cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wes <>
Subject Re: WSS4J, CXF, & Custom Attributes to a Servic
Date Wed, 04 Jun 2008 20:14:59 GMT
Inside WSSecurityInterceptor (which extends AbstractSoapInterceptor) I'm
explicitly creating a HashMap with the properties to create a
WSS4JInterceptor. That interceptor and my SAAJInINterceptor are added to the
chain in my handleMessage routine. There are userful operations on the
WSS4JInterceptor, but at this point in code the callback doesn't appear to
have been called yet. So calling the operations on the interceptor return
null. I tried calling doIntercept off the interceptorChain but I get the
same results.

To be honest, I'm a bit unclear on how the phases work and the interactions
of the classes at this point. So it's very possible I'm doing something
wrong. I think I need the message context inside the CallbackHandler's
handle routine. I just don't know how to get ahold of it or if that's even
the correct approach.

On Wed, Jun 4, 2008 at 3:40 PM, Boxiong Ding <> wrote:

> Did you try extending WSS4JInInterceptor instead? It has a method called
> handleMessage() which takes a SoapMessage. I think you can do some
> manipulation there.
> Boxiong
> ----- Original Message ----
> From: Wes <>
> To:
> Sent: Wednesday, June 4, 2008 12:20:37 PM
> Subject: WSS4J, CXF, & Custom Attributes to a Service
> Hello,
> I hope you guys (and gals) can help. I've been fighting this for days.
> I have a CXF service that implements Username Token profile security via
> the
> WSS4J api. Everything works as expected. I'm using SoapUI to test the
> service. I can set  an explicit username and password. Pass that data
> through a class (WSSecurityInterceptor) that extends
> AbstractSoapInterceptor
> where I can place a CallBack class that implements CallbackHandler and
> validate the username/password I sent in from SOAPUI.
> In my callback class, I will be integrating the authentication to an Access
> Manager API provided by our portal implementation. I can do this also
> without a problem. The problem comes in when.... once I authenticate the
> user I have access to all the data from our backend ldap that I will need
> in
> my service. I've been trying to figure out a way to decorate the incoming
> SOAP request with this specific data and, once inside my service, retrieve
> the data without double-tapping ldap.
> I've tried adding SOAP Headers, but there isn't a context inside the handle
> method of the CallbackHandler. There has got to be a way to do this that
> I'm
> just flat out missing. What is the correct way to decorate the SOAP request
> with additional data (provided during the actual authentication routine)
> inside the implemented CallbackHandler class?
> Any hints would be greatly appreciated.
> Wes

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message