cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "pawel.jasinski" <pawel.jasin...@gmail.com>
Subject per request SAML assertion
Date Wed, 19 Nov 2008 12:07:07 GMT

hi,

cxf together with wss4j does not allow for SAML assertion with dynamic
subject name (different subject name for each invocation).
I have made modification to wss4j to accept the extra parameter. I am stuck
at the cxf. WSS4JOutInterceptor is the place where the arguments have to be
added, but I don't see an obvious way to add the per request parameters to
the message context.
My goal would be to make a changes which can eventually make to the trunk.
I am afraid my spontaneous creation has very high chance to violate the cxf
best practices.

My specific use case:
- servlet (tomcat) obtains the user certificate as a result of SSL client
authentication
- servlet uses cxf client to invoke a web service (SAML, encryption,
signature)

Here are some ideas:
1. servlet put the information into the thread local variable, which in turn
is repacked by WSS4JOutInterceptor 
2. more complex: 
  - define identity interceptor, it takes config (?class) which describes
how to get the identity from given application and inserts it into message
context
  - WSS4JOutInterceptor repacks the information.

Any pointers and/or comments will be appreciated

Thanks
Pawel




-- 
View this message in context: http://www.nabble.com/per-request-SAML-assertion-tp20578502p20578502.html
Sent from the cxf-dev mailing list archive at Nabble.com.


Mime
View raw message