cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fred Dushin <f...@dushin.net>
Subject Re: Acegi Security with CXF
Date Wed, 29 Aug 2007 19:59:00 GMT
How's this for the outbound side:

     <jaxws:client name="{http://www.apache.org}SoapPort"  
createdFromAPI="true">
         <jaxws:features>
             <bean class="org.apache.cxf.feature.LoggingFeature"/>
         </jaxws:features>
         <jaxws:outInterceptors>
             <bean  
class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor"/>
             <ref bean="UOverT_Request"/>
         </jaxws:outInterceptors>
     </jaxws:client>
     <bean
         class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"
         id="UOverT_Request">
         <constructor-arg>
             <map>
                 <entry key="action" value="UsernameToken Timestamp"/>
                 <entry key="user" value="Alice"/>
                 <entry key="passwordCallbackClass"  
value="demo.hw.client.UTPasswordCallback"/>
                 <entry key="passwordType" value="PasswordText"/>
             </map>
         </constructor-arg>
      </bean>

-Fred

On Aug 29, 2007, at 1:31 PM, vannguyen0 wrote:

>
> Fred,
>
> Can I get a sample CFX config?
>
> Thanks,
>
> Van
>
>
> Fred Dushin-3 wrote:
>>
>>
>> I don't know a lot about acegi, but if you are only talking about
>> propagating a WS-Security UnsernameToken through a SOAP wss:Security
>> header, then yes, CXF is perfectly capable of doing this.
>>
>> Note, however, that you will need to add some code on the consuming
>> side of the message to "validate" the username and password, via
>> WSS4J callback, which you'll also need to configure through Spring.
>> Like XFire, the CXF WS-Security interceptor is based not only on the
>> WSS4J toolkit, but also on the WSS4J Handler architecture (which Axis
>> uses, as well).  Not knowing much at all about XFire, I believe the
>> CXF configuration should be pretty strightforwardly mappable to CXF.
>>
>> Shout if you need a sample CXF config.
>>
>> -Fred
>>
>> On Aug 27, 2007, at 3:44 PM, Kaleb Walton wrote:
>>
>>> There is an example at that URL
>>> as well but it is for XFire and I'm not sure how those concepts
>>> translate
>>> over to CXF; additionally the example they use points out its own
>>> inefficiency suggesting it should use a custom handler to read the
>>> contents
>>> of the SOAP message via StAX.
>>
>>
>>
>
> -- 
> View this message in context: http://www.nabble.com/Acegi-Security- 
> with-CXF-tf4337860.html#a12391936
> Sent from the cxf-user mailing list archive at Nabble.com.
>
>

Mime
View raw message