camel-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jesper Nygårds <jesper.nyga...@gmail.com>
Subject Re: CXF proxy for ws security
Date Wed, 21 Nov 2012 10:51:40 GMT
Great thanks, Daniel!

That solved the problem. I have a hard time finding any documentation about
CXF_MESSAGE mode. What is the difference between this and the PAYLOAD mode?

Jesper



On Tue, Nov 20, 2012 at 9:31 PM, Daniel Kulp <dkulp@apache.org> wrote:

>
> With MESSAGE mode, camel-cxf pretty much keeps everything as a stream and
> bypasses much of the CXF interceptor chain and conversions and such.   In
> some cases, that's very good.  Performance and stuff works well.  However,
> it also means a lot of CXF's processing capabilities are not used/usable.
>
> If you flip to PAYLOAD mode or the new CXF_MESSAGE mode, it will likely
> work find for you.   Those will behave more like normal CXF clients/servers
> that would allow all the ws-security stuff to work.
>
> Dan
>
>
>
> On Nov 20, 2012, at 10:01 AM, Jesper Nygårds <jesper.nygards@gmail.com>
> wrote:
>
> > I have a scenario where I want to add wss signing to an outgoing web
> > service call. I am trying to accomplish this by using a cxf consumer and
> a
> > cxf producer wired together by camel as a simple proxy.
> >
> > The idea is this: a system sends an un-signed SOAP request to our CXF web
> > service requiring no security. The call is then routed to a CXF client,
> > which signs th eoutgoing message using wss. This way, the original caller
> > does not concern itself with any security related issues.
> >
> > I have included our spring configuration below. The problem is that the
> > call gets routed as it should through the two CXF beans, but the outgoing
> > call leaves the CXF client without being signed. There is no trace of any
> > wss headers in the outgoing call.
> >
> > Turning on debugging, I can see that the WSS4JOutInterceptor is invoked,
> > and it writes to the debug messages that it has created a
> > xmldsig:SignedInfo element, but this is never added to the outgoing
> > message. Can anyone here throw some light on this problem?
> >
> > Here's the configuration:
> >
> > <?xml version="1.0" encoding="UTF-8"?>
> >
> > <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="
> > http://www.w3.org/2001/XMLSchema-instance" xmlns:camel="
> > http://camel.apache.org/schema/spring"
> >    xmlns:cxf="http://camel.apache.org/schema/cxf" xmlns:context="
> > http://www.springframework.org/schema/context"
> >    xsi:schemaLocation="http://www.springframework.org/schema/beans
> > http://www.springframework.org/schema/beans/spring-beans.xsd
> >       http://www.springframework.org/schema/context
> > http://www.springframework.org/schema/context/spring-context.xsd
> >       http://camel.apache.org/schema/spring
> > http://camel.apache.org/schema/spring/camel-spring.xsd
> >       http://camel.apache.org/schema/cxf
> > http://camel.apache.org/schema/cxf/camel-cxf.xsd">
> >
> >    <import resource="classpath:META-INF/cxf/cxf.xml" />
> >
> >    <cxf:cxfEndpoint id="receiveOutgoingMessageEndpoint"
> > wsdlURL="etc/SendOccupationalPensionService.wsdl"
> > address="/sendOccupationalPension"
> >        serviceName="s:SendOccupationalPensionService" xmlns:s="
> > http://ssek.ic.afa.se/">
> >        <cxf:properties>
> >            <entry key="dataFormat" value="MESSAGE" />
> >        </cxf:properties>
> >    </cxf:cxfEndpoint>
> >
> >    <cxf:cxfEndpoint id="sendOutgoingMessageEndpoint" address="
> > http://localhost:8088/mockSendOccupationalPensionResponseToFKSOAPBinding
> ">
> >        <cxf:properties>
> >            <entry key="dataFormat" value="MESSAGE" />
> >        </cxf:properties>
> >        <cxf:outInterceptors>
> >            <bean
> > class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
> >                <constructor-arg>
> >                    <map>
> >                        <entry key="action" value="Timestamp Signature" />
> >                        <entry key="user" value="myservicekey" />
> >                        <entry key="signatureKeyIdentifier"
> > value="DirectReference" />
> >                        <entry key="timeToLive" value="10800" />
> >                        <entry key="signaturePropFile"
> > value="classpath:etc/ssek.serviceKeystore.properties" />
> >                        <entry key="passwordCallbackRef">
> >                            <bean
> > class="se.afa.ic.ssek.ServiceKeystorePasswordCallback">
> >                                <constructor-arg>
> >                                    <value>myservicekey</value>
> >                                </constructor-arg>
> >                                <constructor-arg>
> >                                    <value>skpass</value>
> >                                </constructor-arg>
> >                            </bean>
> >                        </entry>
> >                        <entry key="signatureParts"
> >                            value="{Element}{
> >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body
> "
> > />
> >                    </map>
> >                </constructor-arg>
> >            </bean>
> >        </cxf:outInterceptors>
> >    </cxf:cxfEndpoint>
> >
> >    <camelContext id="camelContext" xmlns="
> > http://camel.apache.org/schema/spring">
> >        <route trace="true">
> >            <from uri="cxf:bean:receiveOutgoingMessageEndpoint" />
> >            <to uri="cxf:bean:sendOutgoingMessageEndpoint" />
> >        </route>
> >    </camelContext>
> >
> > </beans>
>
> --
> Daniel Kulp
> dkulp@apache.org - http://dankulp.com/blog
> Talend Community Coder - http://coders.talend.com
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message