Re: Not yet success with CXF and http basic authentication - would need help from people more knowledgeable on CXF and Mule internals

Hi all,

based on the article on
http://chrisdail.com/2008/03/31/apache-cxf-with-http-basic-authentication/

I tried to get CXF to authenticate with http basic authentication, but
as far as I can tell - stumbled in the part where CXF would need to
challenge the requester.

Since Mule has CXF version 2.0.4 and SoapHeaderInterceptor is not
available untill 2.0.5, I had to take it from 2.0.6 distribution to my
own project.

So far what I have in code, configuration and in logs is:

In the client:

        //Create Service
        PermissionApplicationService_Service service = new
PermissionApplicationService_Service();

        //create proxy
        PermissionApplicationService port =
service.getPermissionApplicationServiceImplPort();
        ((BindingProvider)port).getRequestContext().put(
BindingProvider.USERNAME_PROPERTY, "ross");
        ((BindingProvider)port).getRequestContext().put(
BindingProvider.PASSWORD_PROPERTY, "ross");

       System.out.println(port.sayHi("jee"));

Client is created with wsimport and in above code the username and
password is set to the client.

The mule configuration:

   <model name="permissionApplication">
               <service name="PermAppUMO">
               <inbound>
                       <cxf:inbound-endpoint address="http://localhost:63081/hello"
synchronous="true" >
                         <cxf:inInterceptors>
                         <spring:bean
class="fi.helsinki.muledemo.services.BasicAuthAuthorizationInterceptor"
/>
                        </cxf:inInterceptors>
                       </cxf:inbound-endpoint>
               </inbound>
               <component
                       class="fi.helsinki.muledemo.services.PermissionApplicationServiceImpl" />
       </service>
   </model>

The interceptor just like in the post, with some debugging code added.

In the interceptor's handleMessage method:

       AuthorizationPolicy policy = message.get(AuthorizationPolicy.class);
       logger.info("Go through message");
       Set<Entry<String,Object>>  entryset = message.entrySet();
       Iterator i = entryset.iterator();
       while(i.hasNext()){
           Entry e = (Entry) i.next();
           String key = (String) e.getKey();
           Object value = e.getValue();
           logger.info("message, key + balue " + key + " " + value);
       }

Since there is no policy set, the intention is to loop through message
to see what is set there.

Thus in the log is following:

INFO  2008-05-18 16:00:37,684 [connector.http.0.receiver.3]
fi.helsinki.muledemo.services.EchoComponent: Go through message
INFO  2008-05-18 16:00:37,684 [connector.http.0.receiver.3]
fi.helsinki.muledemo.services.EchoComponent: message, key + balue
javax.xml.ws.wsdl.port
{http://services.muledemo.helsinki.fi/}PermissionApplicationServiceImplPort
INFO  2008-05-18 16:00:37,684 [connector.http.0.receiver.3]
fi.helsinki.muledemo.services.EchoComponent: message, key + balue
org.apache.cxf.service.model.MessageInfo
org.apache.cxf.service.model.MessageInfo@5b25daf5
INFO  2008-05-18 16:00:37,684 [connector.http.0.receiver.3]
fi.helsinki.muledemo.services.EchoComponent: message, key + balue
org.apache.cxf.transport.local.LocalConduit.directDispatch true
INFO  2008-05-18 16:00:37,684 [connector.http.0.receiver.3]
fi.helsinki.muledemo.services.EchoComponent: message, key + balue
javax.xml.ws.wsdl.service
{http://services.muledemo.helsinki.fi/}PermissionApplicationService
INFO  2008-05-18 16:00:37,684 [connector.http.0.receiver.3]
fi.helsinki.muledemo.services.EchoComponent: message, key + balue
org.apache.cxf.message.Message.HTTP_REQUEST_METHOD POST
INFO  2008-05-18 16:00:37,684 [connector.http.0.receiver.3]
fi.helsinki.muledemo.services.EchoComponent: message, key + balue
org.apache.cxf.message.Message.ENCODING utf-8
INFO  2008-05-18 16:00:37,684 [connector.http.0.receiver.3]
fi.helsinki.muledemo.services.EchoComponent: message, key + balue
javax.xml.ws.wsdl.interface
{http://services.muledemo.helsinki.fi/}PermissionApplicationService
INFO  2008-05-18 16:00:37,684 [connector.http.0.receiver.3]
fi.helsinki.muledemo.services.EchoComponent: message, key + balue
mule.destination.response.observer
org.mule.transport.cxf.CxfServiceComponent$ResponseListener@124a3993
INFO  2008-05-18 16:00:37,684 [connector.http.0.receiver.3]
fi.helsinki.muledemo.services.EchoComponent: message, key + balue
javax.xml.ws.wsdl.operation
{http://services.muledemo.helsinki.fi/}sayHi
INFO  2008-05-18 16:00:37,684 [connector.http.0.receiver.3]
fi.helsinki.muledemo.services.EchoComponent: message, key + balue
org.apache.cxf.transport.Destination
org.mule.transport.cxf.transport.MuleUniversalDestination@4709eb46
INFO  2008-05-18 16:00:37,684 [connector.http.0.receiver.3]
fi.helsinki.muledemo.services.EchoComponent: message, key + balue
SOAPAction null
INFO  2008-05-18 16:00:37,684 [connector.http.0.receiver.3]
fi.helsinki.muledemo.services.EchoComponent: message, key + balue
javax.xml.ws.wsdl.description http://localhost:63081/hello?wsdl
INFO  2008-05-18 16:00:37,684 [connector.http.0.receiver.3]
fi.helsinki.muledemo.services.EchoComponent: message, key + balue
Content-Type text/xml
INFO  2008-05-18 16:00:37,684 [connector.http.0.receiver.3]
fi.helsinki.muledemo.services.EchoComponent: message, key + balue
org.apache.cxf.headers.Header.list []
INFO  2008-05-18 16:00:37,684 [connector.http.0.receiver.3]
fi.helsinki.muledemo.services.EchoComponent: message, key + balue
org.apache.cxf.message.Message.PATH_INFO /hello
INFO  2008-05-18 16:00:37,684 [connector.http.0.receiver.3]
fi.helsinki.muledemo.services.EchoComponent: message, key + balue
org.apache.cxf.message.Message.BASE_PATH /hello
INFO  2008-05-18 16:00:37,685 [connector.http.0.receiver.3]
fi.helsinki.muledemo.services.EchoComponent: In handleMessage, policy
is null

