On 2010-1-14, at 上午4:04, Philip wrote:
Hi,
we found a different way to solve our problem. It was possible to
read and
save our header information in our callback handler. Thanks a lot
for your
support. We just have two more questions to finish our project:
1. Is it possible to disable the SecuredBroke?. The reason is that
we want
to verify the user/password in the callback handler and not in the
properties.
Hi,
Disable SecuredBroker doesn't work in your case IMHO, as it invoke
authenticationService.authenticate in JbiJAASInterceptor as long as
you have ws-security usertoken headers.
If you don't want to configure JAAS properties for SMX to do auth, you
can write your own interceptor for cxf bc consumer to remove
JbiJAASInterceptor from the interceptor chain. The key code should be
public void handleMessage(SoapMessage message) throws Fault {
for (Interceptor interceptor : message.getInterceptorChain()) {
if
(interceptor
.getClass
().getName
().equals("org.apache.servicemix.cxfbc.interceptors.JbiJAASInterceptor")
) {
message.getInterceptorChain().remove(interceptor);
}
}
}
I think I can add a flag later on to mark JbiJAASInterceptor as
optional if necessary.
2. We also added a SoapHeaderOutFilterInterceptor to clean the
Header. The
reason for that is that the Provider shouldn't receive the secure
header. Is
it possible to add a new header with different username/password?
Perhaps
with the WSS4JOutInterceptor?
Yeah, you can configure WSS4JOutInterceptor for cxf bc provider
endpoint which can add different username token ws-security header to
the outgoing soap message.
Freeman
Best regards,
Philip and Nicolas
On Fri, Jan 8, 2010 at 3:33 AM, Freeman Fang
<[email protected]> wrote:
Hi,
Seems you are using SecuredBroker, which delegate the auth to
JAAS, but
you didn't add your user/password to the configuration, that's why
you saw
the exception.
You need do
edit $SMX_HOME/conf/users-passwords.properties
add
wss4j=xyz
edit $SMX_HOME/conf/groups.properties
replace
admin=smx
with
admin=smx,wss4j
Freeman
On 2010-1-7, at 下午10:42, Philip wrote:
Hi,
On Tue, Jan 5, 2010 at 2:46 PM, Freeman Fang
<[email protected]>
wrote:
You also need add SAAJInInterceptor & WSS4JInInterceptor for cxf bc
consumer
endpoint inInterceptors, which extract and save necessary info to
the
vector
You may need take a look at xbean-jaas.xml[1], to learn how it
could be
[1]
https://svn.apache.org/repos/asf/servicemix/components/bindings/servicemix-cxf-bc/trunk/src/test/resources/org/apache/servicemix/cxfbc/ws/security/xbean-jaas.xml
Freeman
we added the SAAJ & WSS4J this way:
<bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"
id="saajin" />
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"
id="wss4jin">
<constructor-arg>
<map>
<entry key="action" value="UsernameToken"/>
<entry key="passwordType" value="PasswordText"/>
<entry key="user" value="wss4j"/>
<entry key="passwordCallbackRef">
<ref bean="myPasswordCallback"/>
</entry>
</map>
</constructor-arg>
</bean>
with our callback class we can read out the Username and Password
but we
get
following error:
Caused by: javax.security.auth.login.FailedLoginException: User
does not
exist
The username we send is "wss4j" and the password is "xyz". This is
our
callback handler class:
public class ServerPasswordCallback implements CallbackHandler {
private static final Log logger =
LogFactory.getLog(ServerPasswordCallback.class);
private static Map passwords = new HashMap();
static {
passwords.put("wss4j", "xyz");
}
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
WSPasswordCallback pc = (WSPasswordCallback)
callbacks[i];
String pass = (String)
passwords.get(pc.getIdentifer());
if (pass != null) {
pc.setPassword(pass);
}
else { throw new
UnsupportedCallbackException(callbacks[i], "Unrecognized
Callback"); }
logger.info("pw-callback done"); // we get this
in the
console
}
}
Do you know what we have to do? Where does the Handler validate the
username? Or what does this error mean?
Thanks again,
Nicolas and Philip
--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com
--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com
