Re: CXF Proxy (Consumer to Provider Bridge) with http basic auth

[Freeman Fang]

Hi Markus,

Would you please dump the on-wire soap fault message and the LOG of 
servicemix?
Another guy encounter similar issue but I just can't reproduce it.
Thanks
Freeman


Markus Wolf wrote:
Hi Freeman,

I noticed that there is still one thing missing, but is is not that 
important for me.
If the authentication fails on the 3rd-party service a soap-fault with 
an error message is returned. This is not correctly returned from the 
proxy to the client. The client receives an empty soap body.

Markus

Markus Wolf schrieb:
Hi Freeman,

after an update to smx 3.2.2 everything works now.
Much thanks for your great help. :)

Regards
Markus

Hi Markus,

Please try to use the latest released servicemix 3.2.2 to see you 
still has the problem?

Freeman

Markus Wolf wrote:
One more question for the proxy problem:

I've created the proxy with a consumer/provider declaration and 
added a UsernameToken auth-schema to our 3rd party service. But the 
soap-headers are not send to the 3rd party service from smx.
Here is my configuration, maybe theres something missing. Can you 
take a look at it?


    <cxfbc:consumer
        wsdl="http://markusw.office.nmmn.com:8080/ws/endion.wsdl";
        endpoint="ws-proxy"
        targetService="llynch:endionService"
        targetEndpoint="FrontendWebServiceProxy"
    >
        <cxfbc:inInterceptors>
            <bean 
class="org.apache.cxf.interceptor.LoggingInInterceptor" />
        </cxfbc:inInterceptors>
        <cxfbc:outInterceptors>
            <bean 
class="org.apache.cxf.interceptor.LoggingOutInterceptor" />
        </cxfbc:outInterceptors>
        <cxfbc:inFaultInterceptors>
            <bean 
class="org.apache.cxf.interceptor.LoggingInInterceptor" />
        </cxfbc:inFaultInterceptors>
        <cxfbc:outFaultInterceptors>
            <bean 
class="org.apache.cxf.interceptor.LoggingOutInterceptor" />
        </cxfbc:outFaultInterceptors>
    </cxfbc:consumer>
    <cxfbc:provider
        wsdl="http://markusw.office.nmmn.com:8080/ws/endion.wsdl";
        
locationURI="http://markusw.office.nmmn.com:8080/ws/endionService";
        service="llynch:endionService"
        endpoint="FrontendWebServiceProxy"
    >
        <cxfbc:inInterceptors>
            <bean 
class="org.apache.cxf.interceptor.LoggingInInterceptor" />
        </cxfbc:inInterceptors>
        <cxfbc:outInterceptors>
            <bean 
class="org.apache.cxf.interceptor.LoggingOutInterceptor" />
        </cxfbc:outInterceptors>
        <cxfbc:inFaultInterceptors>
            <bean 
class="org.apache.cxf.interceptor.LoggingInInterceptor" />
        </cxfbc:inFaultInterceptors>
        <cxfbc:outFaultInterceptors>
            <bean 
class="org.apache.cxf.interceptor.LoggingOutInterceptor" />
        </cxfbc:outFaultInterceptors>
    </cxfbc:provider>



And this are the logfile infos on the smx-side:
04.08.2008 13:39:01 org.apache.cxf.interceptor.LoggingInInterceptor 
handleMessage
INFO: Inbound Message
--------------------------------------
Encoding: UTF-8
Headers: {content-type=[text/xml;charset=UTF-8], 
Authorization=[Basic YXNkZjphc2Rm], 
Host=[markusw.office.nmmn.com:8193], Content-Length=[1032], 
SOAPAction=[""], User-Agent=[Jakarta Commons-HttpClient/3.0.1]}
Message:
<soapenv:Envelope xmlns:sch="http://www.llynch.net/endion/schemas"; 
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";>
   <soapenv:Header>
      <wsse:Security soapenv:mustUnderstand="1" 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";> 

         <wsse:UsernameToken wsu:Id="UsernameToken-4261515" 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> 

            <wsse:Username>asdf</wsse:Username>
            <wsse:Password 
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>asdf</wsse:Password> 

            <wsse:Nonce>kZ4rrBS5p4BBociRpNaLtA==</wsse:Nonce>
            <wsu:Created>2008-08-04T11:39:01.582Z</wsu:Created>
         </wsse:UsernameToken>
      </wsse:Security>
   </soapenv:Header>
   <soapenv:Body>
      <sch:profileListRequest>
         <!--Optional:-->
         <sch:type>Newsletter</sch:type>
      </sch:profileListRequest>
   </soapenv:Body>
</soapenv:Envelope>
--------------------------------------
04.08.2008 13:39:02 
org.apache.cxf.interceptor.LoggingOutInterceptor$LoggingCallback 
onClose
INFO: Outbound Message
--------------------------------------
<soap:Envelope 
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><soap:Body 
/></soap:Envelope>
--------------------------------------
javax.jbi.messaging.MessagingException: Out not supported
    at 
org.apache.servicemix.jbi.messaging.MessageExchangeImpl.setMessage(MessageExchangeImpl.java:357) 

