timm01 wrote:
Thanks for reply Freeman.
I've tried to implement you solution, but didn't understood, where to add
this interceptor in configuration. cxf:bc element has inInterceptors and
outInterceptors, and if I'm not mistaken both of them intercepts messages
between webservice client and BC. InInterceptor intercepts request from
client to BC, and OutInterceptor intercepts response to client. Where to add
the interceptor, that handles outgoing message from BC to SE?
You should add to inInterceptors, which will add securitySubject to
NormalizedMessage before send it from cxf bc to cxf se
And there is another question.
Actually I have to propagate securitySubject through cxf proxy. I've added
out JBIMessage interceptor to proxy as follows:
( (JaxWsClientProxy)
Proxy.getInvocationHandler(serviceProxy)).getClient().getOutInterceptors().add(new
MyOutInterceptor())
but I can't get NormalizedMessage in handleMessage() method of intereceptor.
JBIMessage.getJbiExchange() returns null.
In logs I saw that component creates MessageExchange (and NormalizedMessage)
after interceptors invocation.
So the question is how to add property to outgoing NormalizedMessage? Where
can I add property to cxf Message, that will be copied to noramalized
message?
You should also add your interceptor for your cxf se endpoint
inInterceptors to extract the securitySubject and save to somewhere
first and then used later on ...
Thanks in advance, sorry for bad english ))
Freeman Fang wrote:
Hi,
One solution could be write your own interceptors to save subject on cxf
bc and extract it from cxf se
something like
public class SaveSubjectInterceptor extends AbstractPhaseInterceptor {
public ClassloaderCampareInterceptor() {
super(Phase.PRE_INVOKE);
}
public void handleMessage(Message message) throws Fault {
NormalizedMessage nm =
message.getContent(NormalizedMessage.class);
Subject securitySubject = message.get(Subject.class);
nm.setProperty("securitySubject", securitySubject);
}
}
and add this interceptor for your cxf bc consumer endpoint configuration.
Similar write your own interceptor to extract the securitySubject for
your cxf se and use it later...
Freeman
timm01 wrote:
Thanks for your post Ashwin.
You wrote, that
header security header pretty much useless for further propagation.
But in our scenario we have to authenticate request it backend system. In
our case CXF SE SU should send request to backend web-service, and it
needs
securitySubject to render auth headers to request.
How do you recommend to implement securitySubject propagation in our
situation?
Ashwin Karpe wrote:
Hi,
The WS-Security credentials are not passed to the CXF-SE by the CXF_BC.
The reason for this is that the WS-Security credentials once verified by
the interceptor for authenticity and authority in the CXF-BC render the
header security header pretty much useless for further propagation.
In any case the CXF-SE does not have any listeners set up and is just a
POJO linked by a channel to the NMR by the CXF_SE component in
servicemix-cxf-se-xxxx-fuse-installer.zip.
Also, the payload propagated between the CXF-BC and CXF-SE is a JBI
Message with the SOAP Body sent as a JBI Part.
The WS-Security example (cxf-ws-security) in the FUSE download version
3.x
is a good working demo that you could check out for further details.
Hope this helps.
Cheers,
Ashwin...
timm01 wrote:
thanks for your reply Freeman.
In cxf-ws-security example cxf bc extract the credentials and
authentificates it in JAAS, but it isn't pass it to cxf se.
Am I right?
After having added LoggingInInterceptor in cxf se, I have figured out
that incoming message doesn't have security header.
Freeman Fang wrote:
Hi,
You needn't copy the credential data from one message to another IMO,
cxf bc extract the credentials data by ws-security and then delegate
the
AA to JAAS service inside Servicemix.
You may need take a look at cxf-ws-security example shipped with FUSE
ESB (which is based on Apache ServiceMix).
You can download the FUSE ESB from [1]
[1]http://fusesource.com/
Freeman
timm01 wrote:
Hello All.
I need to pass security credentials between endpoints (cxf
webservices),
deployed on servicemix.
First service assembly contains cxfbc:consumer and cxfse:endpoint.
While the
second one has another cxfse:endpoint. First endpoint calls second
one
using
cxfse:proxy.
In cxfbc:consumer I'm using ws-security to recieve credentials the
latter is
implemented with WSS4JInInterceptor.
Does anyone have any idea of how to use security credentials at the
endpoints? If it's done via copying the data from one message to
another,
what is the proper way to implement that? Otherwise is there a way to
have
it done automatically?
Here is my configuration:
<cxfbc:consumer wsdl="classpath:ITSM/WSDL/SupportTicket-v1.wsdl"
targetService="service:SupportTicketService_v1_0"
targetInterface="service:SupportTicket_v1_0">
<cxfbc:inInterceptors>
<bean
class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
<ref bean="wss4jIn_request"/>
<ref bean="saajIn_request"/>
</cxfbc:inInterceptors>
</cxfbc:consumer>
<cxfse:endpoint service="service:SupportTicketService_v1_0">
<cxfse:pojo>
<bean
class="com.....supportticketservice_v1.SupportTicketImpl">
<property name="ticketRouter">
<cxfse:proxy service="rt:RTAdapterService_v1_0"
context="#context"
type="com.....wsdl.rtadapterservice_v1.RTAdapterV10"/>
</property>
</bean>
</cxfse:pojo>
</cxfse:endpoint>
and second enpoint in another assembly:
<cxfse:endpoint service="service:RTAdapterService_v1_0">
<cxfse:pojo>
<bean class="com.....rtadapterservice_v1.RTAdapterImpl">
<property name="rtAdapterService"
ref="rtAdapterService"/>
</bean>
</cxfse:pojo>
</cxfse:endpoint>
Thanks in advance for your replies.
--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com
--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com
