cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fred Dushin <>
Subject Re: Acegi Security with CXF
Date Wed, 29 Aug 2007 19:59:00 GMT
How's this for the outbound side:

     <jaxws:client name="{}SoapPort"  
             <bean class="org.apache.cxf.feature.LoggingFeature"/>
             <ref bean="UOverT_Request"/>
                 <entry key="action" value="UsernameToken Timestamp"/>
                 <entry key="user" value="Alice"/>
                 <entry key="passwordCallbackClass"  
                 <entry key="passwordType" value="PasswordText"/>


On Aug 29, 2007, at 1:31 PM, vannguyen0 wrote:

> Fred,
> Can I get a sample CFX config?
> Thanks,
> Van
> Fred Dushin-3 wrote:
>> I don't know a lot about acegi, but if you are only talking about
>> propagating a WS-Security UnsernameToken through a SOAP wss:Security
>> header, then yes, CXF is perfectly capable of doing this.
>> Note, however, that you will need to add some code on the consuming
>> side of the message to "validate" the username and password, via
>> WSS4J callback, which you'll also need to configure through Spring.
>> Like XFire, the CXF WS-Security interceptor is based not only on the
>> WSS4J toolkit, but also on the WSS4J Handler architecture (which Axis
>> uses, as well).  Not knowing much at all about XFire, I believe the
>> CXF configuration should be pretty strightforwardly mappable to CXF.
>> Shout if you need a sample CXF config.
>> -Fred
>> On Aug 27, 2007, at 3:44 PM, Kaleb Walton wrote:
>>> There is an example at that URL
>>> as well but it is for XFire and I'm not sure how those concepts
>>> translate
>>> over to CXF; additionally the example they use points out its own
>>> inefficiency suggesting it should use a custom handler to read the
>>> contents
>>> of the SOAP message via StAX.
> -- 
> View this message in context: 
> with-CXF-tf4337860.html#a12391936
> Sent from the cxf-user mailing list archive at

View raw message