Hi,
So basically you just want a pass through which can forward
UsernameToken ws-security action, right?
If you only want to keep UsernameToken action forward, no encrypt/
signature(as messages tranformation in JBI bus will make encrypt/
signature invalid anymore), then I think it should be doable. You
can configure cxf bc provider to use SAAJOutInterceptor and
WSS4JOutIntercepter to support ws-security, we actually have a
testcase CxfBcProviderSecurityTest[1] which should be a good start for
you, though it's not use usernameToken action. In your scenario, you
need WSS4JOutIntercepter configuration to use UsernameToken action,
and you need set username/password dynamically per each message, so
you need write a customer out intercepter, ensure it get invoked
before WSS4JOutIntercepter, and in your customer interceptor just do
some thing like
message.setContextualProperty(SecurityConstants.USERNAME, username);
message.setContextualProperty(SecurityConstants.PASSWORD, password);
here username/password is catched from JAAS.
[1]https://svn.apache.org/repos/asf/servicemix/components/trunk/bindings/servicemix-cxf-bc/src/test/java/org/apache/servicemix/cxfbc/ws/security/CxfBcProviderSecurityTest.java
Freeman
On 2012-2-27, at 下午8:20, Radomir Kadlec wrote:
Hello,
I build some ServiceMix gateway for our business services.
The whole project uses osgi bundles as deployment model.
Used ServiceMix version: apache-servicemix-4.4.1-fuse-01-06
The *cxfbc:consumer* accepts SOAP requests, makes logging and
authentication
(username token with password in plain text). It uses
WSS4JInInterceptor
together with JAAS configured authentication and authorization to
access
LDAP login module. All of this works fine.
I have no own password callback-handler for the incoming/outgoing
messages,
WSS4JInInterceptor is configured with the *ws-
security.validate.token*=false
property, so JAAS does all the work.
The *cxfbc:producer* shall only forward the incomming message
together with
all SOAP headers (especially WS-Security header) to our business
services.
*How can I configure the cxfbc:producer to include the username and
password
catched from JAAS?*
Is it possible or I can not use cxfbc:producer and must use some
simple http
forwarder?
The incoming message shall be forwarded only after successfully
authentization in JAAS.
I included my test configuration.
http://servicemix.396122.n5.nabble.com/file/n5518767/beans_cxf.xml
beans_cxf.xml
http://servicemix.396122.n5.nabble.com/file/n5518767/isl_a.wsdl
isl_a.wsdl
Thanks,
Radomir
--
View this message in context:
http://servicemix.396122.n5.nabble.com/cxfbc-provider-with-WS-Security-and-previous-JAAS-authentication-tp5518767p5518767.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
---------------------------------------------
Freeman Fang
FuseSource
Email:[email protected]
Web: fusesource.com
Twitter: freemanfang
Blog: http://freemanfang.blogspot.com
