cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From krishmn <kris...@gmail.com>
Subject Is there any out of box interceptor for authenticating webservices (WS-Security) ?
Date Mon, 22 Sep 2008 22:32:28 GMT

--------------------------------------------------------------------------------

Hi,

We are trying to integrate CXF with Spring security for webservices and
using UserNameToken Profile for WS-Security.

Right now I'm writing the WSCallbackHandler to handle the "UserNameToken"
profile and authenticate against the spring secuirty by injecting
"authenticationManager".

Is there a "WS-SecurityIntercetor" similar to "WSS4JInInterceptor" which I
can use to inject the authentication mechanisam and as well as different
security profiles so that it would be done automatically for me?


<bean id="serverPasswordCallback"
class="com.company.security.auth.ServerPasswordCallback">
<property name="authenticationManager" ref="authenticationManager"/>
</bean>

<bean id="wss4jInConfiguration"
class="org.apache.cxf.ws.security.wss4j.WSS4JInInt erceptor">
<property name="properties">
<map>
<entry key="action" value="UsernameToken"/>
<entry key="passwordType" value="PasswordText" />
<entry>
<key>
<value>passwordCallbackRef</value>
</key>
<ref bean="serverPasswordCallback"/>
</entry>
</map>
</property>
</bean>

<jaxws:endpoint id="helloWorldEndpoint" implementor="#helloWorld"
address="/HelloWorld" >
<jaxws:inInterceptors>
<bean class="org.apache.cxf.binding.soap.saaj.SAAJInInte rceptor" />
<ref bean="wss4jInConfiguration"/>
</jaxws:inInterceptors>
</jaxws:endpoint> 


Thanks
Krishmn

-- 
View this message in context: http://www.nabble.com/Is-there-any-out-of-box-interceptor-for-authenticating-webservices-%28WS-Security%29---tp19616284p19616284.html
Sent from the cxf-dev mailing list archive at Nabble.com.


Mime
View raw message