cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Freeman Fang (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (CXF-5922) Secure CXF WSDL with standard HTTP Authentication
Date Thu, 21 Aug 2014 05:34:40 GMT

     [ https://issues.apache.org/jira/browse/CXF-5922?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Freeman Fang resolved CXF-5922.
-------------------------------

       Resolution: Fixed
    Fix Version/s: 3.1.0
                   3.0.2
                   2.7.13

commit fix
http://git-wip-us.apache.org/repos/asf/cxf/commit/8ebe5261 for master
http://git-wip-us.apache.org/repos/asf/cxf/commit/b3d5313c for 3.0.x-fixes branch
http://git-wip-us.apache.org/repos/asf/cxf/commit/e7dae9b2 for 2.7.x-fixes branch
now can enable the get wsdl authentication by add an interceptor like
{code}

<bean id="wsdlGetAuthenticationInterceptor" class="org.apache.cxf.transport.http.auth.WSDLGetAuthenticatorInterceptor">
    
       <!-- realm context name-->
       <property name="contextName" value="karaf"/>
 </bean>

<jaxws:endpoint id="helloWorld"
        implementor="..."
        address="/HelloWorld">
        
        <jaxws:inInterceptors>
                     <ref component-id="wsdlGetAuthenticationInterceptor"/>
        </jaxws:inInterceptors>
   </jaxws:endpoint>

{code}

> Secure CXF WSDL with standard HTTP Authentication
> -------------------------------------------------
>
>                 Key: CXF-5922
>                 URL: https://issues.apache.org/jira/browse/CXF-5922
>             Project: CXF
>          Issue Type: Improvement
>          Components: JAX-WS Runtime
>    Affects Versions: 2.7.8
>            Reporter: Joe Luo
>            Assignee: Freeman Fang
>             Fix For: 2.7.13, 3.0.2, 3.1.0
>
>
> I am running a camel route in an OSGi container, with CXF as a consumer endpoint, using
the Provider<T> route mechanism. The route is secured with SSL and HTTP Basic Authentication
using JAASLoginInterceptor and SimpleAuthorizingInterceptor interceptors. 
> Now I want to secure WSDL on the camel-cxf consumer endpoint with HTTP Basic Authentication,
similarly going through JAAS. 
> However, since WSDLGetInterceptor is placed in Phase.READ, it is not possible to use
JAASLoginInterceptor and SimpleAuthorizingInterceptorbecause due to the fact that the two
interceptors are placed in Phase.UNMARSHAL and Phase.PRE_INVOKE respectively and they are
far behind Phase.READ.
> There are two possible solutions I can thinking of:
>     # move the WSDLGetInterceptor and RawMessageWSDLGetInterceptor from the Phase.READ
to Phase.PRE-INVOKE or later so they can take advantage of JAASLoginInterceptor and SimpleAuthorizingInterceptor
just as other SOAP calls;
>     # introduce one (or two) special interceptor to do what the JAASLoginInterceptor
and the SimpleAuthorizingInterceptor normally do just for WSDL GET invocation.
> The first option might introduce too much change but the second option sounds a better
choice. We should introduce one or two interceptors for WSDL GET invocation to integrate with
standard HTTP Authentication just like other SOAP calls so users do not have to write custom
interceptors themselves. Instead they can simply enable it through configuration only. 
> It should also satisfy requirement for using the same authentication/authorization method
through JAAS just like other SOAP calls.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message