cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From janb <jan.bernha...@sopera.com>
Subject Changing username via Callback Handler
Date Tue, 06 Dec 2011 12:08:16 GMT
Hi I would like to start a discussion on extending the usage of a
ClientCallbackHandler.

Currently the username for a a service consumer is rather static configured
via ws-security.username property. This works great for situations where a
user is fixed assigned to a service-consumer. But if different users call
the same service consumer, it would be great, if these user-information
could be dynamically forwarded to the service. Surely one way to do this
(the recommended way) would be via ActAs or OnBehalfOf Token /
CallbackHandler. But this works only, if the sts server can handle these
token. In situations, where the sts server can not handle delegated
identities, the usual ws-security authentication token could be used
instead.

In my case a UsernamePassword Token should contain credentials from the
person that calls my cxf client.
Via CallbackHandler it is easy to pass the password along, but the username
will always be taken from the (spring config) property. As far as I can see,
there would be to methods within cxf that could be updatet to use the
Username provided via a CallbackHandler instead of using the
ws-security.username property.

This would be:
*
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder#addUsernameToken(UsernameToken
token)
*
org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor#addUsernameToken(SoapMessage
message, UsernameToken token)

Instead of calling 
utBuilder.setUserInfo(userName, password);
with the username from 
String userName =
(String)message.getContextualProperty(SecurityConstants.USERNAME);
the callback handler should be called to provide both username and password.

The username from ws-security.username property would still be the initial
(default) value, and only of the callbackhandler changes the username the
WSSecUsernameToken would contain another username.

I hope I was able to transfer my thoughts via text ;-)

What are your thoughts about my proposal?

--
View this message in context: http://cxf.547215.n5.nabble.com/Changing-username-via-Callback-Handler-tp5051891p5051891.html
Sent from the cxf-dev mailing list archive at Nabble.com.

Mime
View raw message