Return-Path: 
 <users-return-28658-apmail-cxf-users-archive=cxf.apache.org@cxf.apache.org>
X-Original-To: apmail-cxf-users-archive@www.apache.org
Delivered-To: apmail-cxf-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 2039F6DCA
	for <apmail-cxf-users-archive@www.apache.org>;
 Tue, 19 Jul 2011 03:26:52 +0000 (UTC)
Received: (qmail 53490 invoked by uid 500); 19 Jul 2011 03:26:51 -0000
Delivered-To: apmail-cxf-users-archive@cxf.apache.org
Received: (qmail 52911 invoked by uid 500); 19 Jul 2011 03:26:40 -0000
Mailing-List: contact users-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@cxf.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@cxf.apache.org>
List-Post: <mailto:users@cxf.apache.org>
List-Id: <users.cxf.apache.org>
Reply-To: users@cxf.apache.org
Delivered-To: mailing list users@cxf.apache.org
Received: (qmail 52887 invoked by uid 99); 19 Jul 2011 03:26:36 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 19 Jul 2011 03:26:36 +0000
X-ASF-Spam-Status: No, hits=1.5 required=5.0
	tests=FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL,WEIRD_PORT
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of freeman.fang@gmail.com
 designates 209.85.214.169 as permitted sender)
Received: from [209.85.214.169] (HELO mail-iw0-f169.google.com)
 (209.85.214.169)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 19 Jul 2011 03:26:31 +0000
Received: by iwn8 with SMTP id 8so4049962iwn.0
        for <users@cxf.apache.org>; Mon, 18 Jul 2011 20:26:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=message-id:from:to:in-reply-to:content-type:mime-version:subject
         :date:references:x-mailer;
        bh=QeAMoIyNriXwYnhlBwqTIz51B/Jvn00xXEdqUHNQruM=;
        b=eT10zpyThq1+h7mggWa5kfj9MIsAIsYRS7FhQTlJyAlPCkw4/hGvQCijXJmEf1S1FF
         apY9+lHRQb4o70aurcnfgvJKCsUG/8gDyMilp8bSSGtu9J99D2JgtMf7koetFcTGbxq4
         mj/ACYVLtxZgQjqpRkmLtO8m78F21vp4TQewg=
Received: by 10.231.114.92 with SMTP id d28mr6283254ibq.167.1311045970419;
        Mon, 18 Jul 2011 20:26:10 -0700 (PDT)
Received: from [192.168.1.101] ([123.119.249.5])
        by mx.google.com with ESMTPS id x11sm3329617ibd.41.2011.07.18.20.26.06
        (version=TLSv1/SSLv3 cipher=OTHER);
        Mon, 18 Jul 2011 20:26:09 -0700 (PDT)
Message-Id: <C8788B96-897C-419D-92AC-B873AA28907B@gmail.com>
From: Freeman Fang <freeman.fang@gmail.com>
To: users@cxf.apache.org
In-Reply-To: 
 <CAFxNpv9G3WDdZvE3XKZbo04O803BX7MmypJOsGRjW6Gv3t1M1A@mail.gmail.com>
Content-Type: multipart/alternative; boundary=Apple-Mail-2--121203079
Mime-Version: 1.0 (Apple Message framework v936)
Subject: Re: get certificate sent in security header to cxf web service
Date: Tue, 19 Jul 2011 11:26:02 +0800
References: 
 <CAFxNpv9H9uJcOHpHii8z+wLU65DB-GM5KUHojqVDuCc8ZXLs6g@mail.gmail.com>
 <CAFxNpv9G3WDdZvE3XKZbo04O803BX7MmypJOsGRjW6Gv3t1M1A@mail.gmail.com>
X-Mailer: Apple Mail (2.936)

--Apple-Mail-2--121203079
Content-Type: text/plain;
	charset=UTF-8;
	format=flowed;
	delsp=yes
Content-Transfer-Encoding: quoted-printable

Hi,

I think you can take a look at [1] as an example.

