« Return to Thread: Acegi Security with CXF
Re: Acegi Security with CXF
by Fred Dushin-3
::
Rate this Message:
How's this for the outbound side:
<jaxws:client name="{http://www.apache.org}SoapPort"
createdFromAPI="true">
<jaxws:features>
<bean class="org.apache.cxf.feature.LoggingFeature"/>
</jaxws:features>
<jaxws:outInterceptors>
<bean
class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor"/>
<ref bean="UOverT_Request"/>
</jaxws:outInterceptors>
</jaxws:client>
<bean
class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"
id="UOverT_Request">
<constructor-arg>
<map>
<entry key="action" value="UsernameToken Timestamp"/>
<entry key="user" value="Alice"/>
<entry key="passwordCallbackClass"
value="demo.hw.client.UTPasswordCallback"/>
<entry key="passwordType" value="PasswordText"/>
</map>
</constructor-arg>
</bean>
-Fred
On Aug 29, 2007, at 1:31 PM, vannguyen0 wrote:
>
> Fred,
>
> Can I get a sample CFX config?
>
> Thanks,
>
> Van
>
>
> Fred Dushin-3 wrote:
>>
>>
>> I don't know a lot about acegi, but if you are only talking about
>> propagating a WS-Security UnsernameToken through a SOAP wss:Security
>> header, then yes, CXF is perfectly capable of doing this.
>>
>> Note, however, that you will need to add some code on the consuming
>> side of the message to "validate" the username and password, via
>> WSS4J callback, which you'll also need to configure through Spring.
>> Like XFire, the CXF WS-Security interceptor is based not only on the
>> WSS4J toolkit, but also on the WSS4J Handler architecture (which Axis
>> uses, as well). Not knowing much at all about XFire, I believe the
>> CXF configuration should be pretty strightforwardly mappable to CXF.
>>
>> Shout if you need a sample CXF config.
>>
>> -Fred
>>
>> On Aug 27, 2007, at 3:44 PM, Kaleb Walton wrote:
>>
>>> There is an example at that URL
>>> as well but it is for XFire and I'm not sure how those concepts
>>> translate
>>> over to CXF; additionally the example they use points out its own
>>> inefficiency suggesting it should use a custom handler to read the
>>> contents
>>> of the SOAP message via StAX.
>>
>>
>>
>
> --
> View this message in context: http://www.nabble.com/Acegi-Security-
> with-CXF-tf4337860.html#a12391936
> Sent from the cxf-user mailing list archive at Nabble.com.
>
>
<jaxws:client name="{http://www.apache.org}SoapPort"
createdFromAPI="true">
<jaxws:features>
<bean class="org.apache.cxf.feature.LoggingFeature"/>
</jaxws:features>
<jaxws:outInterceptors>
<bean
class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor"/>
<ref bean="UOverT_Request"/>
</jaxws:outInterceptors>
</jaxws:client>
<bean
class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"
id="UOverT_Request">
<constructor-arg>
<map>
<entry key="action" value="UsernameToken Timestamp"/>
<entry key="user" value="Alice"/>
<entry key="passwordCallbackClass"
value="demo.hw.client.UTPasswordCallback"/>
<entry key="passwordType" value="PasswordText"/>
</map>
</constructor-arg>
</bean>
-Fred
On Aug 29, 2007, at 1:31 PM, vannguyen0 wrote:
>
> Fred,
>
> Can I get a sample CFX config?
>
> Thanks,
>
> Van
>
>
> Fred Dushin-3 wrote:
>>
>>
>> I don't know a lot about acegi, but if you are only talking about
>> propagating a WS-Security UnsernameToken through a SOAP wss:Security
>> header, then yes, CXF is perfectly capable of doing this.
>>
>> Note, however, that you will need to add some code on the consuming
>> side of the message to "validate" the username and password, via
>> WSS4J callback, which you'll also need to configure through Spring.
>> Like XFire, the CXF WS-Security interceptor is based not only on the
>> WSS4J toolkit, but also on the WSS4J Handler architecture (which Axis
>> uses, as well). Not knowing much at all about XFire, I believe the
>> CXF configuration should be pretty strightforwardly mappable to CXF.
>>
>> Shout if you need a sample CXF config.
>>
>> -Fred
>>
>> On Aug 27, 2007, at 3:44 PM, Kaleb Walton wrote:
>>
>>> There is an example at that URL
>>> as well but it is for XFire and I'm not sure how those concepts
>>> translate
>>> over to CXF; additionally the example they use points out its own
>>> inefficiency suggesting it should use a custom handler to read the
>>> contents
>>> of the SOAP message via StAX.
>>
>>
>>
>
> --
> View this message in context: http://www.nabble.com/Acegi-Security-
> with-CXF-tf4337860.html#a12391936
> Sent from the cxf-user mailing list archive at Nabble.com.
>
>
« Return to Thread: Acegi Security with CXF
| Free embeddable forum powered by Nabble | Forum Help |