    at 
org.apache.servicemix.cxfbc.CxfBcProviderMessageObserver.onMessage(CxfBcProviderMessageObserver.java:125) 

    at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1932) 

    at 
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1790) 

    at 
org.apache.servicemix.cxfbc.CxfBcProvider.process(CxfBcProvider.java:166) 

    at 
org.apache.servicemix.common.AsyncBaseLifeCycle.doProcess(AsyncBaseLifeCycle.java:538) 

    at 
org.apache.servicemix.common.AsyncBaseLifeCycle.processExchange(AsyncBaseLifeCycle.java:490) 

    at 
org.apache.servicemix.common.BaseLifeCycle.onMessageExchange(BaseLifeCycle.java:46) 

    at 
org.apache.servicemix.jbi.messaging.DeliveryChannelImpl.processInBound(DeliveryChannelImpl.java:610) 

    at 
org.apache.servicemix.jbi.nmr.flow.AbstractFlow.doRouting(AbstractFlow.java:170) 

    at 
org.apache.servicemix.jbi.nmr.flow.seda.SedaFlow.doRouting(SedaFlow.java:167) 

    at 
org.apache.servicemix.jbi.nmr.flow.seda.SedaQueue$1.run(SedaQueue.java:134) 

    at 
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:885) 

    at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907) 

    at java.lang.Thread.run(Thread.java:619)


And here is the soap part received by the 3rd-party service:
[DEBUG] 13:39:02.638 
[http-8080-Processor24|127.0.0.1|||/ws/endionService] 
pringframework.ws.server.endpoint.AbstractLoggingInterceptor
        Request: <soap:Envelope 
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";><soap:Body><sch:profileListRequest 
xmlns:sch="http://www.llynch.net/endion/schemas";>

         <sch:type 
xmlns:sch="http://www.llynch.net/endion/schemas";>Newsletter</sch:type>
      </sch:profileListRequest></soap:Body></soap:Envelope>
[DEBUG] 13:39:02.639 
[http-8080-Processor24|127.0.0.1|||/ws/endionService] 
ingframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor
        Validating message [SaajSoapMessage 
{http://www.llynch.net/endion/schemas}profileListRequest] with 
actions [UsernameToken]
[WARN ] 13:39:02.649 
[http-8080-Processor24|127.0.0.1|||/ws/endionService] 
ringframework.ws.soap.security.AbstractWsSecurityInterceptor
        Could not validate request: No WS-Security header found


Thanks for any input.
Markus



Markus Wolf schrieb:
Hi Freeman,

I'll try it with ws-security then.
Thanks for your help.

Markus

For cxf bc, it can't bridge the basic auth since basic auth is in 
the http header, what we save from soap message to jbi message is 
the soap header, so if your standalone client and server are 
using ws-security to do the auth, it should be bridged by the cxf 
bc consumer and provider.

Freeman

Markus Wolf wrote:
Hi,

thanks for your reply. Yes I missed your last reply, something 
was wrong with my mailinglist subscription.

Our usecase require the authentication credentials on a pre user 
base. This means we would like to proxy the authentication 
information as well as the webservice. Is it possible to set the 
credentials dynamically from the consumer to the provider? The 
busCfg seems to be static with exactly one username/password pair.

Thanks
Markus

You can add busCfg attribute (let's say 
busCfg="basic_auth.xml") for your cxf bc provider xbean,
and your basic_auth.xml should be like

<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:sec="http://cxf.apache.org/configuration/security";
xmlns:http="http://cxf.apache.org/transports/http/configuration";
xmlns:jaxws="http://java.sun.com/xml/ns/jaxws";
xsi:schemaLocation="
           http://cxf.apache.org/configuration/security
              
http://cxf.apache.org/schemas/configuration/security.xsd
         http://cxf.apache.org/transports/http/configuration
            
http://cxf.apache.org/schemas/configuration/http-conf.xsd
         http://www.springframework.org/schema/beans
            
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd";>

 <http:conduit 
name="{your_name_space}your_endpoint_name.http-conduit">
             <http:authorization>
        <sec:UserName>Betty</sec:UserName>
        <sec:Password>password</sec:Password>
     </http:authorization>

 </http:conduit>

</beans>

You can get more details about the http transport configuration 
from [1]


[1]http://cwiki.apache.org/CXF20DOC/client-http-transport-including-ssl-support.html 


btw, I think you miss my reply for this issue during weekend
Regards
Freeman

Markus Wolf wrote:
Hi,

we need to proxy a webservice with smx. No problem with this, 
since
enough examples are given.  :)
But our 3rd party webservice requires http-basic auth and we are
struggeling in configuring smx to proxy the authentication. Is 
there a
way to do so? If not, is it possible to proxy ws-security 
headers?

We tried to use cxf and http based provider/consumer setup and 
both failed.

Thanks for any hint
Markus Wolf