Hi,
One solution could be write your own interceptors to save subject on cxf
bc and extract it from cxf se
something like
public class SaveSubjectInterceptor extends AbstractPhaseInterceptor {
public ClassloaderCampareInterceptor() {
super(Phase.PRE_INVOKE);
}
public void handleMessage(Message message) throws Fault {
NormalizedMessage nm = message.getContent(NormalizedMessage.class);
Subject securitySubject = message.get(Subject.class);
nm.setProperty("securitySubject", securitySubject);
}
}
and add this interceptor for your cxf bc consumer endpoint configuration.
Similar write your own interceptor to extract the securitySubject for
your cxf se and use it later...
Freeman
timm01 wrote:
Thanks for your post Ashwin.
You wrote, that
header security header pretty much useless for further propagation.
But in our scenario we have to authenticate request it backend system. In
our case CXF SE SU should send request to backend web-service, and it needs
securitySubject to render auth headers to request.
How do you recommend to implement securitySubject propagation in our
situation?
Ashwin Karpe wrote:
Hi,
The WS-Security credentials are not passed to the CXF-SE by the CXF_BC.
The reason for this is that the WS-Security credentials once verified by
the interceptor for authenticity and authority in the CXF-BC render the
header security header pretty much useless for further propagation.
In any case the CXF-SE does not have any listeners set up and is just a
POJO linked by a channel to the NMR by the CXF_SE component in
servicemix-cxf-se-xxxx-fuse-installer.zip.
Also, the payload propagated between the CXF-BC and CXF-SE is a JBI
Message with the SOAP Body sent as a JBI Part.
The WS-Security example (cxf-ws-security) in the FUSE download version 3.x
is a good working demo that you could check out for further details.
Hope this helps.
Cheers,
Ashwin...
timm01 wrote:
thanks for your reply Freeman.
In cxf-ws-security example cxf bc extract the credentials and
authentificates it in JAAS, but it isn't pass it to cxf se.
Am I right?
After having added LoggingInInterceptor in cxf se, I have figured out
that incoming message doesn't have security header.
Freeman Fang wrote:
Hi,
You needn't copy the credential data from one message to another IMO,
cxf bc extract the credentials data by ws-security and then delegate the
AA to JAAS service inside Servicemix.
You may need take a look at cxf-ws-security example shipped with FUSE
ESB (which is based on Apache ServiceMix).
You can download the FUSE ESB from [1]
[1]http://fusesource.com/
Freeman
timm01 wrote:
Hello All.
I need to pass security credentials between endpoints (cxf
webservices),
deployed on servicemix.
First service assembly contains cxfbc:consumer and cxfse:endpoint.
While the
second one has another cxfse:endpoint. First endpoint calls second one
using
cxfse:proxy.
In cxfbc:consumer I'm using ws-security to recieve credentials the
latter is
implemented with WSS4JInInterceptor.
Does anyone have any idea of how to use security credentials at the
endpoints? If it's done via copying the data from one message to
another,
what is the proper way to implement that? Otherwise is there a way to
have
it done automatically?
Here is my configuration:
<cxfbc:consumer wsdl="classpath:ITSM/WSDL/SupportTicket-v1.wsdl"
targetService="service:SupportTicketService_v1_0"
targetInterface="service:SupportTicket_v1_0">
<cxfbc:inInterceptors>
<bean
class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
<ref bean="wss4jIn_request"/>
<ref bean="saajIn_request"/>
</cxfbc:inInterceptors>
</cxfbc:consumer>
<cxfse:endpoint service="service:SupportTicketService_v1_0">
<cxfse:pojo>
<bean
class="com.....supportticketservice_v1.SupportTicketImpl">
<property name="ticketRouter">
<cxfse:proxy service="rt:RTAdapterService_v1_0"
context="#context"
type="com.....wsdl.rtadapterservice_v1.RTAdapterV10"/>
</property>
</bean>
</cxfse:pojo>
</cxfse:endpoint>
and second enpoint in another assembly:
<cxfse:endpoint service="service:RTAdapterService_v1_0">
<cxfse:pojo>
<bean class="com.....rtadapterservice_v1.RTAdapterImpl">
<property name="rtAdapterService"
ref="rtAdapterService"/>
</bean>
</cxfse:pojo>
</cxfse:endpoint>
Thanks in advance for your replies.
--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com
