timm01 wrote:
thanks for your reply Freeman.
In cxf-ws-security example cxf bc extract the credentials and
authentificates it in JAAS, but it isn't pass it to cxf se.
Am I right?
After having added LoggingInInterceptor in cxf se, I have figured out that
incoming message doesn't have security header.
you can specify which service in servicemix could be access based on the
credetial extracted by cxf bc, something like
<sm:broker>
<sm:securedBroker>
<sm:authorizationMap>
<sm:authorizationMap>
<sm:authorizationEntries>
<sm:authorizationEntry
service="prefix:yourservicecouldbeaccessbyadmin" roles="admin" />
</sm:authorizationEntries>
</sm:authorizationMap>
</sm:authorizationMap>
</sm:securedBroker>
</sm:broker>
so it's no need the JBI message inside servicemix have security header.
Also, the ws-security header are based on soap payload, but generally
the message inside Servicemix aren't soap payload.
If you really want to keep the username/password for your message
exchange inside servicemix, you can put username/password as message
exchagne properties and handle it yourself.
Freeman
Freeman Fang wrote:
Hi,
You needn't copy the credential data from one message to another IMO,
cxf bc extract the credentials data by ws-security and then delegate the
AA to JAAS service inside Servicemix.
You may need take a look at cxf-ws-security example shipped with FUSE
ESB (which is based on Apache ServiceMix).
You can download the FUSE ESB from [1]
[1]http://fusesource.com/
Freeman
timm01 wrote:
Hello All.
I need to pass security credentials between endpoints (cxf webservices),
deployed on servicemix.
First service assembly contains cxfbc:consumer and cxfse:endpoint. While
the
second one has another cxfse:endpoint. First endpoint calls second one
using
cxfse:proxy.
In cxfbc:consumer I'm using ws-security to recieve credentials the latter
is
implemented with WSS4JInInterceptor.
Does anyone have any idea of how to use security credentials at the
endpoints? If it's done via copying the data from one message to another,
what is the proper way to implement that? Otherwise is there a way to
have
it done automatically?
Here is my configuration:
<cxfbc:consumer wsdl="classpath:ITSM/WSDL/SupportTicket-v1.wsdl"
targetService="service:SupportTicketService_v1_0"
targetInterface="service:SupportTicket_v1_0">
<cxfbc:inInterceptors>
<bean
class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
<ref bean="wss4jIn_request"/>
<ref bean="saajIn_request"/>
</cxfbc:inInterceptors>
</cxfbc:consumer>
<cxfse:endpoint service="service:SupportTicketService_v1_0">
<cxfse:pojo>
<bean
class="com.....supportticketservice_v1.SupportTicketImpl">
<property name="ticketRouter">
<cxfse:proxy service="rt:RTAdapterService_v1_0"
context="#context"
type="com.....wsdl.rtadapterservice_v1.RTAdapterV10"/>
</property>
</bean>
</cxfse:pojo>
</cxfse:endpoint>
and second enpoint in another assembly:
<cxfse:endpoint service="service:RTAdapterService_v1_0">
<cxfse:pojo>
<bean class="com.....rtadapterservice_v1.RTAdapterImpl">
<property name="rtAdapterService"
ref="rtAdapterService"/>
</bean>
</cxfse:pojo>
</cxfse:endpoint>
Thanks in advance for your replies.
