cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Freeman Fang <freeman.f...@gmail.com>
Subject Re: get certificate sent in security header to cxf web service
Date Tue, 19 Jul 2011 03:26:02 GMT
Hi,

I think you can take a look at [1] as an example.

[1]https://svn.apache.org/repos/asf/servicemix/components/trunk/bindings/servicemix-cxf-bc/src/main/java/org/apache/servicemix/cxfbc/interceptors/JbiJAASInterceptor.java

Freeman
On 2011-7-19, at 上午6:35, Jaime Hablutzel Egoavil wrote:

> Or at least, could someone tell me how to add a custom interceptor  
> after
> WSS4J interceptor to access the signing certificate of a wss signed  
> soap
> message?
>
> On Mon, Jul 18, 2011 at 1:30 PM, Jaime Hablutzel Egoavil <
> hablutzel1@gmail.com> wrote:
>
>> Hi I have a web service exposed with cxf with this wsdl:
>>
>> <?xml version='1.0' encoding='UTF-8'?><wsdl:
>> definitions name="CXFLibraryImplService" targetNamespace="
>> http://service2.ws.service.kprtech.com/" xmlns:ns1="
>> http://cxf.apache.org/bindings/xformat" xmlns:soap="
>> http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns="
>> http://service2.ws.service.kprtech.com/" xmlns:wsdl="
>> http://schemas.xmlsoap.org/wsdl/" xmlns:xsd="
>> http://www.w3.org/2001/XMLSchema">
>>  <wsdl:types>
>> <xs:schema elementFormDefault="unqualified" targetNamespace="
>> http://service2.ws.service.kprtech.com/" version="1.0" xmlns:ns1="
>> http://cxf.apache.org/bindings/xformat" xmlns:soap="
>> http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns="
>> http://service2.ws.service.kprtech.com/" xmlns:wsdl="
>> http://schemas.xmlsoap.org/wsdl/" xmlns:xs="
>> http://www.w3.org/2001/XMLSchema" xmlns:xsd="
>> http://www.w3.org/2001/XMLSchema">
>> <xs:element name="sayHello" type="tns:sayHello" />
>> <xs:element name="sayHelloResponse" type="tns:sayHelloResponse" />
>> <xs:complexType name="sayHello">
>> <xs:sequence>
>> <xs:element minOccurs="0" name="arg0" type="xs:string" />
>> </xs:sequence>
>> </xs:complexType>
>> <xs:complexType name="sayHelloResponse">
>> <xs:sequence>
>> <xs:element minOccurs="0" name="return" type="xs:string" />
>> </xs:sequence>
>> </xs:complexType>
>> </xs:schema>
>>  </wsdl:types>
>>  <wsdl:message name="sayHello">
>>    <wsdl:part element="tns:sayHello" name="parameters">
>>    </wsdl:part>
>>  </wsdl:message>
>>  <wsdl:message name="sayHelloResponse">
>>    <wsdl:part element="tns:sayHelloResponse" name="parameters">
>>    </wsdl:part>
>>  </wsdl:message>
>>  <wsdl:portType name="Library">
>>    <wsdl:operation name="sayHello">
>>      <wsdl:input message="tns:sayHello" name="sayHello">
>>    </wsdl:input>
>>      <wsdl:output message="tns:sayHelloResponse"  
>> name="sayHelloResponse">
>>    </wsdl:output>
>>    </wsdl:operation>
>>  </wsdl:portType>
>>  <wsdl:binding name="CXFLibraryImplServiceSoapBinding"  
>> type="tns:Library">
>>    <wsp:PolicyReference URI="#SignEncr" xmlns:wsp="
>> http://schemas.xmlsoap.org/ws/2004/09/policy" />
>>    <soap:binding style="document" transport="
>> http://schemas.xmlsoap.org/soap/http" />
>>    <wsdl:operation name="sayHello">
>>      <soap:operation soapAction="" style="document" />
>>      <wsdl:input name="sayHello">
>>        <soap:body use="literal" />
>>      </wsdl:input>
>>      <wsdl:output name="sayHelloResponse">
>>        <soap:body use="literal" />
>>      </wsdl:output>
>>    </wsdl:operation>
>>  </wsdl:binding>
>>  <wsdl:service name="CXFLibraryImplService">
>>    <wsdl:port binding="tns:CXFLibraryImplServiceSoapBinding"
>> name="CXFLibraryImplPort">
>>      <soap:address location="
>> http://localhost:8888/domicilios/services/service2" />
>>    </wsdl:port>
>>  </wsdl:service>
>>    <wsp:Policy wsu:Id="SignEncr" xmlns:wsp="
>> http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> ">
>>
>>    <wsp:ExactlyOne>
>>      <wsp:All>
>>        <sp:AsymmetricBinding xmlns:sp="
>> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
>>          <wsp:Policy>
>>            <sp:InitiatorToken>
>>              <wsp:Policy>
>>                <sp:X509Token sp:IncludeToken="
>> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient
>> ">
>>                  <wsp:Policy>
>>                    <sp:RequireThumbprintReference />
>>                      <sp:WssX509V1Token10 />
>>                  </wsp:Policy>
>>                </sp:X509Token>
>>              </wsp:Policy>
>>            </sp:InitiatorToken>
>>            <sp:RecipientToken>
>>              <wsp:Policy>
>>                <sp:X509Token sp:IncludeToken="
>> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never
>> ">
>>                  <wsp:Policy>
>>                    <sp:RequireThumbprintReference />
>>                          <sp:WssX509V3Token10 />
>>                  </wsp:Policy>
>>                </sp:X509Token>
>>              </wsp:Policy>
>>            </sp:RecipientToken>
>>            <sp:AlgorithmSuite>
>>              <wsp:Policy>
>>                <sp:TripleDesRsa15 />
>>              </wsp:Policy>
>>            </sp:AlgorithmSuite>
>>            <sp:Layout>
>>              <wsp:Policy>
>>                <sp:Strict />
>>              </wsp:Policy>
>>            </sp:Layout>
>>            <sp:IncludeTimestamp />
>>            <sp:OnlySignEntireHeadersAndBody />
>>          </wsp:Policy>
>>        </sp:AsymmetricBinding>
>>          <sp:Wss10 xmlns:sp="
>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>                <wsp:Policy>
>>                    <sp:MustSupportRefKeyIdentifier />
>>                    <sp:MustSupportRefIssuerSerial />
>>                </wsp:Policy>
>>            </sp:Wss10>
>>        <sp:SignedParts xmlns:sp="
>> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
>>          <sp:Body />
>>        </sp:SignedParts>
>>
>>      </wsp:All>
>>    </wsp:ExactlyOne>
>>  </wsp:Policy>
>> </wsdl:definitions>
>>
>>
>> And I want to be able to get the certificate in a custom  
>> intereceptor to be
>> able to pass it to spring security session context.
>> Another thing I want is to be able to override the default  
>> behaviour of cxf
>> trying to validate the certPath, because I want to do this by my  
>> own because
>> certificate aren't in a .jsk keystore but in a database.
>>
>> I have read that I need a second interceptor, but how to set an  
>> interceptor
>> and give it lower precedence??
>>
>> Thanks.
>>
>>
>>
>> --
>> Jaime Hablutzel - 9-9956-3299
>>
>> (tildes omitidas intencionalmente)
>>
>
>
>
> -- 
> Jaime Hablutzel - 9-9956-3299
>
> (tildes omitidas intencionalmente)

---------------------------------------------
Freeman Fang

FuseSource
Email:ffang@fusesource.com
Web: fusesource.com
Twitter: freemanfang
Blog: http://freemanfang.blogspot.com










Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message