cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Kulp <dk...@apache.org>
Subject Re: SpnegoContextToken - Security Token support for CXF
Date Sat, 24 Apr 2010 02:01:47 GMT
On Thursday 22 April 2010 12:34:37 am Ponprathip Aasaithambi (UST, IND) wrote:
> Hi Daniel,
> 
>      I am interested in developing it. Waiting for the pointer to get
> started.
> Can you also please suggest me what other tokens can be used in the
> server side as replacement for SpnegoContextToken?

Well, I don't know much about the specifics of Spnego so I cannot go into a 
ton of details, but the general procedure would be:  (all in rt/ws/security 
module)

1) In org.apache.cxf.ws.security.policy.model, you would need to add a token 
for the SpnegoContextToken which models the token.

2) In org.apache.cxf.ws.security.policy.builder, you would need to write a 
builder to parse the XML policy element into the token created in 1

3) Implement the actual runtime logic.   This falls into one of two types:

a) For something like HTTPS token and IssuedToken and such, that don't realy 
modify the currently processing message, you would write and 
InterceptorProvider and an Interceptor that would handle the processing that 
is required.   It may involve storing stuff in the message or in the endpoint 
that would be retrieved later for additional processing.  (like next bullet)

b) Update the stuff in org.apache.cxf.ws.security.wss4j.policyhandlers to 
support the new token types.

I really don't know which way it would be.implemented for Spnego since I don't 
really know anything about it.

Dan


> 
> Note : Based on my available work bandwidth I will take up this task
> 
> Regards,
> A.Prathip
> 
> 
> -----Original Message-----
> From: Daniel Kulp [mailto:dkulp@apache.org]
> Sent: Wednesday, April 21, 2010 7:24 PM
> To: users@cxf.apache.org
> Cc: Ponprathip Aasaithambi (UST, IND)
> Subject: Re: SpnegoContextToken - Security Token support for CXF
> 
> On Wednesday 21 April 2010 7:00:45 am PonPrathip wrote:
> >   I am trying to create CXF Standalone client to connect to a
> 
> WebService
> 
> > (Server) that have SpnegoContextToken as one of its security Policy.
> > 
> > Please let me know whether CXF API support this Security Token?If
> 
> supported
> 
> > then please let me know how to implement the CXF client to get access
> 
> to
> 
> > the server.
> > Provided below the security binding information on the server side.
> 
> No.   CXF currently does not support SpnegoContextToken.    I'm not
> aware of
> any java solution that does support it right now.   I know Metro
> doesn't.
> Axis2 doesn't.    I'm pretty sure SpringWS doesn't.
> 
> If you are interested in developing it, I'd be happy to provide pointers
> to
> use as starting points.
> 
> Dan
> 
> > Please let me know whether CXF supports the below mentioned security
> > info.If supports then please let me now how to implement the same
> 
> using
> 
> > CXF API
> > 
> > 
> > <sp:SymmetricBinding><wsp:Policy>
> > <sp:ProtectionToken>
> > <wsp:Policy>
> > <sp:SpnegoContextToken
> 
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/In
> clu
> 
> > deToken/AlwaysToRecipient"><wsp:Policy> <sp:RequireDerivedKeys />
> > </wsp:Policy>
> > </sp:SpnegoContextToken>
> > </wsp:Policy>
> > </sp:ProtectionToken>
> > <sp:AlgorithmSuite>
> > <wsp:Policy>
> > <sp:Basic256 />
> > </wsp:Policy>
> > </sp:AlgorithmSuite>
> > <sp:Layout>
> > <wsp:Policy>
> > <sp:Strict />
> > </wsp:Policy>
> > </sp:Layout>
> > <sp:IncludeTimestamp />
> > <sp:EncryptSignature />
> > <sp:OnlySignEntireHeadersAndBody />
> > </wsp:Policy>
> > </sp:SymmetricBinding>

-- 
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog

Mime
View raw message