=
[1]https://svn.apache.org/repos/asf/servicemix/components/trunk/bindings/s=
ervicemix-cxf-bc/src/main/java/org/apache/servicemix/cxfbc/interceptors/Jb=
iJAASInterceptor.java

Freeman
On 2011-7-19, at =E4=B8=8A=E5=8D=886:35, Jaime Hablutzel Egoavil wrote:

> Or at least, could someone tell me how to add a custom interceptor =20
> after
> WSS4J interceptor to access the signing certificate of a wss signed =20=

> soap
> message?
>
> On Mon, Jul 18, 2011 at 1:30 PM, Jaime Hablutzel Egoavil <
> hablutzel1@gmail.com> wrote:
>
>> Hi I have a web service exposed with cxf with this wsdl:
>>
>> <?xml version=3D'1.0' encoding=3D'UTF-8'?><wsdl:
>> definitions name=3D"CXFLibraryImplService" targetNamespace=3D"
>> http://service2.ws.service.kprtech.com/" xmlns:ns1=3D"
>> http://cxf.apache.org/bindings/xformat" xmlns:soap=3D"
>> http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns=3D"
>> http://service2.ws.service.kprtech.com/" xmlns:wsdl=3D"
>> http://schemas.xmlsoap.org/wsdl/" xmlns:xsd=3D"
>> http://www.w3.org/2001/XMLSchema">
>>  <wsdl:types>
>> <xs:schema elementFormDefault=3D"unqualified" targetNamespace=3D"
>> http://service2.ws.service.kprtech.com/" version=3D"1.0" xmlns:ns1=3D"
>> http://cxf.apache.org/bindings/xformat" xmlns:soap=3D"
>> http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns=3D"
>> http://service2.ws.service.kprtech.com/" xmlns:wsdl=3D"
>> http://schemas.xmlsoap.org/wsdl/" xmlns:xs=3D"
>> http://www.w3.org/2001/XMLSchema" xmlns:xsd=3D"
>> http://www.w3.org/2001/XMLSchema">
>> <xs:element name=3D"sayHello" type=3D"tns:sayHello" />
>> <xs:element name=3D"sayHelloResponse" type=3D"tns:sayHelloResponse" =
/>
>> <xs:complexType name=3D"sayHello">
>> <xs:sequence>
>> <xs:element minOccurs=3D"0" name=3D"arg0" type=3D"xs:string" />
>> </xs:sequence>
>> </xs:complexType>
>> <xs:complexType name=3D"sayHelloResponse">
>> <xs:sequence>
>> <xs:element minOccurs=3D"0" name=3D"return" type=3D"xs:string" />
>> </xs:sequence>
>> </xs:complexType>
>> </xs:schema>
>>  </wsdl:types>
>>  <wsdl:message name=3D"sayHello">
>>    <wsdl:part element=3D"tns:sayHello" name=3D"parameters">
>>    </wsdl:part>
>>  </wsdl:message>
>>  <wsdl:message name=3D"sayHelloResponse">
>>    <wsdl:part element=3D"tns:sayHelloResponse" name=3D"parameters">
>>    </wsdl:part>
>>  </wsdl:message>
>>  <wsdl:portType name=3D"Library">
>>    <wsdl:operation name=3D"sayHello">
>>      <wsdl:input message=3D"tns:sayHello" name=3D"sayHello">
>>    </wsdl:input>
>>      <wsdl:output message=3D"tns:sayHelloResponse" =20
>> name=3D"sayHelloResponse">
>>    </wsdl:output>
>>    </wsdl:operation>
>>  </wsdl:portType>
>>  <wsdl:binding name=3D"CXFLibraryImplServiceSoapBinding" =20
>> type=3D"tns:Library">
>>    <wsp:PolicyReference URI=3D"#SignEncr" xmlns:wsp=3D"
>> http://schemas.xmlsoap.org/ws/2004/09/policy" />
>>    <soap:binding style=3D"document" transport=3D"
>> http://schemas.xmlsoap.org/soap/http" />
>>    <wsdl:operation name=3D"sayHello">
>>      <soap:operation soapAction=3D"" style=3D"document" />
>>      <wsdl:input name=3D"sayHello">
>>        <soap:body use=3D"literal" />
>>      </wsdl:input>
>>      <wsdl:output name=3D"sayHelloResponse">
>>        <soap:body use=3D"literal" />
>>      </wsdl:output>
>>    </wsdl:operation>
>>  </wsdl:binding>
>>  <wsdl:service name=3D"CXFLibraryImplService">
>>    <wsdl:port binding=3D"tns:CXFLibraryImplServiceSoapBinding"
