Hi, I agree with what Freeman has said in the earlier response.
There is however another way to do this as well. This requires the CXF-BC to consume the message as Raw (i.e. soap flag should be set to false). This will get you the entire SOAP message headers and all instead of the headers being stripped and preserved. You may then work with a clone/copy of the message and use the original SOAP security header to be sent as is without manipulation. Hope this helps. Cheers, Ashwin... timm01 wrote: > > Thanks for your post Ashwin. > You wrote, that >> header security header pretty much useless for further propagation. > But in our scenario we have to authenticate request it backend system. In > our case CXF SE SU should send request to backend web-service, and it > needs securitySubject to render auth headers to request. > > How do you recommend to implement securitySubject propagation in our > situation? > > > > Ashwin Karpe wrote: >> >> Hi, >> >> The WS-Security credentials are not passed to the CXF-SE by the CXF_BC. >> >> The reason for this is that the WS-Security credentials once verified by >> the interceptor for authenticity and authority in the CXF-BC render the >> header security header pretty much useless for further propagation. >> >> In any case the CXF-SE does not have any listeners set up and is just a >> POJO linked by a channel to the NMR by the CXF_SE component in >> servicemix-cxf-se-xxxx-fuse-installer.zip. >> >> Also, the payload propagated between the CXF-BC and CXF-SE is a JBI >> Message with the SOAP Body sent as a JBI Part. >> >> The WS-Security example (cxf-ws-security) in the FUSE download version >> 3.x is a good working demo that you could check out for further details. >> >> Hope this helps. >> >> Cheers, >> >> Ashwin... >> >> >> timm01 wrote: >>> >>> thanks for your reply Freeman. >>> >>> In cxf-ws-security example cxf bc extract the credentials and >>> authentificates it in JAAS, but it isn't pass it to cxf se. >>> Am I right? >>> After having added LoggingInInterceptor in cxf se, I have figured out >>> that incoming message doesn't have security header. >>> >>> >>> >>> >>> Freeman Fang wrote: >>>> >>>> Hi, >>>> You needn't copy the credential data from one message to another IMO, >>>> cxf bc extract the credentials data by ws-security and then delegate >>>> the >>>> AA to JAAS service inside Servicemix. >>>> You may need take a look at cxf-ws-security example shipped with FUSE >>>> ESB (which is based on Apache ServiceMix). >>>> You can download the FUSE ESB from [1] >>>> [1]http://fusesource.com/ >>>> Freeman >>>> timm01 wrote: >>>>> Hello All. >>>>> >>>>> I need to pass security credentials between endpoints (cxf >>>>> webservices), >>>>> deployed on servicemix. >>>>> >>>>> First service assembly contains cxfbc:consumer and cxfse:endpoint. >>>>> While the >>>>> second one has another cxfse:endpoint. First endpoint calls second one >>>>> using >>>>> cxfse:proxy. >>>>> >>>>> In cxfbc:consumer I'm using ws-security to recieve credentials the >>>>> latter is >>>>> implemented with WSS4JInInterceptor. >>>>> >>>>> Does anyone have any idea of how to use security credentials at the >>>>> endpoints? If it's done via copying the data from one message to >>>>> another, >>>>> what is the proper way to implement that? Otherwise is there a way to >>>>> have >>>>> it done automatically? >>>>> >>>>> Here is my configuration: >>>>> <cxfbc:consumer wsdl="classpath:ITSM/WSDL/SupportTicket-v1.wsdl" >>>>> targetService="service:SupportTicketService_v1_0" >>>>> targetInterface="service:SupportTicket_v1_0"> >>>>> <cxfbc:inInterceptors> >>>>> <bean >>>>> class="org.apache.cxf.interceptor.LoggingInInterceptor"/> >>>>> <ref bean="wss4jIn_request"/> >>>>> <ref bean="saajIn_request"/> >>>>> </cxfbc:inInterceptors> >>>>> </cxfbc:consumer> >>>>> >>>>> <cxfse:endpoint service="service:SupportTicketService_v1_0"> >>>>> <cxfse:pojo> >>>>> <bean >>>>> class="com.....supportticketservice_v1.SupportTicketImpl"> >>>>> <property name="ticketRouter"> >>>>> <cxfse:proxy service="rt:RTAdapterService_v1_0" >>>>> context="#context" >>>>> >>>>> type="com.....wsdl.rtadapterservice_v1.RTAdapterV10"/> >>>>> </property> >>>>> </bean> >>>>> </cxfse:pojo> >>>>> </cxfse:endpoint> >>>>> >>>>> and second enpoint in another assembly: >>>>> >>>>> <cxfse:endpoint service="service:RTAdapterService_v1_0"> >>>>> <cxfse:pojo> >>>>> <bean class="com.....rtadapterservice_v1.RTAdapterImpl"> >>>>> <property name="rtAdapterService" >>>>> ref="rtAdapterService"/> >>>>> </bean> >>>>> </cxfse:pojo> >>>>> </cxfse:endpoint> >>>>> >>>>> >>>>> Thanks in advance for your replies. >>>>> >>>>> >>>>> >>>> >>>> >>>> >>> >>> >> >> > > ----- --- Ashwin Karpe, Principal Consultant, PS - Opensource Center of Competence Progress Software Corporation 14 Oak Park Drive Bedford, MA 01730 --- +1-972-304-9084 (Office) +1-972-971-1700 (Mobile) ---- Blog: http://opensourceknowledge.blogspot.com/ -- View this message in context: http://www.nabble.com/How-to-use-ws-security-credentials-in-cxf-endpoint-tp21973209p23525272.html Sent from the ServiceMix - User mailing list archive at Nabble.com.
