Thanks for reply Freeman.
I've tried to implement you solution, but didn't understood, where to add
this interceptor in configuration. cxf:bc element has inInterceptors and
outInterceptors, and if I'm not mistaken both of them intercepts messages
between webservice client and BC. InInterceptor intercepts request from
client to BC, and OutInterceptor intercepts response to client. Where to add
the interceptor, that handles outgoing message from BC to SE?
And there is another question.
Actually I have to propagate securitySubject through cxf proxy. I've added
out JBIMessage interceptor to proxy as follows:
( (JaxWsClientProxy)
Proxy.getInvocationHandler(serviceProxy)).getClient().getOutInterceptors().add(new
MyOutInterceptor())
but I can't get NormalizedMessage in handleMessage() method of intereceptor.
JBIMessage.getJbiExchange() returns null.
In logs I saw that component creates MessageExchange (and NormalizedMessage)
after interceptors invocation.
So the question is how to add property to outgoing NormalizedMessage? Where
can I add property to cxf Message, that will be copied to noramalized
message?
Thanks in advance, sorry for bad english ))
Freeman Fang wrote:
>
> Hi,
> One solution could be write your own interceptors to save subject on cxf
> bc and extract it from cxf se
> something like
> public class SaveSubjectInterceptor extends AbstractPhaseInterceptor {
>
> public ClassloaderCampareInterceptor() {
> super(Phase.PRE_INVOKE);
> }
>
> public void handleMessage(Message message) throws Fault {
> NormalizedMessage nm =
> message.getContent(NormalizedMessage.class);
> Subject securitySubject = message.get(Subject.class);
> nm.setProperty("securitySubject", securitySubject);
> }
>
> }
>
> and add this interceptor for your cxf bc consumer endpoint configuration.
> Similar write your own interceptor to extract the securitySubject for
> your cxf se and use it later...
> Freeman
>
>
> timm01 wrote:
>> Thanks for your post Ashwin.
>> You wrote, that
>>
>>> header security header pretty much useless for further propagation.
>>>
>> But in our scenario we have to authenticate request it backend system. In
>> our case CXF SE SU should send request to backend web-service, and it
>> needs
>> securitySubject to render auth headers to request.
>>
>> How do you recommend to implement securitySubject propagation in our
>> situation?
>>
>>
>>
>> Ashwin Karpe wrote:
>>
>>> Hi,
>>>
>>> The WS-Security credentials are not passed to the CXF-SE by the CXF_BC.
>>>
>>> The reason for this is that the WS-Security credentials once verified by
>>> the interceptor for authenticity and authority in the CXF-BC render the
>>> header security header pretty much useless for further propagation.
>>>
>>> In any case the CXF-SE does not have any listeners set up and is just a
>>> POJO linked by a channel to the NMR by the CXF_SE component in
>>> servicemix-cxf-se-xxxx-fuse-installer.zip.
>>>
>>> Also, the payload propagated between the CXF-BC and CXF-SE is a JBI
>>> Message with the SOAP Body sent as a JBI Part.
>>>
>>> The WS-Security example (cxf-ws-security) in the FUSE download version
>>> 3.x
>>> is a good working demo that you could check out for further details.
>>>
>>> Hope this helps.
>>>
>>> Cheers,
>>>
>>> Ashwin...
>>>
>>>
>>> timm01 wrote:
>>>
>>>> thanks for your reply Freeman.
>>>>
>>>> In cxf-ws-security example cxf bc extract the credentials and
>>>> authentificates it in JAAS, but it isn't pass it to cxf se.
>>>> Am I right?
>>>> After having added LoggingInInterceptor in cxf se, I have figured out
>>>> that incoming message doesn't have security header.
>>>>
>>>>
>>>>
>>>>
>>>> Freeman Fang wrote:
>>>>
>>>>> Hi,
>>>>> You needn't copy the credential data from one message to another IMO,
>>>>> cxf bc extract the credentials data by ws-security and then delegate
>>>>> the
>>>>> AA to JAAS service inside Servicemix.
>>>>> You may need take a look at cxf-ws-security example shipped with FUSE
>>>>> ESB (which is based on Apache ServiceMix).
>>>>> You can download the FUSE ESB from [1]
>>>>> [1]http://fusesource.com/
>>>>> Freeman
>>>>> timm01 wrote:
>>>>>
>>>>>> Hello All.
>>>>>>
>>>>>> I need to pass security credentials between endpoints (cxf
>>>>>> webservices),
>>>>>> deployed on servicemix.
>>>>>>
>>>>>> First service assembly contains cxfbc:consumer and cxfse:endpoint.
>>>>>> While the
>>>>>> second one has another cxfse:endpoint. First endpoint calls second
>>>>>> one
>>>>>> using
>>>>>> cxfse:proxy.
>>>>>>
>>>>>> In cxfbc:consumer I'm using ws-security to recieve credentials the
>>>>>> latter is
>>>>>> implemented with WSS4JInInterceptor.
>>>>>>
>>>>>> Does anyone have any idea of how to use security credentials at the
>>>>>> endpoints? If it's done via copying the data from one message to
>>>>>> another,
>>>>>> what is the proper way to implement that? Otherwise is there a way to
>>>>>> have
>>>>>> it done automatically?
>>>>>>
>>>>>> Here is my configuration:
>>>>>> <cxfbc:consumer wsdl="classpath:ITSM/WSDL/SupportTicket-v1.wsdl"
>>>>>> targetService="service:SupportTicketService_v1_0"
>>>>>> targetInterface="service:SupportTicket_v1_0">
>>>>>> <cxfbc:inInterceptors>
>>>>>> <bean
>>>>>> class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
>>>>>> <ref bean="wss4jIn_request"/>
>>>>>> <ref bean="saajIn_request"/>
>>>>>> </cxfbc:inInterceptors>
>>>>>> </cxfbc:consumer>
>>>>>>
>>>>>> <cxfse:endpoint service="service:SupportTicketService_v1_0">
>>>>>> <cxfse:pojo>
>>>>>> <bean
>>>>>> class="com.....supportticketservice_v1.SupportTicketImpl">
>>>>>> <property name="ticketRouter">
>>>>>> <cxfse:proxy service="rt:RTAdapterService_v1_0"
>>>>>> context="#context"
>>>>>>
>>>>>> type="com.....wsdl.rtadapterservice_v1.RTAdapterV10"/>
>>>>>> </property>
>>>>>> </bean>
>>>>>> </cxfse:pojo>
>>>>>> </cxfse:endpoint>
>>>>>>
>>>>>> and second enpoint in another assembly:
>>>>>>
>>>>>> <cxfse:endpoint service="service:RTAdapterService_v1_0">
>>>>>> <cxfse:pojo>
>>>>>> <bean class="com.....rtadapterservice_v1.RTAdapterImpl">
>>>>>> <property name="rtAdapterService"
>>>>>> ref="rtAdapterService"/>
>>>>>> </bean>
>>>>>> </cxfse:pojo>
>>>>>> </cxfse:endpoint>
>>>>>>
>>>>>>
>>>>>> Thanks in advance for your replies.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>>
>
>
> --
> Freeman Fang
> ------------------------
> Open Source SOA: http://fusesource.com
>
>
>
--
View this message in context:
http://www.nabble.com/How-to-use-ws-security-credentials-in-cxf-endpoint-tp21973209p23538503.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
