cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrei Shakirin <ashaki...@talend.com>
Subject RE: Accessing Claims in a client
Date Mon, 14 May 2012 10:28:55 GMT
Hi Dan,

Just additionally tested your case I send slightly modified code to obtain token in your interceptor:

 String id = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
 TokenStore tokenStore = (TokenStore)message.getContextualProperty(TokenStore.class.getName());
 if (tokenStore == null) {
        	EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
        	tokenStore = (TokenStore)info.getProperty(TokenStore.class.getName());
 }
SecurityToken token = tokenStore.getToken(id);
Element tokenElement = token.getToken();

Regards,
Andrei.
 
-----Original Message-----
From: Andrei Shakirin [mailto:ashakirin@talend.com] 
Sent: 12 May 2012 19:15
To: users@cxf.apache.org
Subject: RE: Accessing Claims in a client

Hi Dan,

Basically SAML token is cached in the store inside CXF IssuedTokenOutInterceptor (IssuedTokenInterceptorProvider.java).
This interceptor is called on the phase Phase.PREPARE_SEND.

You should be able to extract token in your interceptor using following code:
	String id = (String)message.get(SecurityConstants.TOKEN_ID);
	TokenStore tokenStore = (TokenStore)message.getContextualProperty(TokenStore.class.getName());
        	SecurityToken token = tokenStore.getToken(id);
        	Element tokenElement = token.getToken();

If it doesn't work, I would suggest to debug CXF IssuedTokenOutInterceptor.handleMessage()
and IssuedTokenOutInterceptor. storeDelegationTokens() to analyse why token was not received
or stored.

Regards,
Andrei.

-----Original Message-----
From: DTaylor [mailto:Dan.Taylor@Merge.com] 
Sent: 11 May 2012 21:27
To: users@cxf.apache.org
Subject: RE: Accessing Claims in a client

Hi Andrei,

The WSS4jOutInterceptorInternal is a package protected class.  I made the PlaceHolderInterceptor
so that I could explicitly say addAfter(WSS4JOutInterceptorInternal), and then have my real
interceptor go after the PlaceHolderInterceptor (basically a quick and dirty test).

According to the iterator over the interceptor chain, my real interceptor is about 4 interceptors
after the WSS4JOutInterceptor and it is in the POST_PROTOCOL phase.  I am unable to acquire
the security context at this point.

I am relatively sure the SAML token was successfully received and accepted by my client, based
upon if I modify the STS to not return one of the claims I am making, the Service rejects
the interaction from the client entirely due to the claim not being present and not being
optional.

There are no errors or warnings in my server STS logs and I get no errors or exceptions on
the client side.

Adding logging to the interceptor I'm writing in the handleMessage method:



My Phase:  post-protocol

this.getBefore() returns:

this.getAfter() returns:
Interceptor: 
org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor.PolicyBasedWSS4JOutInterceptorInternal
Interceptor: 
org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.WSS4JOutInterceptorInternal


--
View this message in context: http://cxf.547215.n5.nabble.com/Accessing-Claims-in-a-client-tp5698187p5704049.html
Sent from the cxf-user mailing list archive at Nabble.com.

Mime
View raw message