camel-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From garethahealy <garethahe...@gmail.com>
Subject CXF with WS-Security using JAAS
Date Thu, 30 Oct 2014 14:58:14 GMT
I am trying to secure a CXF endpoint with JAAS. But am hitting an issue/not
fully understanding how to get the PasswordDigest working. I have the
solution working when the password type is PasswordText.So I've created a
new realm, which points to a file as per below:
&lt;jaas:config name=&quot;webservices&quot; rank=&quot;-1&quot;&gt;
   
&lt;jaas:module
className=&quot;org.apache.karaf.jaas.modules.properties.PropertiesLoginModule&quot;
flags=&quot;required&quot;&gt;	       users =
$[karaf.base]/etc/com.garethahealy.webservices.cfg	       encryption.enabled
= true	    encryption.name = jasypt	    encryption.prefix = ENC(	   
encryption.suffix = )	    	       detailed.login.exception = true	      
debug = true	    &lt;/jaas:module&gt;	&lt;/jaas:config&gt;
The contents of the file on first run is 'user.gareth=healy', which is then
re-written after the first call, to be ENC(hashed value), which seems
correct.Below is the WSS4J / JAAS / CXF setup:
&lt;bean id=&quot;authenticationInterceptor&quot;
class=&quot;org.apache.cxf.interceptor.security.JAASLoginInterceptor&quot;&gt;
&lt;property name=&quot;contextName&quot; value=&quot;webservices&quot;/&gt;

&lt;property name=&quot;reportFault&quot;
value=&quot;true&quot;/&gt;&lt;/bean&gt;&lt;bean
id=&quot;wss4jInInterceptor&quot;
class=&quot;org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor&quot;&gt;
&lt;argument&gt;		&lt;map&gt;			&lt;entry key=&quot;action&quot;
value=&quot;UsernameToken Timestamp&quot; /&gt;			&lt;entry
key=&quot;passwordType&quot; value=&quot;PasswordDigest&quot; /&gt; &lt;!--
PasswordText / PasswordDigest --&gt;		&lt;/map&gt;
&lt;/argument&gt;&lt;/bean&gt;   &lt;cxf:cxfEndpoint
id=&quot;helloWorldCxf&quot;    
address=&quot;${cxf.helloworld.transport}://0.0.0.0:${cxf.helloworld.port}/cxf/helloWorldService&quot;
   
serviceClass=&quot;com.garethahealy.helloworld.HelloWorldEndpoint&quot;&gt;  

&lt;cxf:inInterceptors&gt;   		&lt;ref
component-id=&quot;wss4jInInterceptor&quot; /&gt;		&lt;ref
component-id=&quot;authenticationInterceptor&quot; /&gt;
&lt;/cxf:inInterceptors&gt;	&lt;cxf:properties&gt;		&lt;entry
key=&quot;schema-validation-enabled&quot;
value=&quot;${schema.validation.enabled}&quot; /&gt;		&lt;entry
key=&quot;loggingFeatureEnabled&quot;
value=&quot;${logging.isCxfDebug}&quot; /&gt;		&lt;entry
key=&quot;ws-security.validate.token&quot; value=&quot;false&quot;/&gt;
&lt;/cxf:properties&gt;&lt;/cxf:cxfEndpoint&gt;
Below is the request when sending PasswordDigest:
Address: http://0.0.0.0:9001/cxf/helloWorldServiceEncoding:
UTF-8Http-Method: POSTContent-Type: text/xml;charset=UTF-8Headers:
{accept-encoding=[gzip,deflate], connection=[keep-alive],
Content-Length=[1242], content-type=[text/xml;charset=UTF-8],
Host=[0.0.0.0:9001],
SOAPAction=["http://helloworld.garethahealy.com/SayHello"],
User-Agent=[Apache-HttpClient/4.1.1 (java 1.5)]}Payload:&lt;soapenv:Envelope
xmlns:hel=&quot;http://helloworld.garethahealy.com&quot;
xmlns:soapenv=&quot;http://schemas.xmlsoap.org/soap/envelope/&quot;&gt;&lt;soapenv:Header&gt;
  
&lt;wsse:Security
xmlns:wsse=&quot;http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd&quot;
xmlns:wsu=&quot;http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd&quot;
soapenv:mustUnderstand=&quot;1&quot;&gt;    &lt;wsu:Timestamp
wsu:Id=&quot;TS-85795D5F327115C93A141467959615289&quot;&gt;       
&lt;wsu:Created&gt;2014-10-30T14:33:16Z&lt;/wsu:Created&gt;       
&lt;wsu:Expires&gt;2014-10-30T14:33:17Z&lt;/wsu:Expires&gt;   
&lt;/wsu:Timestamp&gt;    &lt;wsse:UsernameToken
wsu:Id=&quot;UsernameToken-85795D5F327115C93A141467959615188&quot;&gt;       
&lt;wsse:Username&gt;user.gareth&lt;/wsse:Username&gt;       
&lt;wsse:Password
Type=&quot;http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest&quot;&gt;y2rUhVaSPSYGGJxx5vz/gAe8Kxo=&lt;/wsse:Password&gt;
      
&lt;wsse:Nonce
EncodingType=&quot;http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary&quot;&gt;AsgNPh2VykCuQ0CN4EvRPw==&lt;/wsse:Nonce&gt;
      
&lt;wsu:Created&gt;2014-10-30T14:33:16.151Z&lt;/wsu:Created&gt;   
&lt;/wsse:UsernameToken&gt;&lt;/wsse:Security&gt;&lt;/soapenv:Header&gt;&lt;soapenv:Body&gt;
  
&lt;hel:helloWorldRequest&gt;        &lt;hello&gt;gareth&lt;/hello&gt;
  
&lt;/hel:helloWorldRequest&gt;&lt;/soapenv:Body&gt;&lt;/soapenv:Envelope&gt;
Which fails on the password match with: Unauthorized : Password for
user.gareth does not match.Any pointers to what i am doing wrong would be
helpful. This is running on JBoss Fuse 6.1 - redhat379 and i am sending the
request from SoapUI 5



--
View this message in context: http://camel.465427.n5.nabble.com/CXF-with-WS-Security-using-JAAS-tp5758345.html
Sent from the Camel - Users mailing list archive at Nabble.com.
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message