Hi Jack,
Did you already take a look at our testcase CxfBCSecurityTest and
CxfBcSecurityJAASTest[1] ?
I think you also need WSS4JIn/outInterceptors and SAAJIn/OutInterceptors
here.
Moreover, if you want your user/password can delegate to JAAS
implementation inside Servicemix Container, you need define a
securedBroker, and also you can specify which role can access your
service, take a look at the configuration[2] used in CxfBcSecurityJAASTest
And you also need a property file[3] specified by java system property
"java.security.auth.login.config", in which you can define your users[4]
and groups[5]
In your uses.properties, you need define the user/password you specified
in your ws-security
In your group.properties, you need define the role of your user.
The configuration [3],[4],[5] are pretty much JAAS stuff.
Actually, there is a working demo named cxf-ws-security in FUSE ESB 3.3
kit which you can download from [6] , I think it's exactly same scenario
as you want.
Btw, the exception shows your application can't find the
login.properties IMO.
[1]http://svn.apache.org/repos/asf/servicemix/smx3/branches/servicemix-3.2/deployables/bindingcomponents/servicemix-cxf-bc/src/test/java/org/apache/servicemix/cxfbc/ws/security/CxfBCSecurityTest.java
[2]http://svn.apache.org/repos/asf/servicemix/smx3/branches/servicemix-3.2/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/xbean-jaas.xml
[3]http://svn.apache.org/repos/asf/servicemix/smx3/branches/servicemix-3.2/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/login.properties
[4]http://svn.apache.org/repos/asf/servicemix/smx3/branches/servicemix-3.2/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/users.properties
[5]http://svn.apache.org/repos/asf/servicemix/smx3/branches/servicemix-3.2/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/groups.properties
[6]http://fusesource.com/downloads/
Freeman
Jack Jack wrote:
Hi
I am using Service Mix 3.2.2 version, and configured the CXF-BC and SE components using the light-weight mode.
And also I configured the interceptor for WS Security in the file cxfBusConfig.xml and specified the file in the cxf-bc.
I attached below the servicemix.xml and cxfBusConfig.xml
I wish to perform the following..
1) Parsing the SOAP header for the UserNameToken specified as per WSSE spec.
The SOAP header contains elements a) Username b)Password c) Nonce d)
Created time stamp
2) Validate the user name and password in my application
3) If security header elements are not valid, interceptor fails and throws the some security exception
otherwise the client request gets processed by cxf-bc and cxf-se and
returns the response
I am getting the following exception with current configuration.
Please help on configuring the the interceptor to parse the WS security SOAP header.
Thanks
Jack
INFO: Server startup in 14078 ms
CircuitSecurityInterceptor:handleMessage()>>> ********* Invoked.. Start
CircuitSecurityInterceptor:handleMessage()>>> *********Adde ValidateIntercepter
..
CircuitSecurityInterceptor:handleMessage()>>> ********* END........
CircuitPasswordHandler:handle()>>> ********* Invoked.. Start
CircuitPasswordHandler:handle()>>>Security details UID : CircuitUser01 Password
: null Password Type
: null
CircuitPasswordHandler:handle()>>> Password set on WSPasswordCallback
CircuitPasswordHandler:authenticated()>>>Start *********uid :CircuitUser01
Passwd : null
CircuitPasswordHandler:authenticated()>>>END *********uid :CircuitUser01 Passwd
: null
CircuitPasswordHandler:handle()>>> ********* uid :CircuitUser01 Passwd : null
authenticated ..