No information about the authorization, which is reasonable since Mule
/ CXF has not yet even challenged the requester.

Before that can happen, comes an error.

Log:

ERROR 2008-05-18 16:00:37,695 [connector.http.0.receiver.3]
org.mule.service.DefaultServiceExceptionStrategy:
********************************************************************************
Message               : Component that caused exception is:
_cxfServiceComponent{http://services.muledemo.helsinki.fi/}PermissionApplicationService2094942626.
Message payload is of type: ContentLengthInputStream
Type                  : org.mule.api.service.ServiceException
Code                  : MULE_ERROR--2
Payload               :
org.apache.commons.httpclient.ContentLengthInputStream@7c220ad8
JavaDoc               :
http://mule.mulesource.org/docs/apidocs/org/mule/api/service/ServiceException.html
********************************************************************************
Exception stack is:
1. null (java.lang.NullPointerException)
 org.mule.transport.cxf.CxfServiceComponent$ResponseListener:333 (null)
2. Component that caused exception is:
_cxfServiceComponent{http://services.muledemo.helsinki.fi/}PermissionApplicationService2094942626.
Message payload is of type: ContentLengthInputStream
(org.mule.api.service.ServiceException)
 org.mule.component.DefaultLifecycleAdapter:214
(http://mule.mulesource.org/docs/apidocs/org/mule/api/service/ServiceException.html)
********************************************************************************
Root Exception stack trace:
java.lang.NullPointerException
       at org.mule.transport.cxf.CxfServiceComponent$ResponseListener.getCachedStream(CxfServiceComponent.java:333)
       at org.mule.transport.cxf.CxfServiceComponent.sendToDestination(CxfServiceComponent.java:258)
       at org.mule.transport.cxf.CxfServiceComponent.onCall(CxfServiceComponent.java:112)
       at org.mule.model.resolvers.CallableEntryPointResolver.invoke(CallableEntryPointResolver.java:52)
       at org.mule.model.resolvers.DefaultEntryPointResolverSet.invoke(DefaultEntryPointResolverSet.java:50)
       at org.mule.component.DefaultLifecycleAdapter.intercept(DefaultLifecycleAdapter.java:202)
       at org.mule.component.AbstractJavaComponent.invokeComponentInstance(AbstractJavaComponent.java:82)
       at org.mule.component.AbstractJavaComponent.doOnCall(AbstractJavaComponent.java:73)
       at org.mule.component.AbstractComponent.onCall(AbstractComponent.java:87)
       at org.mule.model.seda.SedaService.doSend(SedaService.java:234)
       at org.mule.service.AbstractService.sendEvent(AbstractService.java:510)
       at org.mule.DefaultMuleSession.sendEvent(DefaultMuleSession.java:347)
       at org.mule.routing.inbound.DefaultInboundRouterCollection.send(DefaultInboundRouterCollection.java:196)
       at org.mule.routing.inbound.DefaultInboundRouterCollection.route(DefaultInboundRouterCollection.java:164)
       at org.mule.transport.AbstractMessageReceiver$DefaultInternalMessageListener.onMessage(AbstractMessageReceiver.java:604)
       at org.mule.transport.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:346)
       at org.mule.transport.AbstractMessageReceiver.routeMessage(AbstractMessageReceiver.java:287)
       at org.mule.transport.http.HttpMessageReceiver$HttpWorker.doRequest(HttpMessageReceiver.java:239)
       at org.mule.transport.http.HttpMessageReceiver$HttpWorker.processRequest(HttpMessageReceiver.java:197)
       at org.mule.transport.http.HttpMessageReceiver$HttpWorker.run(HttpMessageReceiver.java:163)
       at org.mule.work.WorkerContext.run(WorkerContext.java:310)
       at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1061)
       at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:575)
       at java.lang.Thread.run(Thread.java:637)

Seems like a dead end to me, since I don't really want to go deep into
Mule and CXF internals - but use the infrastructure.

Does anyone come up with ideas or instructions on how to get it to
work, or should I just use Axis and Acegi for HTTP Basic authenticated
webservices with SSL, and CXF when I need ws-security.

I actually tested WS-security and WSIT on glassfish and netbeans, and
was really impressed with the ease of use and well made documentation.
Therefore I'm actually thinking about using Glassfish and Metro to
handle the webservices-part and use Mule at the back for
orchestration. Ideas on which methods for communication from Glassfish
to Mule and back would be most usable are naturally listened with
great interest. So far I've been looking at the possibility to use
either ejbs or JMS-transports, but haven't tested yet at all.

The downside in that kind of arrangements is naturally the increased
complexity that I would not like to see.

Any thoughts or ideas?

-huima

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

   http://xircles.codehaus.org/manage_email