cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Kulp <dk...@apache.org>
Subject Re: Adding Elements to WS-Security Header .... WSS4JOutInterceptor, SAAJOutInterceptor
Date Mon, 10 Aug 2009 15:09:53 GMT

Does your custom element go INTO the security header or go before the security header?

If it's the latter, check the faq:
http://cxf.apache.org/faq.html#FAQ-HowcanIaddsoapheaderstotherequest%25252Fresponse%25253F

That can also work for the former case.   If you add a header with the proper "security" name,
the wss4j interceptor will use the existing security header (and 
add stuff to it) instead of adding a second.


Dan



On Fri August 7 2009 3:42:19 pm R1ch wrote:
> CXF 2.2 and WSS4J 1.5.8
>
> Hello all,
> I have a working webservice configured with WSS4JOutInterceptor to insert a
> signed SAML token.
> Now I'm trying to insert an Element before the signature occurs so that my
> Element is also signed.
>
> I tried two different ways and both are not resulting in what I need.
> ==========================================================================
> 1) did something similar to
>
> public class myInterceptor extends WSS4JOutInterceptor {
>           handleMessage(SoapMessage mc) {
>                     SOAPMessage soapMsg = myElement();
>                     mc.setContent(SOAPMessage.class, soapMsg);
>                     super.handleMessage(mc);
>            }
> }
> this throws an exception, dont have it right now but can reproduce if some
> needs to see it.
> If I place the super.handleMessage(mc); before my code, (before the
> myElement()) there is no error
> but my element is not in the final soap message.
>
> Then I noticed that WSS4JOutInterceptor.handleMessage(SoapMessage mc) has
> if (mc.getContent(SOAPMessage.class) == null) {
>             saajOut.handleMessage(mc);
> }
> So I thought that I can't add SOAPMessage content. so I came up with the
> next try
>
> ==========================================================================
> 2) I did something almost exactly to what WSS4JOutInterceptor has, i.e use
> an internal interceptor
> with phase.USER_PROTOCOL. The WSS4JOutInterceptorInternal is
> Phase.POST_PROTOCOL so i figured
> if mine was before the post it would work.
>
> public class myInterceptor extends WSS4JOutInterceptor {
>
>           final class myInternal implements PhaseInterceptor<SoapMessage> {
>                     handleMessage(SoapMessage mc) {
>                              SOAPMessage soapMsg = myElement();
>                              mc.setContent(SOAPMessage.class, soapMsg);
>                              super.handleMessage(mc);
>                      }
>            }
> }
>
> Well, my element is in the final SOAP message but it is not signed and my
> <BODY> was actually empty
> not what the webservice returns.
> ==========================================================================
>
> So I was going to try and my Element to the message as XMLStreamWriter
> content but I noticed that
> SAAJOutInterceptor.handleMessage(SoapMessage message) replaces that with
> W3CDOMStreamWriter
>
> 1. My first question is how do I get my element signed?
> 2. What is the correct way to add content, is it mc.setContent() or do I
> mc.getContent and add to that?
> 3. What is the pupose of the Message Content Formats?
> 4. When should I use SOAPMessage or XMLStreamWriter or any other format?
> 5. If I put my content in the message for example as java.io.OutputStream
> does it still get added to the final message?
>
> Thanks for your time.

-- 
Daniel Kulp
dkulp@apache.org
http://www.dankulp.com/blog

Mime
View raw message