Hello Freeman,
You said:
>> And there is another question.
>> Actually I have to propagate securitySubject through cxf proxy. I've
>> added
>> out JBIMessage interceptor to proxy as follows:
>> ( (JaxWsClientProxy)
>> Proxy.getInvocationHandler(serviceProxy)).getClient().getOutInterceptors().add(new
>> MyOutInterceptor())
>>
>> but I can't get NormalizedMessage in handleMessage() method of
>> intereceptor.
>> JBIMessage.getJbiExchange() returns null.
>> In logs I saw that component creates MessageExchange (and
>> NormalizedMessage)
>> after interceptors invocation.
>> So the question is how to add property to outgoing NormalizedMessage?
>> Where
>> can I add property to cxf Message, that will be copied to noramalized
>> message?
>>
>>
>You should also add your interceptor for your cxf se endpoint
>inInterceptors to extract the securitySubject and save to somewhere
>first and then used later on ...
But I don't want to extract the securitySubject. I have it in first SESU.
And I want to save it in outgoing message from one SE SU to another SE SU
via proxy. And as I said I can't get NormalizedMessage in outInterceptor of
proxy, because MessageExcenge is null.
How can I pass securitySubject (or any property) to second SESU via proxy?
Freeman Fang wrote:
>
> timm01 wrote:
>> Thanks for reply Freeman.
>>
>> I've tried to implement you solution, but didn't understood, where to add
>> this interceptor in configuration. cxf:bc element has inInterceptors and
>> outInterceptors, and if I'm not mistaken both of them intercepts messages
>> between webservice client and BC. InInterceptor intercepts request from
>> client to BC, and OutInterceptor intercepts response to client. Where to
>> add
>> the interceptor, that handles outgoing message from BC to SE?
>>
> You should add to inInterceptors, which will add securitySubject to
> NormalizedMessage before send it from cxf bc to cxf se
>> And there is another question.
>> Actually I have to propagate securitySubject through cxf proxy. I've
>> added
>> out JBIMessage interceptor to proxy as follows:
>> ( (JaxWsClientProxy)
>> Proxy.getInvocationHandler(serviceProxy)).getClient().getOutInterceptors().add(new
>> MyOutInterceptor())
>>
>> but I can't get NormalizedMessage in handleMessage() method of
>> intereceptor.
>> JBIMessage.getJbiExchange() returns null.
>> In logs I saw that component creates MessageExchange (and
>> NormalizedMessage)
>> after interceptors invocation.
>> So the question is how to add property to outgoing NormalizedMessage?
>> Where
>> can I add property to cxf Message, that will be copied to noramalized
>> message?
>>
>>
> You should also add your interceptor for your cxf se endpoint
> inInterceptors to extract the securitySubject and save to somewhere
> first and then used later on ...
>> Thanks in advance, sorry for bad english ))
>>
>>
>>
>> Freeman Fang wrote:
>>
>>> Hi,
>>> One solution could be write your own interceptors to save subject on cxf
>>> bc and extract it from cxf se
>>> something like
>>> public class SaveSubjectInterceptor extends AbstractPhaseInterceptor {
>>>
>>> public ClassloaderCampareInterceptor() {
>>> super(Phase.PRE_INVOKE);
>>> }
>>>
>>> public void handleMessage(Message message) throws Fault {
>>> NormalizedMessage nm =
>>> message.getContent(NormalizedMessage.class);
>>> Subject securitySubject = message.get(Subject.class);
>>> nm.setProperty("securitySubject", securitySubject);
>>> }
>>>
>>> }
>>>
>>> and add this interceptor for your cxf bc consumer endpoint
>>> configuration.
>>> Similar write your own interceptor to extract the securitySubject for
>>> your cxf se and use it later...
>>> Freeman
>>>
>>>
>>> timm01 wrote:
>>>
>>>> Thanks for your post Ashwin.
>>>> You wrote, that
>>>>
>>>>
>>>>> header security header pretty much useless for further propagation.
>>>>>
>>>>>
>>>> But in our scenario we have to authenticate request it backend system.
>>>> In
>>>> our case CXF SE SU should send request to backend web-service, and it
>>>> needs
>>>> securitySubject to render auth headers to request.
>>>>
>>>> How do you recommend to implement securitySubject propagation in our
>>>> situation?
>>>>
>>>>
>>>>
>>>> Ashwin Karpe wrote:
>>>>
>>>>
>>>>> Hi,
>>>>>
>>>>> The WS-Security credentials are not passed to the CXF-SE by the
>>>>> CXF_BC.
>>>>>
>>>>> The reason for this is that the WS-Security credentials once verified
>>>>> by
>>>>> the interceptor for authenticity and authority in the CXF-BC render
>>>>> the
>>>>> header security header pretty much useless for further propagation.
>>>>>
>>>>> In any case the CXF-SE does not have any listeners set up and is just
>>>>> a
>>>>> POJO linked by a channel to the NMR by the CXF_SE component in
>>>>> servicemix-cxf-se-xxxx-fuse-installer.zip.
>>>>>
>>>>> Also, the payload propagated between the CXF-BC and CXF-SE is a JBI
>>>>> Message with the SOAP Body sent as a JBI Part.
