificate: " +
x509certificate.getSubjectDN().getName() + " pubkey: " +
x509certificate.getPublicKey());
}
}
} else {
LOGGER.info("NO x509certificate");
}
}
}
My endpoint:
@Component(property = {
"service.exported.interfaces=*", "service.exported.configs=org.
apache.cxf.rs
",
"org.apache.cxf.rs.httpservice.context="+LicenseServiceEndpoint.endpoint,
"org.apache.cxf.rs.in.interceptors=com.polis.licensing.
server.rest.interceptor.CertificateInterceptor"})
public class LicenseServiceEndpoint implements LicenseServiceRest{
public static final String endpoint = "/polis/licenseservice";
private List<ServiceRegistration<MessageBodyReader>> readerRefs = new
ArrayList<>();
private List<ServiceRegistration<MessageBodyWriter>> writerRefs = new
ArrayList<>();
...Various endpoint-methods...
@Activate
public void activate(BundleContext context) throws Exception{
registerProvider(context, new CertificateRequestProvider()); //<--- This
is
a messagebodyreader/writer. It should be irrelevant for this question
}
@Deactivate
public void deactivate(BundleContext context) throws Exception{
for(int i = readerRefs.size()-1 ; i>=0 ; i--){
readerRefs.get(i).unregister();
readerRefs.remove(i);
}
for(int i = writerRefs.size()-1 ; i>=0 ; i--){
writerRefs.get(i).unregister();
writerRefs.remove(i);
}
}
private <E extends MessageBodyReader & MessageBodyWriter> void
registerProvider(BundleContext context, E provider){
readerRefs.add(context.registerService(MessageBodyReader.class, provider,
null));
writerRefs.add(context.registerService(MessageBodyWriter.class, provider,
null));
}
}
Thank you in advance for your usual helpful demeanor:)
-Martin
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
