Håkon Sagehaug wrote:
Hi
Thanks for the input, the JAAS module is it the interceptors in the
xbean at the cxf-bc component
<cxfbc:inInterceptors>
<bean class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
<ref bean="TimestampSignEncrypt_Request"/>
<ref bean="saajin"/>
</cxfbc:inInterceptors>
<cxfbc:outInterceptors>
<bean class="org.apache.cxf.interceptor.LoggingOutInterceptor"/>
<ref bean="saajout"/>
<ref bean="TimestampSignEncrypt_Response"/>
</cxfbc:outInterceptors>
No, the interceptors in this configuration only handle the ws-security
stuff, the JAAS is delegate to AuthenticationService in servicemix
the key code snippet wire cxf ws-security and servicemix
AuthenticationService(JAAS) looks like
Subject subject = (Subject) currentSubject.get();
if (subject == null) {
subject = new Subject();
currentSubject.set(subject);
}
List<Object> results =
(Vector<Object>)message.get(WSHandlerConstants.RECV_RESULTS);
if (results == null) {
return;
}
for (Iterator iter = results.iterator(); iter.hasNext();) {
WSHandlerResult hr = (WSHandlerResult) iter.next();
if (hr == null || hr.getResults() == null) {
return;
}
for (Iterator it = hr.getResults().iterator();
it.hasNext();) {
WSSecurityEngineResult er = (WSSecurityEngineResult)
it.next();
if (er != null && er.getPrincipal() instanceof
WSUsernameTokenPrincipal) {
WSUsernameTokenPrincipal p =
(WSUsernameTokenPrincipal)er.getPrincipal();
subject.getPrincipals().add(p);
this.authenticationService.authenticate(subject,
domain, p.getName(), p.getPassword());
}
}
}
Or did I miss something in the example. I guess it fully possible to
write own interceptors and refer to the in the xbean file
Yes, you can write your own interceptors and refer it in the xbean file.
cheers, håkon
Take a look at cxf-ws-security example shipped with FUSE ESB (which is
based on apache servicemix)
This example use ws-security of webservice and then delegate AA to JAAS
module inside servicemix, I think it may be helpful for you.
You can get FUSE ESB from [1]
[1]http://fusesource.com/
Regards
Freeman
H�kon Sagehaug wrote:
Hi
We're building up a little SOA infrastructure using servicemix and we've
come where we are considering security, when I say security it's about
authenticating and authorizing users in our system, and I wondered how and
if servicemix could make our job easier.
The first approach to security, I guess is by using ws-trust and having a
sts service and a trust relationship between the sts and other services, not
including the features of servicemix that much.
More involving servicemix is to maybe have a route that send the incomming
request to service A, first to a sts, and enhences the respose from the sts
with the request to service A and the ships it of to service A.
Is there a posibility of using JAAS module when dealing with web services in
servicemix
Or is there any other good tips hwo to solve this??
cheers, H�kon