>>>>>
>>>>> The WS-Security example (cxf-ws-security) in the FUSE download version
>>>>> 3.x
>>>>> is a good working demo that you could check out for further details.
>>>>>
>>>>> Hope this helps.
>>>>>
>>>>> Cheers,
>>>>>
>>>>> Ashwin...
>>>>>
>>>>>
>>>>> timm01 wrote:
>>>>>
>>>>>
>>>>>> thanks for your reply Freeman.
>>>>>>
>>>>>> In cxf-ws-security example cxf bc extract the credentials and
>>>>>> authentificates it in JAAS, but it isn't pass it to cxf se.
>>>>>> Am I right?
>>>>>> After having added LoggingInInterceptor in cxf se, I have figured out
>>>>>> that incoming message doesn't have security header.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Freeman Fang wrote:
>>>>>>
>>>>>>
>>>>>>> Hi,
>>>>>>> You needn't copy the credential data from one message to another
>>>>>>> IMO,
>>>>>>> cxf bc extract the credentials data by ws-security and then delegate
>>>>>>> the
>>>>>>> AA to JAAS service inside Servicemix.
>>>>>>> You may need take a look at cxf-ws-security example shipped with
>>>>>>> FUSE
>>>>>>> ESB (which is based on Apache ServiceMix).
>>>>>>> You can download the FUSE ESB from [1]
>>>>>>> [1]http://fusesource.com/
>>>>>>> Freeman
>>>>>>> timm01 wrote:
>>>>>>>
>>>>>>>
>>>>>>>> Hello All.
>>>>>>>>
>>>>>>>> I need to pass security credentials between endpoints (cxf
>>>>>>>> webservices),
>>>>>>>> deployed on servicemix.
>>>>>>>>
>>>>>>>> First service assembly contains cxfbc:consumer and cxfse:endpoint.
>>>>>>>> While the
>>>>>>>> second one has another cxfse:endpoint. First endpoint calls second
>>>>>>>> one
>>>>>>>> using
>>>>>>>> cxfse:proxy.
>>>>>>>>
>>>>>>>> In cxfbc:consumer I'm using ws-security to recieve credentials the
>>>>>>>> latter is
>>>>>>>> implemented with WSS4JInInterceptor.
>>>>>>>>
>>>>>>>> Does anyone have any idea of how to use security credentials at the
>>>>>>>> endpoints? If it's done via copying the data from one message to
>>>>>>>> another,
>>>>>>>> what is the proper way to implement that? Otherwise is there a way
>>>>>>>> to
>>>>>>>> have
>>>>>>>> it done automatically?
>>>>>>>>
>>>>>>>> Here is my configuration:
>>>>>>>> <cxfbc:consumer
>>>>>>>> wsdl="classpath:ITSM/WSDL/SupportTicket-v1.wsdl"
>>>>>>>>
>>>>>>>> targetService="service:SupportTicketService_v1_0"
>>>>>>>> targetInterface="service:SupportTicket_v1_0">
>>>>>>>> <cxfbc:inInterceptors>
>>>>>>>> <bean
>>>>>>>> class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
>>>>>>>> <ref bean="wss4jIn_request"/>
>>>>>>>> <ref bean="saajIn_request"/>
>>>>>>>> </cxfbc:inInterceptors>
>>>>>>>> </cxfbc:consumer>
>>>>>>>>
>>>>>>>> <cxfse:endpoint service="service:SupportTicketService_v1_0">
>>>>>>>> <cxfse:pojo>
>>>>>>>> <bean
>>>>>>>> class="com.....supportticketservice_v1.SupportTicketImpl">
>>>>>>>> <property name="ticketRouter">
>>>>>>>> <cxfse:proxy service="rt:RTAdapterService_v1_0"
>>>>>>>> context="#context"
>>>>>>>>
>>>>>>>> type="com.....wsdl.rtadapterservice_v1.RTAdapterV10"/>
>>>>>>>> </property>
>>>>>>>> </bean>
>>>>>>>> </cxfse:pojo>
>>>>>>>> </cxfse:endpoint>
>>>>>>>>
>>>>>>>> and second enpoint in another assembly:
>>>>>>>>
>>>>>>>> <cxfse:endpoint service="service:RTAdapterService_v1_0">
>>>>>>>> <cxfse:pojo>
>>>>>>>> <bean
>>>>>>>> class="com.....rtadapterservice_v1.RTAdapterImpl">
>>>>>>>> <property name="rtAdapterService"
>>>>>>>> ref="rtAdapterService"/>
>>>>>>>> </bean>
>>>>>>>> </cxfse:pojo>
>>>>>>>> </cxfse:endpoint>
>>>>>>>>
>>>>>>>>
>>>>>>>> Thanks in advance for your replies.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>> --
>>> Freeman Fang
>>> ------------------------
>>> Open Source SOA: http://fusesource.com
>>>
>>>
>>>
>>>
>>
>>
>
>
> --
> Freeman Fang
> ------------------------
> Open Source SOA: http://fusesource.com
>
>
>
--
View this message in context:
http://www.nabble.com/How-to-use-ws-security-credentials-in-cxf-endpoint-tp21973209p23555248.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