>> name=3D"CXFLibraryImplPort">
>>      <soap:address location=3D"
>> http://localhost:8888/domicilios/services/service2" />
>>    </wsdl:port>
>>  </wsdl:service>
>>    <wsp:Policy wsu:Id=3D"SignEncr" xmlns:wsp=3D"
>> http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu=3D"
>> =
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility=
-1.0.xsd
>> ">
>>
>>    <wsp:ExactlyOne>
>>      <wsp:All>
>>        <sp:AsymmetricBinding xmlns:sp=3D"
>> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
>>          <wsp:Policy>
>>            <sp:InitiatorToken>
>>              <wsp:Policy>
>>                <sp:X509Token sp:IncludeToken=3D"
>> =
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Alw=
aysToRecipient
>> ">
>>                  <wsp:Policy>
>>                    <sp:RequireThumbprintReference />
>>                      <sp:WssX509V1Token10 />
>>                  </wsp:Policy>
>>                </sp:X509Token>
>>              </wsp:Policy>
>>            </sp:InitiatorToken>
>>            <sp:RecipientToken>
>>              <wsp:Policy>
>>                <sp:X509Token sp:IncludeToken=3D"
>> =
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Nev=
er
>> ">
>>                  <wsp:Policy>
>>                    <sp:RequireThumbprintReference />
>>                          <sp:WssX509V3Token10 />
>>                  </wsp:Policy>
>>                </sp:X509Token>
>>              </wsp:Policy>
>>            </sp:RecipientToken>
>>            <sp:AlgorithmSuite>
>>              <wsp:Policy>
>>                <sp:TripleDesRsa15 />
>>              </wsp:Policy>
>>            </sp:AlgorithmSuite>
>>            <sp:Layout>
>>              <wsp:Policy>
>>                <sp:Strict />
>>              </wsp:Policy>
>>            </sp:Layout>
>>            <sp:IncludeTimestamp />
>>            <sp:OnlySignEntireHeadersAndBody />
>>          </wsp:Policy>
>>        </sp:AsymmetricBinding>
>>          <sp:Wss10 xmlns:sp=3D"
>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>                <wsp:Policy>
>>                    <sp:MustSupportRefKeyIdentifier />
>>                    <sp:MustSupportRefIssuerSerial />
>>                </wsp:Policy>
>>            </sp:Wss10>
>>        <sp:SignedParts xmlns:sp=3D"
>> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
>>          <sp:Body />
>>        </sp:SignedParts>
>>
>>      </wsp:All>
>>    </wsp:ExactlyOne>
>>  </wsp:Policy>
>> </wsdl:definitions>
>>
>>
>> And I want to be able to get the certificate in a custom =20
>> intereceptor to be
>> able to pass it to spring security session context.
>> Another thing I want is to be able to override the default =20
>> behaviour of cxf
>> trying to validate the certPath, because I want to do this by my =20
>> own because
>> certificate aren't in a .jsk keystore but in a database.
>>
>> I have read that I need a second interceptor, but how to set an =20
>> interceptor
>> and give it lower precedence??
>>
>> Thanks.
>>
>>
>>
>> --
>> Jaime Hablutzel - 9-9956-3299
>>
>> (tildes omitidas intencionalmente)
>>
>
>
>
> --=20
> Jaime Hablutzel - 9-9956-3299
>
> (tildes omitidas intencionalmente)

---------------------------------------------
Freeman Fang

FuseSource
Email:ffang@fusesource.com
Web: fusesource.com
Twitter: freemanfang
Blog: http://freemanfang.blogspot.com










--Apple-Mail-2--121203079--