cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason Chen (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-3216) Refactor http authentication to make it more flexible and simpler
Date Mon, 11 Apr 2011 15:14:14 GMT

    [ https://issues.apache.org/jira/browse/CXF-3216?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13018384#comment-13018384
] 

Jason Chen commented on CXF-3216:
---------------------------------

Hi Christian, when you said Kerberos auth can now be configured, does that include the policy
handler as well?
I just looked at the nightly build source code and couldn't see how the SymmetricBindingHandler
ever gets the KerberosToken or SpnegoToken since there is no token subclasses and builiders
for these tokens.

I quickly tried the latest snapshot for kerberos auth and got the following exception:
Caused by: org.apache.cxf.ws.policy.PolicyException: No signature token
	at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.policyNotAsserted(AbstractBindingBuilder.java:295)...

which makes sense. I can see the SpnegoAuthSupplier executed and get the token from our KDC
and inserted into the headers. So I tried disabling the the policy engine with "<p:engine
enabled="false"></p:engine>" config and now get this exception:
org.w3c.dom.DOMException: NOT_FOUND_ERR
	at weblogic.xml.domimpl.ParentNode.internalRemoveChild(ParentNode.java:317)
	at weblogic.xml.domimpl.ParentNode.removeChild(ParentNode.java:297)
	at weblogic.xml.domimpl.ElementBase.removeChild(ElementBase.java:24)
	at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:144)...

Am I missing something obvious here? Will I need to implement the policy builder and token
myself? I am new to this and happy to contribute if this hasn't been implemented, so any pointers
are appreciated.

> Refactor http authentication to make it more flexible and simpler
> -----------------------------------------------------------------
>
>                 Key: CXF-3216
>                 URL: https://issues.apache.org/jira/browse/CXF-3216
>             Project: CXF
>          Issue Type: Improvement
>          Components: Transports
>    Affects Versions: 2.3.1
>            Reporter: Christian Schneider
>            Assignee: Christian Schneider
>             Fix For: 2.4
>
>         Attachments: CXF-3216-1.patch, CXF-3216-2.patch
>
>
> The http authentication should be completely based on authSupplier. The HttpConduit should
simply delegate to it.
> We should also remove some of the other auth config options besides authorizationPolicy
on conduit.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message