CircuitPasswordHandler:handle()>>> ********* Invoked.. End
Nov 29, 2008 6:27:14 PM org.apache.cxf.phase.PhaseInterceptorChain doIntercept
INFO: Interceptor has thrown exception, unwinding now
java.lang.SecurityException: Unable to locate a login configuration
at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:97)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:
39)
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorIm
pl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
at java.lang.Class.newInstance0(Class.java:350)
at java.lang.Class.newInstance(Class.java:303)
at javax.security.auth.login.Configuration$3.run(Configuration.java:216)
at java.security.AccessController.doPrivileged(Native Method)
at
javax.security.auth.login.Configuration.getConfiguration(Configuration.java:210)
at javax.security.auth.login.LoginContext$1.run(LoginContext.java:237)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.init(LoginContext.java:234)
at javax.security.auth.login.LoginContext.<init>(LoginContext.java:367)
at javax.security.auth.login.LoginContext.<init>(LoginContext.java:444)
at
org.apache.servicemix.jbi.security.auth.impl.JAASAuthenticationService.authenticate(JAASA
uthenticationService.java:52)
at
org.apache.servicemix..cxfbc.interceptors.JbiJAASInterceptor.handleMessage(JbiJAASIntercep
tor.java:77)
at
org.apache.servicemix.cxfbc.interceptors.JbiJAASInterceptor.handleMessage(JbiJAASIntercep
tor.java:37)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:221)
at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:7
7)
at
org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestinat
ion.java:278)
at
org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.j
ava:252)
at
org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:70)
at
org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:722)
at
org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:2
06)
at org.mortbay.jetty.handler.HandlerList.handle(HandlerList.java:49)
at
org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)
at org.mortbay.jetty.Server.handle(Server.java:324)
at
org..mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:505)
at
org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:842)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:730)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:205)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:380)
at
org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:395)
at
org.mortbay.thread..BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:450)
Caused by: java.io.IOException: Unable to locate a login configuration
at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:206)
at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:95)
... 34 more
cxfBusConfig.xml
------------------
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:cxf="http://cxf.apache.org/core";
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd";>
<bean id="CircuitSecurityInterceptor"
class="org.circuit.order.wss.CircuitSecurityInterceptor"/>
<cxf:bus>
<cxf:inInterceptors>
<ref bean="CircuitSecurityInterceptor"/>
</cxf:inInterceptors>
</cxf:bus>
</beans>
servicemix.xml
----------------
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:sm="http://servicemix.apache.org/config/1.0";
xmlns:cxfbc="http://servicemix.apache.org/cxfbc/1.0";
xmlns:cxfse="http://servicemix.apache.org/cxfse/1.0";
xmlns:ckt="http://circuit.org/order/CircuitSearch";
xmlns:audit="http://servicemix.apache.org/audit/1.0";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd";>
<bean id="placeholderConfig" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="location" value="classpath:servicemix-web-console.properties"
/>
</bean>
<!-- JMX server -->
<sm:jmxServer id="server" locateExistingServerIfPossible="true" />
<!-- the JBI container -->
<sm:container id="jbi"
rootDir="./data/smx"
MBeanServer="#server"
monitorInstallationDirectory="false"
monitorDeploymentDirectory="false"
createJmxConnector="false">
<sm:activationSpecs>
<sm:activationSpec>
<sm:component>
<cxfbc:component>
<cxfbc:endpoints>
<cxfbc:consumer wsdl="/WEB-INF/wsdl/CircuitIR.wsdl"
busCfg="cxfBusConfig.xml"
service="ckt:FrameRelayCircuit"
interfaceName="ckt:FrameRelayCircuitPortType"
targetEndpoint="CircuitPort"
targetService="ckt:FrameRelayCircuit"
targetInterface="ckt:FrameRelayCircuitPortType" />
</cxfbc:endpoints>
</cxfbc:component>
</sm:component>
</sm:activationSpec>
<sm:activationSpec>
<sm:component>
<cxfse:component>
<cxfse:endpoints>
<cxfse:endpoint>
<cxfse:pojo>
<bean
class="org.circuit.order.circuitsearch.FrameRelayCircuitPortTypeImpl"/>
</cxfse:pojo>
</cxfse:endpoint>
</cxfse:endpoints>
</cxfse:component>
</sm:component>
</sm:activationSpec>
</sm:activationSpecs>
<sm:listeners>
<bean class="org.apache.servicemix.web.http.HttpComponentListener" />
</sm:listeners>
<sm:services>
<sm:statistics statsInterval="10" dumpStats="true" />
</sm:services>
</sm:container>
<bean id="servletContext"
class="org.springframework.web.context.support.ServletContextFactoryBean" />
<bean id="rootDir" class="org.springframework.web.util.WebUtils"
factory-method="getRealPath">
<constructor-arg ref="servletContext" />
<constructor-arg value="/data/smx" />
</bean>
<sm:dotViewService container="#jbi" autoStart="true" />
</beans>
